From their familiarity with technology to their eagerness to share information, the generation now entering the work force is wired differently than the generations before it. In fact, it’s more comfortable being wireless. Worry about security? Not a top priority for this group. Policy? What policy?
The millennials, as young adults born after 1980 have been dubbed, thrive on learning about and using the latest gadgets and programs. Most believe in a “no walls” approach and have been labeled risk takers. As a result, one security expert says government and commercial organizations need to start rethinking their approach to ensuring their data security, because simply issuing a policy probably won’t cut it anymore.
The numbers say it all. In a recent Symantec Corporation survey of 400 information technology professionals, 85 percent of the respondents indicated that their companies have policies against downloading/installing software for personal use on work PCs, but 75 percent of the millennial respondents admitted that they have done just that. The survey, which comprised 200 information technology professionals born before 1980 and 200 born after, revealed that while nearly 70 percent of the older work force sticks to using company-issued devices or software for work, less than half of millennials follow this practice. In fact, 69 percent of Generation Y respondents confessed they use whatever application/device/technology they want regardless of the source or corporate information technology policies. In addition, although half of the respondents knew their organization has policies banning applications such as social networking, iTunes, streaming video and gaming applications, millennial respondents confessed that they regularly access these types of applications. Specifically, 75 percent access Web-based personal e-mail; 66 percent often access Facebook/MySpace; 51 percent access personal finance applications; and 46 percent regularly access instant messaging.
According to Samir Kapuria, managing director, Symantec Advisory Consulting Services, if these numbers don’t alarm organizations, they should. As more baby boomers retire, the number of their staff members born after 1980 is swelling. This evolutionary shift tips the balance of staff numbers from a generation that diligently followed policies to one that uses personal devices for business without a second thought.
This demographic swing is creating an increase in what Kapuria calls the “surface area” of an organization’s information technology enterprise. Traditionally, systems administrators have had a handle on what hardware, software, mobile devices and documents existed within their enterprise, giving them some semblance of control. However, as Generation Y-ers come onboard with their backpacks and pockets bulging with laptops, iPods, universal serial bus (USB) drives and multifunctional cell phones, keeping track of who has what becomes much more difficult. “This is where risk changes. An organization no longer has control. It’s the work force that makes the choice,” Kapuria says.
Document tracking is just one example of how choice versus control can impact an organization. In the past, documents remained on company computers. Although millennials also work on documents within the office setting, they are just as likely to put a back-up copy on a flash drive that they take everywhere with them. Because these small devices easily can be lost or stolen—and the company’s intellectual property along with them—organizations must make sure their young employees understand the risk.
But risk of information loss is only one facet of the problem. “Millennials see USB drives as an efficient way to share documents. But if you’re that organization, you believe you have control of a certain surface area. You say, ‘Our information is here,’ but what you don’t see is that it’s also on a USB drive somewhere,” Kapuria explains. When the time comes to destroy these documents, chief information officers (CIOs) believe that the job is done when they go down the checklist of everywhere information is stored and destroy it. Not true when they are totally unaware that this data also resides in an employee’s flash drive, he adds.
Although the generation now entering the work force may be opening up government agencies and corporations to more risk, the news is not all bad, Kapuria maintains. Some believe this generation is the most high-performing work force ever because it is more educated and has access to more information than any generation before it. Millennials are eager not only to learn about but also to use the latest gadget or software program and never hesitate to collaborate with anyone—via the Internet, of course—who has more information or a new approach.
And the benefits to business don’t stop there. Generation Y has been a large driver behind the “consumerization” of information systems once found only within the confines of office buildings. These young adults who grew up with a video game controller in their hands while still sporting a pacifier in their mouths are demonstrating that the consumerization of information technology can actually increase productivity and reduce costs, Kapuria points out.
Awareness of this shifting tide in staff demographics is the first step for CIOs in their quest to secure systems without squelching creativity. Kapuria recommends they first educate themselves about the realities of their organizations’ networks and technology usage.
With this knowledge in hand, they will be able to better determine which new capabilities are safe and useful and which need to be reined in. “For instance, IT [the information technology department] may discover widespread usage of social networks and be convinced of the tremendous value such practice provides from a collective intelligence perspective. But depending on the nature of the business, IT may have to restrict such usage because it may pose too much of a threat to operational success,” Kapuria explains. Creating a similar capability within the organization is a compromise solution, he adds.
Next, CIOs must design a remediation plan based on the impact of new devices, software or services on the enterprise.
With knowledge and a plan in place, CIOs must take on the role of educator and make sure all employees understand established policies. For the millennials, this information dissemination may be a little trickier than in the past, however. Simply issuing a policy won’t do it; they want logical explanations for why certain technologies are not allowed. It will take more coaching and less management. It will require organizations to tailor training programs to the way they think and learn, perhaps through a social networking or mentoring program. “The millennials can be a force multiplier in mitigating risks because they know how to fight risks,” Kapuria states.