Canada’s IT security professionals are coming around to providing a more open IT scenario in the workplace that would allow employees to use their own devices and access social networks, according to a study released today.

Security administrators interviewed in cities across Canada say that taking a “yes” approach as an organization leads to better security than a “no” mindset, according to the 2013 Telus-Rotman IT Security Study. The philosophy being that when employees on turned down on a request to use their shiny new tablet for work, they just go ahead and do it anyway, circumventing company security policies. This ends up creating more risk for an organization.

Related Blog Post: BYOD is not just about mobile devices

But coupling a “yes” attitude to allowing personal devices behind the firewall must come with creating the right policies and educating workers, security professionals say. Otherwise you could find your company has happy, productive workers, but a breached security perimeter. Having a “no” policy coupled with education and awareness of why decisions are made can work for better security, the security pros agreed, but stifle a company’s potential for innovation.

social-blockingThe Telus-Rotman security study takes a qualitative approach this year, adding to previous years of quantitative data being collected. The idea that allowing employees more access to public cloud sites is proven in past year’s data. For example, firms that block social networking sites for security reasons actually saw more security incidents over a 12-month period, according to the 2011 study. Firms that blocked social network sites saw 10.3 incidents on average, compared to 7.2 incidents on average for firms that didn’t block social networking sites.

The study authors recommend organizations take the “yes” approach to security, allowing new technologies to be used in the most secure way possible without impeding on convenience too much.

Source: Telus-Rotman Security Study 2013
Share on LinkedIn Comment on this article Share with Google+
Around the Web
  • Robert Schmidt

    Please send this article to every IT department I have ever worked with. My 20 years of experience with IT departments has been abysmal. Without exception IT departments have been the departments of NO. They have traditionally been mandated to save money without any requirement to provide customer service. As a result they have become fiefdoms whose only real customer is themselves. So when a real customer comes to them with a request that doesn’t fit into the plan they have unilaterally defined for the company the answer is invariably NO, as it would cost more than $0 to do something different. I believe that if IT departments were tasked with providing building security their solution would be to lock everyone out or perhaps only let them get as far as the lobby for fear that they may do something catastrophic if given too much freedom. The notion that IT departments should caterer to the needs of their customers rather than satisfying their own desire for control is revolutionary and I hope it catches on. A man can dream…

  • http://twitter.com/usefulagenda Chris@UsefulAgenda

    This is a great article. It is so true, Think about high school kids, most do what they want, it is sort of the same.