Millennials Don’t Care About Mobile Security, and Here’s What to Do About It


byod_ipad_660

ajleon/Flickr



As if the world hasn’t given Millennials enough flak and attention, a new study is providing corporate IT departments with a reason to fear employees in their 20s and 30s. According to a survey conducted by TrackVia, a do-it-yourself business application platform, 60% of the Millennials “aren’t concerned about corporate security when they use personal apps instead of corporate-approved apps.” 70% of Millennials even admitted to bringing outside applications into the enterprise in violation of IT policies, compared to just 31% of Baby Boomers.


By 2020, 46% of all U.S. workers will be Millennials according to a report from the University of North Carolina’s Kenan-Flagler School of Business. Their growing presence in the workforce will only make this disregard for corporate security more dangerous.


The dilemma is that IT departments feel trapped between implementing IT policies that get ignored and heavy-handed BYOD solutions that alienate employees and provoke even more rogue behavior. This Catch-22 is an illusion – IT actually can establish BYOD security without blacklisting applications or taking over Millennials’ phones. The solution is to separate personal and corporate data using multi-persona virtualization.


Blacklisting Blues


To prevent Millennials from putting corporate data into personal apps, most BYOD solutions try to ‘blacklist’ specific apps. This draconian measure prevents employees from downloading and using specific apps on their own personal smartphone. It’s an impractical solution.


First of all, blacklisting cannot and will not ever be able to keep up with the release of new apps. IT departments do not have the resources to investigate tens of thousands of apps per month.


Second, blacklisting can kill productivity. The TrackVia survey found that nearly 50% of Millennials bring personal apps into enterprises because corporate apps don’t meet their needs. In other words, they’re not trying to play Angry Birds or “Yo” people when they should be working (seriously, there’s an app for saying “Yo”). They’re downloading apps with legitimate business applications.


And this is where blacklisting gets especially messy. According to 2012 data from Zenprise (an MDM solution acquired by Citrix in 2013), YouTube and Skype were among the most blacklisted apps. YouTube, like Facebook, is not just a distraction – today, it’s a key social marketing tool, a library of instructional videos, a news source and much more. Skype, likewise, is a highly efficient and free communication tool for instant messaging and video chat. If IT were to block Skype, Millennials could access an alternative within seconds. Google Hangouts, Viber and Tango, among many other options, provide all the same functionality.


Thus, blacklisting can backfire. Rather than creating security, blacklisting bans useful applications, encourages employees to find alternatives and breeds hostility towards IT. Perhaps this why 69% of Millennials say they never work with IT to select new business apps, according to the TrackVia survey.


Just Secure What Matters


Rather than blacklisting apps to prevent Millennials from jeopardizing security, corporations should need to implement BYOD solutions that balance security with productivity and personal choice. Alone, MDM and enterprise mobility management (EMM) solutions can’t achieve this balance. A multi-persona virtualization approach to BYOD can address security while letting Millennials work the way they like to work.


Multi-persona virtualization creates multiple user personas at the operating system level on a single smartphone. This means a Millennial could have three or more separate personas: one for general use, one for sensitive personal applications such as finance and health, and one persona for professional use. Because personas are separated at the deepest level possible, malware on the personal persona could not get to the professional persona. Yet, a user can switch between both personas in seconds.


Rather than using blacklisting and other draconian measures to secure the entire phone, IT can simply manage the professional persona. IT could, for example, encrypt the professional persona or prevent employees from using Dropbox. Multi-persona virtualization would allow IT departments to manage the context in which apps are used – without controlling what employees do on their personal personas.


Multi-Persona and Millennials


The data from TrackVia suggests that when it comes to technology, Millennials are much more of a do-it-yourself generation than their parents. Most of them can’t remember a world without internet and computers. Their immersion in technology means that they are very capable of finding their own solutions to inefficient processes and business problems. Rather than trying to prevent this activity, IT should be trying to harness it.


After all, a strong indication of what employees need is what they try to do. When Millennial employees download Evernote, that is a sign to IT that their end users want a way to write notes, collect research and access it on multiple devices. Professional, managed personas become a research source for IT departments. By seeing what employees download, they can begin to find and introduce corporate-backed solutions that address demonstrated needs.


Multi-persona virtualization is an opportunity to provide better capabilities while minimizing risk. Rather than fearing or loathing Millennials, encourage them to use mobile technology, and learn from it. Instead of commandeering personal smartphones, use multi-persona to create a security environment that welcomes a variety of apps and persona choices. It’s time we evolve IT security to help Millennials work the way they work best.


Omer Eiferman is the CEO of Cellrox.



No comments:

Post a Comment