March 12, 2012, 6:07 AM — As workers increasingly use personal or company-owned consumer technology on the job, IT managers face an ever-growing challenge -- maintaining control of corporate data as hundreds or thousands of new devices are added to their technology stables.
The use of tablet computers and smartphones -- along with social networks and free online services -- in the workplace is pressuring IT executives to rethink their game.
Analysts and data center managers at IDG Enterprise's Consumerization of IT in the Enterprise (CITE) conference in San Francisco last week mostly advised companies to embrace and control consumer devices rather than fight their use in the workplace .
"If you try to block it, it will go around you," said Dion Hinchcliffe, executive vice president of strategy at Dachis Group, an Austin-based business consulting firm.
Some companies have had to make unpopular decisions to make sure sensitive corporate data doesn't leak from the new devices.
For instance, Hyatt Hotels implemented a policy of wiping data from any personal device used at work if the owner loses it or leaves the company.
Hyatt only started allowing workers to use consumer devices after discovering last year that a corporate rule prohibiting their use was ignored by some.
"We rolled out [Microsoft] ActiveSync and started seeing devices that we knew weren't ours," said Dave Malcom, chief information security officer. "So we said, 'Let's stop burying our head in the sand and start addressing the problem and start securing them.' "
Philippe Winthrop, managing director of The Enterprise Mobility Foundation, said the best way for companies to reap the benefits of consumer technologies, while still maintaining data security, is to implement policies allowing only corporate-owned devices.
"You can't fight the war of consumerization of IT, but you can pick your battles," he said. "It's not about data security. It's about risk management."
Winthrop said that companies should allow employees to choose to use any device they think can help them, as long as the device is owned and managed by the company. That way, it's easier for IT to secure the data on the device.
"They can allow the individual to download Angry Birds, but in a controlled fashion," he said.
Hinchcliffe noted that educating device-using employees on how to keep data secure is as important as developing hardened security measures.
Companies should set simple rules, such as a ban on storing data in the cloud, he suggested. "We have to get into the business of emergent change. We don't want to control it all," Hinchcliffe said.