Why IT Needs To Change for Gen Z

An anonymous reader writes "Staff will routinely be bringing their own devices to work in five years time, according to IT industry experts in the UK. Some companies might already allow a few iPhones and iPads, but CIOs and businesses are not only going to have to support a general influx of consumer kits — they're going to need to get a whole lot more relaxed in general. 'Big businesses are going to have to become more flexible about how IT is provisioned and managed — to enable a new generation of workers who use consumer technologies to communicate and be productive.'"

Not where I work...

[Frosty+Piss]

Staff will routinely be bringing their own devices to work in five years time, according to IT industry experts in the UK

Not where I work. Seriously, a *LOT* would have to change - like a move away from Windows networks, and that's not going to happen (sorry).

Re:Not where I work...

[Tarlus]

A [insert OS here] computer managed by competent IT staff is likely to be far more secure than an an unmanaged [insert same OS here] computer brought in from the outside.

Yes, even Windows.

Re:Not where I work...

[klubar]

I second this thought. Remember, that's why they call it work. If employees want to update their facebook status, chat with friends, shop or goof off, I believe that's what they call leisure.

Re:Not where I work...

[GunFodder]

How does your company attract and retain talent with such draconian policies?

Re:Not where I work...

[adamofgreyskull]

A person can be a perfectly competent bookkeeper, accountant or any number of other things and yet not be competent (or diligent) enough to keep their machine virus-free.

Re:Not where I work...

[thenetbear]

I'd assume the same way most companies retain employees: through the regular disbursement of paychecks and employees who fear the loss of said. Most companies see a "talented" employee as one who performs adequately and follows the rules.

Not on my watch

[nurb432]

Bringing in non-managed hardware would be a security and support nightmare.

its one thing allowing a personal phone to hit your email server, ( since connecting to them often means you get some control, such as remote wipe and its no worse than offering webaccess to mail ) but its a far different issue letting people bring in their personal computers and expect to have them on the network.

No thanks.

Re:Not on my watch

[Opportunist]

Pretty much what I was thinking.

Ask your CSO/CISO what he thinks of that idea and tell me how long it took him to regain composure. Any security conscious company will monitor what machines are connected to their network and refuse "unknown" machines entry, they might get assigned a different network segment or nothing at all, but certainly these machines that are not under my (read: company's) control will NOT gain any access to anything. Even assuming that the owner isn't trying to "steal" anything, who tells me that nothing on the machine is, unbeknownst to the owner?

You really expect a company to trust its employees to keep their computers clean? Companies that don't even trust their workers to actually, well, WORK when they're at work but feel the need to monitor their presence, behaviour and time on the can?

Right! Who is responsible for security?

[khasim]

It SHOULD come down to a simple business decision.

Is the advantage of adding those devices going to bring in more revenue than the extra effort and lost/compromised data is going to cost?

Re:Right! Who is responsible for security?

[speculatrix]

I agree, but it's not just the revenues and cost, it's as much about securing the safety of the business's data (and their customers), and demonstrating a duty of care in the handling of that data. In some case there may be a legal requirement effectively preventing ANY use of the corporate network by the invididual.

Computers provided by the employer should be seen as tools for the job, owned and operated by the employer solely for the benefit of the employer's business.

If that laptop computer is owned by the business, the business can:

• deny the user admin rights
• install only the required applications and deny unnecessary applications (e.g. flash plugins, itunes etc)
• set up whole disk encryption
• install an anti-virus toolkit and ensure it is up to date
• enforce the use of VPNs and proxies for any internet access
• confiscation of the computer for any reason, such at the moment of job termination

Many of the above actions are difficult or impossible if the employee uses their own laptop... unless the laptop is simply a thin client, but even then a key logger would be a security risk.

There is already a big problem with people storing confidential information on laptop computers which leave the workplace. How this can be controlled if staff use their own?

Why Gen Z Needs To Change for Work

[Bloodwine77]

Sorry, no matter what the generation, they should not be allowed to bring more attack vectors and security vulnerabilities in to the workplace.

They are not special snowflakes, and their personal devices are not necessary for productivity.

Businesses where mobile devices are useful and helpful should already have their infrastructures designed to handle it, so again Gen Z will make no difference.

