Our increasingly connected, always-on world has changed the way we manage most aspects of our lives. It’s not just our cellphone, computer, or tablet that transmits data anymore. Smartwatches, thermostats, refrigerators, televisions, and more are contributing to the rapid growth of the IoT (Internet of Things) even at home. This connectivity and functionality have provided great convenience and opportunity to customize how we live our lives, but as users become accustomed to a myriad of choices for their at-home experience, they also become less cognizant of potential security risks.
That user expectation carries over to the workplace as well. It has become a widely accepted practice for companies to offer users choices in what device they use to complete their work. This brings a diverse array of computers and mobile devices to the office, each with their own requirements for settings, software, and updates. When flexible working arrangements such as BYOD (bring your own device) or work from home are introduced, this can mean even more variance in what devices are connected to the company’s network. This flexibility is crucial for meeting employee expectations and increasing employee retention, but it presents potential new security risks as IoT collides with the Internet of People.
Ensuring each employee’s device has the correct security settings, configurations, software, access, and content needed to complete their work often means that companies invest in more management solutions. Soon, the tools acquired to simplify IT instead add a new layer of complexity, and overburdened IT (information technology) staff struggle to bridge the resulting “complexity gap.” As a result, employees who have become accustomed to provisioning their own devices at home will find a way to get what they need to do their jobs, with or without IT. Unfortunately, they rarely do so with security implications top of mind.
Once users circumvent IT, data may be at risk. That’s not a user problem, it’s a business problem. Data breaches can be devastating and put companies’ futures at risk. As much as this may tempt companies to go back to the “top-down lockdown” approach of endpoint management, that model no longer fits, and employees won’t accept it. To be effective, provisioning must be automated, multiplatform, and user-centric. After all, users don’t go around IT maliciously—they just want to get the tools they need to be productive. This should be good news for today’s lean IT teams, as automation and self-service both make IT the “easy button” for users and ensure proper security configurations are maintained.
In the end, though, securing data isn’t just about managing endpoints; it’s also about effectively educating and empowering end users to complete their work safely and efficiently. By integrating data security training as part of the onboarding process, growing companies can maintain better security whether in a BYOD, remote work, or a more traditional working model. Effectively imaging and deploying devices to ensure proper data security from day one is an essential part of managing security in this new age. Instructing new employees in the proper use of VPNs (virtual private networks) and other privacy settings to connect to business networks has become a common practice and ensures that data remains secure from the moment devices are deployed.
The challenge is to build foundational practices in a company’s IT endpoint management that can adapt to changing technologies. What was new this quarter will be next year’s commonly accepted best practice for securing devices. Building processes now to adapt to the technology and employees of tomorrow is essential to ensure continued success. IoT will continue to grow and the Internet of People will always be with us.