News Stay informed about the latest enterprise technology news and product updates.

'Millennials' buck IT security policies

Resourceful "millennials" do their own thing when it comes to IT, a new study finds. How should the IT establishment respond? Not with yelling and telling, but coaching.

Age matters when it comes to information technology security. A new survey from Symantec Corp. shows what many CIOs are no doubt discovering: Young men and women entering the workforce -- dubbed "millennials"-- are not only less inclined than older employees to draw a line between corporate and personal use of technology, but they will also buck corporate security policies to access information.

The survey shows that millennials -- defined as employees 28 years or younger -- access Web 2.0 applications much more frequently than their older counterparts. According to the survey, for example, 75% of millennials access Web-based personal email at work, compared with 54% of other workers; 66% regularly access Facebook or MySpace, compared with 13% of other workers; and 51 % of millennials access personal finance applications, compared with 27% of other workers.

That's just the tip of the culture shift.

More on IT workers, security
Winning the IT labor battle in the 'age of the worker

IT risk moves higher on security radar, report finds
When asked whether they feel entitled to use whatever application or device or technology they would like, regardless of source or corporate IT policies, 69% of millennials said yes, compared with 31% of other workers. Indeed, 75% of millennials have downloaded software on their work computer for personal use, vs. 25% of other workers -- even though 85% of the organizations surveyed indicate their policies restrict that practice. Millennials also regularly store their corporate data on personal devices: 39% on personal computers, 38% on personal USB devices, 20% on personal hard drives and 16% on personal smartphones.

The survey, conducted in March, is based on phone interviews with 600 employees, 20% of them millennials, 20% "others" and 20% identified as "IT decision makers."

What's security got to do with it?

The proliferation of technology devices and applications, combined with a generation's indiscriminate use of those IT assets, obviously exposes businesses to huge risks -- in data loss, compliance issues, legal implications and so on.

How should the IT establishment respond? Not by yelling and telling, said Samir Kapuria, managing director, Symantec Advisory Consulting Services.

"This is a large volume of people who use these personal technologies," Kapuria said. "Businesses need to ask themselves, 'How do I harness the capabilities of this tech-savvy group while also making sure of eliminating the risks associated with the use of this technology?'"

Businesses need to ask themselves, 'How do I harness the capabilities
of this tech-savvy group while also making sure
of eliminating the risks associated with the use of this technology?'

Samir Kapuria
managing directorSymantec Advisory Consulting Services
Kapuria, who has blogged about the survey, said the first step is to define the risk: how many people use social networks on a regular basis, how many access Web-based email, what applications are being download to your corporate assets, and so on. An information lifecycle strategy designed for data that lives in a corporate environment isn't very effective for data that is sitting on a USB drive, smartphone, home PC or external hard drive.

This is not an easy task. The blurring of the line between personal and corporate control of technology makes it hard to know where "the endpoints" are. "In some areas, the CIOs have no hands and eyes to manage the endpoint, so they need to really rely on their people to manage that risk on their behalf," Kapuria said.

But that brings up another worrisome finding from the survey: a majority of IT managers said they are doing an adequate job of educating the workforce about their companies' policies around technology usage. But only 57% of both groups believe they have been trained. (Eleven percent of millennials said they have been trained, but do not follow policies.)

Kapuria said there needs to be a council of people who understand the mind-set of the millennials and can measure the business's risk level through this lens, then identify the hard and soft skills required to remediate the risk. He suggested the council include the chief risk officer, if there is one, the CTO, CSO, general counsel and operations and human resources staff members.

His other piece of advice: Millennials don't like to be told what to do. They respond better to the boss who "coaches" than they do to the boss who bosses. Training and educational programs should show how the risk of ignoring company policies on technology usage is "everyone's risk, thereby making everyone feel they are part of the solution," Kapuria said.

Millennials under the microscope

The survey from Cupertino, Calif.-based Symantec is hardly the first to look at the work habits of the millennials. Psychoanalyzing the quirks and capabilities of these tech-savvy young workers, as well as their capacity for disrupting the workplace, has become something of a cottage industry of late.

Quick learners, adaptive, creative and tribal, millennials are not looking to employers for help, per se, according to Melanie Holmes, an executive at Milwaukee-based staffing firm Manpower Inc. -- just give them the tools to accelerate and they will manage their own careers. This young cohort feels no special loyalty to employers, being more likely to work at a place for a few years and leave. Some millennials will have four or five careers over their working lifetimes.

Jack Harrington, principal of Atlantic Associates Inc., a Boston-based staffing firm specializing in IT, said millennials are hard-working "but have different demands from other generations." They want flexible work schedules and flexible roles at their organizations, Harrington said. They are not only quick to adopt cutting-edge technology, but they are also turned off by companies that don't offer the latest technology.

And by the way, CIOs aren't the only executives wondering how to manage this collective sense of entitlement. In a recent Atlantic Associates survey of Massachusetts executives, more than half of the respondents said that managing young workers was a top challenge.

Let us know what you think about the story; email: Linda Tucci, Senior News Writer

Dig Deeper on Enterprise information security management

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.