CIOs, CSOs must evolve with consumerization, BYOD

Instead of locking down the company's IT environment, these C-level executives' mindsets need to change to encourage flexible, productive work styles yet still secure sensitive apps and data.
Written by Ellyne Phneah, Contributor

CIOs and CSOs have yet to evolve to better cope with ongoing enterprise trends such as IT consumerization and bring-your-own-device (BYOD), resulting in inadequately secured backend systems which also hamper employees' productivity.

Kurt Roemer, chief security strategist at Citrix, said it is a "big concern" how CIOs and CSOs are managing their IT environments, given that many are still stuck on old models and mindsets with regard to architecture and management. They do not understand how apps, data and networks are being used by employees to be productive and improve the way businesses can be run, he said.

In an interview with ZDNet Asia Wednesday, Roemer said these C-level executives then try to maintain control over their IT architecture because it has worked for the past decade and not recognize that securing access to corporate data is now more important.

This shift of priorities come about because employees have redefined companies' IT architectures and environments by using their personal devices and apps for work purposes, he elaborated.

However, many organizations still allow employees to have access to a large amount of corporate data without implementing the appropriate security controls, he pointed out. For example, when a new worker joins the company, he or she can easily log in and gain access to all internal and external applications regardless of the person's position or job scope.

"If CIOs and CSOs continue with their existing architecture and plans to make absolutely no updates, then consumerization and BYOD becomes a huge security threat," Roemer said, adding these executives will soon find their roles become increasingly irrelevant.

Beyond BYOD and consumerization, cloud computing is another development that is forcing changes on the part of CIOs and CSOs, the executive said. Cloud services are often not introduced by companies' tech departments but by business units and end users who have been frustrated by existing IT systems.

In this area, though, the CIOs and CSOs are showing signs they recognize the need to balance productivity with security to compete in today's environment, he noted.

Granular architecture, flexible compliance needed
With these trends in the workplace, Roemer called on companies to develop a new business model that embraces both consumer technologies and a mobile work style.

Such an IT architecture must be granular enough to provide controls over mission-critical applications and data, meaning administrators can determine which employee can access these programs while keeping out the rest, he suggested.

Virtualization, for example, is useful for safeguarding sensitive information as it puts a "container" around the data sets, ensuring only authorized users can gain access. It then leaves the rest of the non-sensitive information open to other employees, thus striking a good balance, he said.

Other technologies include authentication and multi-factor access, instead of using passwords to protect the more sensitive information, Roemer added.

Editorial standards