In June 2007 the Gartner Group, concluded a report entitled Consumerization Gains Momentum: The IT Civil War with the following advisory statement:

"Enterprises need to acknowledge the changes that are occurring in IT ownership and use, and find ways to accommodate the expectations and aspirations of their workforce in their IT infrastructure and deployment. The consequences of ignoring these dynamics will be rising dissatisfaction among employees and a growing loss of competitive advantage."

Over the last two years, we have seen the expectations of a new generation keen to use technology such as iPhone, Google applications and social networking sites like Twitter in both their personal and business lives – however many companies have clamped down on this generation by banning many of the applications that they use in their daily lives due to lack of understanding of the technology or lack of understanding of the protection mechanisms in place offered by the suppliers of these applications.

So how can we as security professionals advise our organisations on how best to use Google applications, iPhone and social networking sites like Twitter for their business in a secure manner and avoid the issues of dissatisfaction mentioned in the Gartner report?  One way is to understand the benefits of the products and the security mechanisms already in place.

Why Google Apps?
For example, let’s look at why a tech savvy users and organisations may turn to Google to look after their email. Firstly Google’s Cloud based messaging and collaboration application suite requires no internal hardware or software with minimal administration. This creates tremendous time and cost savings for businesses as businesses are no longer burdened with issues of email management, spam, backup and upgrades. With the premium edition providing 99.9% uptime, service level agreements, and phone customer support. Google also provides MX record hosting so businesses can have their own email addresses instead of Google's as well as hosted security and archiving services through their Postini services.

The free version is funded by the placement of advertising which has raised some security concerns. Gmail does not include graphic advertisements on their pages, however they do place subtle advertisements based on the text of your emails on the right hand side of the page. Computer bots scan your messages and place ads that might be relevant to you. Google insists human eyes never see your messages. Gmail’s security includes spam, virus and phishing protection. All spam is filtered into a spam folder that allows you to separate the good from the bad. Incoming and outgoing messages are scanned for known viruses, and suspicious messages that look like phishing scams are flagged with a big red banner across the top of the message. The premium paid for edition has all the security features but does not use Computer bots to scan messages for advertising purposes.

Mobile Integration
Consumer products like the iPhone make a compelling partner product to Google apps as the new mobile Gmail browser released in April 2009 allows access to email, calendar, task and documents all in one place. Additionally, the new OS3 iPhone software [released in June 2009] brings more advanced features like Push notification, remote wipe of data and location of lost phones through the MobileMe cloud service.

Summary
The flexibility that cloud services like Google provide with Gmail, Calendar and Documents is essential for executives on the move. Having all this information in one place, accessible from any browser and many mobile phones is a clear advantage. An advantage that outweighs any minor concerns they may have over downtime and loss of data. As IT professionals we need to be able to meet our customers half way by supporting their use of these devices. By working with them we can actually provide more control by encouraging adherence to information systems policies that:

• enforce PIN protection of phones/PDA’s
• prevent classified company data from being posted to Google docs or sent by unsecured email
• encourage staff to seek advice in an open way by proactively discussing consumer device use

As Gartner encouraged, security and IT Professionals should find a way to enable today’s young talent rather than frustrate them. We can do this by looking at these consumer tools as a method of helping our organisations become more competitive and by having systems in place to ensure that these tools are used safely and are compliant with our Information Security policies and procedures.

References
Richard Gough:In Depth Review of One Use of iPhone in the Cloud
More Articles from Richard Gough