June 14, 2016
June 14, 2016
Contributor: Kasey Panetta
Stop fighting shadow IT and create an environment that holds employees accountable for their mobile use and app development.
When companies consider mobile security, they often look to technology as the problem or solution. However, people may pose the bigger problem.
“The majority of challenges are not technical, they are human factor challenges,” says John Girard, vice president and distinguished analyst at Gartner, in his session on the State of Mobile Security at Gartner Security & Risk Management Summit 2016.
With the advent of the bring your own IT (BYO IT) world, companies face an interesting challenge: How do you stop employees from creating their own applications when the company doesn’t own the hardware?
“This is the state of mobile security. People will do what they want because they own the devices and they have their own ideas,” said Mr. Girard. “BYO will not stop — it’s going to continue to migrate. BYO IT doesn’t just mean device, it means apps and databases. IT is becoming a tool that every person owns.”
While this migration presents challenges, it also offers the opportunity to deputize your employees and enable everyone to become a responsible, creative and autonomous developer. Mr. Girard noted that it’s time to usher in the new age of citizen IT.
According to Gartner, by 2020, at least 70% of large enterprises will have established successful citizen IT development policies, up from 20% in 2010.
By design, mobile devices may be easy to manage, but what isn’t easy to manage is how employees will use those devices. They may make mobile security mistakes that enable hackers inside the enterprise, particularly if the company fails to create a framework in which they can safely operate.
In environments where citizen development projects are not regulated, people will use small systems by companies that may fail or apps that aren’t supported. Or, they may use apps tested by people who don’t have the proper education to know whether the apps are safe or recommended, said Mr. Girard. Further complicating the issue is ownership. If an employee develops an app outside of work, but then uses that application during the day, who owns it?
“Employees will do as they please,” says Girard. If you declare citizen IT illegal, people will do it anyway, but if you declare the process legal, you can license and supervise the programs employees are creating and using.”
One obvious solution might be to ban individual development or require everyone to use company phones, but the solution that works is to encourage employees to take responsibility for the apps they create for their use. In other words, stop fighting shadow IT and create an environment that holds employees accountable while allowing them to use apps that make sense.
IT policies can’t stop users from using their own apps, but they can provide an avenue for the creative and energetic expression by employees, said Mr. Girard. Businesses should pay attention to citizen IT and set rules and resources to encourage people to do a good job when creating apps.
Connect with the world’s leading security and risk management leaders with Gartner experts to establish an agile security program and deliver business value.
Recommended resources for Gartner clients*:
Cybersecurity at the Speed of Digital Business, by John Girard, et al.
*Note that some documents may not be available to all Gartner clients.