Re:Why Gen Z Needs To Change for Work

[St.Creed]

So your CEO walks in with his new iPhone and wants to access his mobile reporting solution. The one containing all his sales information. You're telling him he can't?
And if the CEO has it, his underlings will have it a few weeks later. They still outrank you. You're going to tell them they can't have it? And when all the managers have it, how long will it be before EVERYONE has access?

Seriously: start preparing, because the tidal wave is coming. It is already happening. 17% of companies now have a "bring-your-own-device" policy in place (a quote from 2 weeks ago by Claudia Imhoff, she spoke at a BI-event I was at). Some provide a choice: company laptop with maintenance or your own device but you do the maintenance. This will grow rapidly.

Philips was migrating to this policy about 5 years ago. Big companies I'm working for are already preparing for that transition. The ones who are not, will find it very hard to satisfy their interal customers. They will also find retainment of new workers a big problem.

Ofcourse this is difficult: it is most difficult for those companies that still have software in place with dedicated clientsoftware, beyond MS Office. Companies (like a few where I worked) that started moving away from that and to webbased apps, are in good position to actually profit from this move.

Re:Why Gen Z Needs To Change for Work

[fyonn]

yeah, I've heard this thing several times over the last year. all these "innovators" talking about how the next generation of "digital natives" will need to work on their ipads while posting everything on facebook and twitter, but I just don't get it. Why? I don't think the average work environment is so short of people as to be that desperate.

In fact, my place is in the middle of cutting costs by 40%, so why would they then bend over backwards massively changing internal policy and introducing risk to attract inexperienced, self entitled oiks who by their own admission, want to spend most of the day on facebook rather than actually doing any work?

Thing is, the company is the one paying the bills, and taking the risks. Where is the business advantage to most businesses to do this? I admit that some more specialised industries that regularly take high skilled graduates may want to do this, but for most industries, i don't see what they'll get out of it?

dave

Re:Why Gen Z Needs To Change for Work

[PC+and+Sony+Fanboy]

Sorry, no matter what the generation, they should not be allowed to bring more attack vectors and security vulnerabilities in to the workplace.

They are not special snowflakes, and their personal devices are not necessary for productivity.

Businesses where mobile devices are useful and helpful should already have their infrastructures designed to handle it, so again Gen Z will make no difference.

Sure, you tell the salesman who brings in 150k of business a week for your company that he can't use his new toys to keep track of his contacts. He talks to his boss about the fat guy in IT that drains company resources by depriving him of valuable tools. And then reminds his boss that he makes all the sales that actually pay for IT to exist.

See how long it takes to change policy. Unless you're in non-profit or government, the folks making the money are the folks calling the shots.

Re:Why Gen Z Needs To Change for Work

[Gonoff]

You're telling him he can't?

Absolutely! Recently,my manager was on holiday and our director walks into the room with a small Android phone and said "Can you connect the new chairmans smartphone to the hospital network?" It was not a request.

I was able to go up and say "No" without any qualms. I think the lady on the HelpDesk might not have felt so free to do this. I have previously given similar replies to new directors, doctors and (medical) consultants. It requires me to be able to quote the official policies. That is part of my job.

No, I am not a manager. I do not wear a suit to work. I do not even wear a tie. I am the guy who fixes things. Telling people that they cannot connect their own iphone, netbook, fondleslab or USB toy to a corporate network is basic security. If you have no confidential data to look after perhaps the thought of virus, trojan or spyware ridden systems connecting up to your network does not worry you. If 17% of companies have nothing they need to protect, that is up to them.

Re:Why Gen Z Needs To Change for Work

[Bacon+Bits]

Sure, you tell the salesman who brings in 150k of business a week for your company that he can't use his new toys to keep track of his contacts. He talks to his boss about the fat guy in IT that drains company resources by depriving him of valuable tools. And then reminds his boss that he makes all the sales that actually pay for IT to exist.

See how long it takes to change policy. Unless you're in non-profit or government, the folks making the money are the folks calling the shots.

If this is the kind of response you're getting when you say "no," then you're not very good at the human side of IT.

