Robert Stroud, CGEIT, vice president of service management and governance at CA Technologies and vice president of ISACA, has written an article on the double edged sword of the ‘digital native’.
Not much more than a decade ago, a great many of us—of a certain age—realised that we were explorers aboard an intimidating vessel, bound for the unfamiliar shores of Technologia. When we arrived at the coast of this unexplored land and beached upon its golden sands, the hope and opportunity was palpable. Alas, it was not to be the paradise for which we had hoped. Many of us could not penetrate the hinterlands of this unexplored world and we would have surely given up if it were not for the partnerships formed with the indigenous tribes—the ‘digital natives’.
The digital natives range from 18-30 in age (commonly referred to as Generation Y or Millenials) and have grown up riding the wave of new technology. Surfing the web, mastering new gadgets and absorbing every new breakthrough like sponges, these technophiles are the target group for the consumerisation of IT.
The result of this consumerisation means that organisations are faced with an influx of employee-owned IT that operates outside the workplace security perimeter; pair this with the use of work devices for personal use, such as shopping online and the use of social networking sites, and the security issues become apparent.
Being able to multi-task with social media, texting, email, Twitter and more, the digital native simultaneously works across a wide variety of technologies, increasing the chance of compromising security. The secret to effectively harnessing the savoir-faire of these employees is the greatest challenge to business today. While their ability to adapt to new technology makes for a versatile workforce, the ease with which they use these various platforms and devices also becomes a problem. The line between work and play, and thus the security perimeter, becomes blurred, as it is a line that employees shift according to their activity at any given time.
A recent survey conducted by IT association ISACA, on online shopping at work and workplace Internet security, yielded some worrying statistics with obvious implications. The survey found that adults between the ages of 18-34 are:
•More than twice as likely to shop online using a work-supplied computer, tablet or smart phone (39%) than older adults (16%)
•More unsure (36%) of their company’s policies towards online shopping at work, compared to the general population (25%)
•More inclined to use their personal computers for business (56%) than older adults (47%)
•Slightly less likely to use secure browsing technology (62% vs. 64%)
Despite being technologically proficient in terms of using the various devices, it would appear that security is of a periphery concern at best to the digital native. Many of those surveyed assumed that their IT department handled security at work, which might explain the sometimes reckless behavior of certain employees, including opening e-mails of unknown origins and clicking on suspect links; using work e-mail for online shopping; or registering to sites that require a login—all of which could lead to compromised security. This behavior opens the door to social engineering, phishing attacks, malware and information breaches that can cost companies millions and inflict severe damage to their reputation.
To prevent the natives from becoming a threat to Technologia, an agreement between the natives and organization chiefs must be reached. The key to this understanding is to adopt an “embrace and educate” approach. Of course a company could take the autocratic position of banning any personal activity and personal devices in the workplace; however, this approach would be detrimental to productivity and nearly impossible to implement. By educating their employees about the risks posed by a laissez faire attitude toward IT security, both at the personal and organizational level, companies can harness the versatility and knowledge of the digital native—a significant asset to the organization— whilst simultaneously improving their security.
During the holiday season, when employees are using the Internet for personal use at a higher rate than ever, be sure to remind them that security is everyone’s responsibility—not solely the domain of the IT department. A realistic and organization-wide approach to IT security and governance is the best possible way to protect company assets. Technology changes quickly, and enterprise leaders must stay abreast of its advances. Harness the knowledge of the digital natives, and learn from their skills; soon, you will be so familiar with the new land that you’ll be mistaken as a native of Technologia as well.
About the firm
CA Technologies are among the exhibitors at Infosecurity Europe 2011 from April 19 to 21 at Earls Court, London. For further information visit –
