Balancing Generation Y preferences with security

As young adults who grew up on e-mail and online chat enter the workforce, they bring with them a set of newer technologies designed for rapid-fire communication and workplace personalization. Much of this technology may represent better, faster ways of getting a job done, but it also introduces a new round of security threats for corporate networks; and the decision to allow them or not must be made carefully.

These technologies --personal gadgets like MP3 players, thumb drives, cell phones and PDAs; real-time communication technologies like instant messaging and text messaging; and social-networking Web sites like Facebook and MySpace -- are part and parcel of the young workforce today, experts say. Called Millennials or Generation Y, this group is defined loosely as having been born between 1977 and 2002, and totals 70 million Americans -- a large percentage of whom are bound to have one of the 100 million iPods sold to date in their pocket.

Many Generation Y technologies may offer an improvement over today's status quo -- an instant message or text message is likely to get the recipient's attention more quickly than an e-mail that sits waiting to be checked in an in-box -- but they can introduce serious security threats to corporate networks, according to some security vendors.

For example, "the newer forms of attacks take advantage of Web sites with rich content and features: AJAX-enabled applications, embedded JavaScript, etc. These aren't really new technologies, but they're more pervasive now," says Paul Ferguson, network architect at Trend Micro. "And with components like Google Maps, where the processing is done on the PC instead of on the Web page, criminals are exploiting that avenue of content delivery. The ability for Web 2.0 applications to deliver that content is a Catch-22, because it also can allow you to be exploited."

For security professionals, it may seem that the prudent thing to do is to disallow the use of this kind of technology in the workplace: blacklist non-business-related Web sites; ban handheld or pocket devices from the workplace; require employees to use company-issued and maintained laptops, PDAs and cell phones. After all, as many as 40% of employee Internet activity is non-work-related, according to IDC.

Experts warn, however, that such stringent policies can have a negative effect on the workforce and its productivity, as well as the company's ability to attract and keep valued workers. "It's part of the way young employees have grown up, part of what they expect," says Tony Kerns, deputy managing partner with Deloitte & Touche. "The global pressure on the workforce right now is huge; people are drawn all over the world by great, interesting offers that are not just money but also a lifestyle."

Earlier this year, security vendor MessageGate, which makes e-mail management software and was spun out of Boeing in 2003, conducted a series of roundtable discussions with senior IT professionals and young adults entering the workforce to try to understand the issues around Generation Y technology.

One thing MessageGate learned is that younger workers' preferences for newer technology often can be good news for an organization's IT department, according to Robert Pease, the company's vice president of marketing.

"When [older workers] first entered the workforce, we could communicate with each other over via e-mail, and there was a big blurring between business and personal," Pease says. Today, young workers would rather communicate with each other via text messaging or postings on Web sites, and are less inclined to misuse the corporate e-mail system with personal messages, he says. "There's a bit more discipline around corporate communications today. The bad news is, how do I control" the other channels of communication?

One risk manager at a large financial-services company who asked not to be named sees the value in providing employees with a flexible work environment, but says that flexibility must be accompanied by well-defined policies and layers of security technology. "Whenever employees are given flexibility for their hours and environment, you'll definitely have a happier, as well as more productive workforce," the risk manager says. He adds, however, "you need to specifically define parameters for what is and is not allowed in your policies, and spell out what will be the result of any violations."

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

• Bookmark this page
• Share this article
  •  
  • facebook
  • slashdot
  • digg
  • Reddit
  • stumbleupon
  • linkedin
  • twitter
• Got more on this story? Email CIO
• Follow CIO on twitter

• Share
  Share this article

  •  google+
  • facebookfacebook
  • slashdotslashdot
  • diggdigg
  • RedditReddit
  • stumbleuponstumbleupon
  • linkedinlinkedin
  • twittertwitter
• print
• email
• Bookmark