In most large organizations I've worked at that have had a functioning IT department, there is a CIO or technology manager whose job it is to listen to both the requests made by employees (especially those made by supervisors and executives) and then listen to the issues presented by the IT personnel who understand the technical issues. This person will then make a decision based on the benefits to the company and the costs and risks (and laws) which impact the business. They then formulate an answer, and present it in such a way that those who disagree with it (either IT or the requester) understand why the decision is what it is and why it must be the way that has been decided. In a well run organization, this IT manager understands that part of the responsibility of IT is to protect the business from employees and to protect the IT employees from compromising situations. In an idea situation, the CEO will back the CIO when questions about technical decisions arise.

In the situation you present, I would say "Additional services often require additional infrastructure and require additional time to maintain and service. I do not know enough about this specific technology, and I would like to investigate it for you and determine what our business needs will be. It would be irresponsible of me to set this up without fully understanding exactly what it's going to do. I do not want to risk not being able to fix it if it doesn't work or if it has problems in use."

Usually the response will be "But I just [...]" or "It's only [...]". Some people interpret this as being told what to do by someone who doesn't understand the job. That line of thinking, however, is fueled by ego and leads towards conflict. For my part, I just think they're trying to talk you out of saying "no." People are conditioned to think that if they don't hear "Yes I'll do that immediately" then the answer is "no." I try to answer "I understand why you want this done. I can see the benefits. I just want to make sure that I can do it right so you can actually reap those rewards."

At this point you're being really reasonable. People are also conditioned to accept a reasonable response, because they know that being unreasonable is likely to harm them more than anything else.

This gives you something you need: time. Time to build evidence for your case. You can collect the details of what would be required and what the costs would be (including additional infrastructure and additional personnel if there would be a lot of support). Now when you say "no" you have evidence for why your answer is the correct one, and if they say "do it anyway" you can show them what you need (which, again, is reasonable). Without evidence and documentation, you're just butting your ego against the executive, and that doesn't work when you start in a subordinate position. It's very difficult, however, for any person -- no matter how unreasonable -- to continue to flatly argue when you can show them a document which lists the costs in time and money you will require.

On some occasions, you will meet people who start out butting ego. Regardless of what you say or how reasonable your response, they will not be happy. They will continue to state that their request is really quite simple and extremely important, and will ignore anything you say that doesn't meet with their demands. From your

Re:I don't think so

[Arterion]

"It doesn't matter what generation anyone belongs to -- you'll do things the way the employer wants them done, or you won't be employed."

This is not true, nor is it ideal. If a whole generation of people, or even half of that generation, is willing to continually break the rules to use their own devices, employers cannot commence with the wholesale termination of half their labor force. Production would grind to a halt. There would be economic turmoil.

No, if they're smart, employers will find a way to use the workers own technology as free capital.

This is not only a shift in technology, but a whole generation of people communicate differently! Every new mode of communication has been disruptive of the previous: post disrupted the courier, telegraph disrupted post, telephone disrupted telegraph, electronic mail disrupted all the previous, and now we have technologies to send visual as well as text along (PDF attachments, for example) that have disrupted hitherto necessarily paper documents -- are we at all surprised that text messaging, twitter, and facebook should disrupt elements of previous forms of communication?

This is not a question of "what will employers allow" but rather "how do people communicate".

A couple of things there.

[khasim]

The ones who are not, will find it very hard to satisfy their interal customers.

There aren't any "internal customers" because the concept of "customer" contains the element of "choice". If you don't like the service, you go to a different vendor. Internal departments do NOT have that option.

They will also find retainment of new workers a big problem.

The implication being that those "new workers" will be worth the additional considerations. I'm sure you can find enough skilled workers who do not demand that you support their personal electronics.

Seriously: start preparing, because the tidal wave is coming. It is already happening.

As can be said with most fads and bubbles. The question isn't whether it will be happening but whether it will be a new requirement. Or will it happen and then fade as the security issues become evident?

Companies (like a few where I worked) that started moving away from that and to webbased apps, are in good position to actually profit from this move.

Who cares about the software? It's the data that is important?

Ofcourse this is difficult: it is most difficult for those companies that still have software in place with dedicated clientsoftware, beyond MS Office.

It's about the data, not the software.

Losing credit card info is a problem.

Getting Excel running on your phone is not an issue.

So your CEO walks in with his new iPhone and wants to access his mobile reporting solution. The one containing all his sales information. You're telling him he can't?

That depends upon the situation. Do you have read-only access via a secured web site?

What does he REALLY want to accomplish?

He is the CEO. But that just means that he is the CEO.
You can always find a new job.
It's easier to find a new job while you're still working.
Rather than AFTER you're fired because the company hits the papers for losing credit card info because of how you put a hole into your security for the CEO.
And you know that it will be YOU who is fired first and blamed for not keeping the place secure enough.

Re:I don't think so

[HornWumpus]

The thing about kids is that they are never even half of your workforce and their are usually plenty more where you found the ones you've got now.

The ones that can't get over facebook make good waiters/waitresses.

Employers only need to deal with one year of new hires per year.

On the other hand if a companies business model is 'Facebook/twitter users are stupid attention whores, we separate stupid people from their money.' their might be value in allowing work access to facebook and twitter.

The users have to change too

[DarkOx]

I work in IT security and I have been told in no uncertain terms what my job is by upper management.

They don't want to find themselves having to put something in the notes to the financials that our trade secrets have leaked, or that our competitors no our costs. They don't want to be embarrassed and have to apologize for leaking customer data. We are a manufacturing company we sell tools to professionals they expect us to be professions as well as look it. Management does not want to look like Sony.

I don't get off on saying "no" to people. I really don't but if I let a device be connected to the network I have to be able to know DLP policies are being followed. That means I probably have to have more control over your toys than you want me to have, or you have to settle less than great experiences. No you can't read e-mail on your IPhone APP, you can use Citrix to read it in Notes via your IPhone, and yes that probably is to painful to be worth while. We can't afford a large cached copy of your mail file to be sitting on a device you might lose which *may* be recoverable by its next possessor.

Your personal laptop, certainly if you let me put our full disk encryption software on it, and our endpoint policy enforcement tools and only IT Security gets root. You won't like that though, and I know it. Trouble is I don't have better solutions.

Re:Depends

[Osgeld]

Agreed, it became a issue at my workplace with the guys on the warehouse floor, they are moving large heavy objects while operating forklifts while constantly texting. You cant get their attention cause its also jacked into their ears for MP3, and if you ask them a question they cant tell you what they did 5 seconds ago cause they are totally unfocused on their 1 simple task.

Starting Monday if we see a celphone on the floor your gone, period.

Re:I don't think so

[DarkOx]

This is not true, nor is it ideal. If a whole generation of people, or even half of that generation, is willing to continually break the rules to use their own devices, employers cannot commence with the wholesale termination of half their labor force. Production would grind to a halt. There would be economic turmoil.

No they won't engage in wholesale termination they will identify a few people they don't like for whatever reason that was not really good enough to justify firing them before, and make a lot of noise like "John Doe" was insubordinate and violated or policy. The rest of you are on notice!

And the rest of em will realize that the job market is still tough and getting caned because "I could not respect my employers desire for me not to have my IPad on their network is kinda stupid. " Much better to keep collecting that check every two weeks so I can buy toys to play with at home.

unsurprisingly, administrivia goons don't get it.

[petes_PoV]

Riiiight - just like the quality control guys are a cost centre, and the safety standards people, too.

IT people are the guys who keep the baddies out of the COMPANY network, the one that you want to connect all your little toys to. They're the ones who are charged with producing the most stuff from the least money, which requires common standards so they don't have to spend hours or days trying to work out why some manager didn't/couldn't read the 1-page of instructions with his/her latest trinket and set it up wrong.

The point is, we all work for the shareholders and they don't care if you want to use your latest little phone to access stuff. They want the lowest cost of operation, the fewest number of lawsuits for data loss and data thefts and they don't want different individuals craching their company on a daily basis just so they can show off some new status symbol.

Security is going to get tighter, no laxer

[syousef]

My observation has been in the last 5 years security has become tighter and that there has been increased security. I use to be able to plug in my own laptop most places I worked. No longer. I use to be able to use social network sites and external email. Not for a few years now. Everything is getting locked down from SVN repositories to databases. Development environments including. Even developers are losing admin access on their own machines. If anything this trend is accelerating. I don't know what the person writing the article is smoking.