Millennials are taking over the world. That’s the impression you’d get from the headlines, anyway. All day long we’re told about the expectations and behaviors of the rising generation and their implications for IT, from BYOD and work-anywhere policies to shadow IT.
In reality, the enterprise workforce isn’t undergoing a wholesale replacement of “older” workers with the under-35 set; rather, millennials are taking their place as one of several generations in the workplace, alongside Generation Xers and baby boomers.
That’s an important point for IT to keep in mind, especially when it comes to security. Designing your data protection strategy too narrowly around millennials overlooks significant differences in behavior — and risk — among the generations in your organization.
- Unsurprisingly, millennials and Gen Xer are seen by IT and security professionals as the most likely to be careless or negligent about following security policies (26 percent and 30 percent of respondents, respectively, compared with 16 percent for baby boomers).
- Millennials (39 percent) are seen as more than twice as likely as baby boomers (16 percent) to use unapproved apps and devices.
- In contrast, baby boomers are seen as the most susceptible to phishing and social engineering scams (33 percent) or the most unaware of how to protect sensitive and confidential information (30 percent).
Clearly, no one technology or approach can ensure data protection across such a broad mix of risk factors. Make sure your security toolbox has everything it needs to enable multilayered security and flexible control, including the following five essentials.
1. Contextual Identity and Access Control Are Critical
As people work in more ways, your security rules need to reflect the user’s role and task at hand, as well as current device, location and network.
Your business needs to provide appropriate contextual access to business information rather than restricting productivity with overly broad policies based on the highest-risk scenario.
For example, you may choose to let users within the corporate network access a Software as a Service app natively but route users of the same app outside the network to a virtualized environment instead.
Conversely, it can be a good idea to automatically prevent employees from running unauthorized apps over the company network. More granular controls can include limiting which apps people can use to open email attachments. In every context, multifactor authentication is crucial to reduce risk from a stolen (or reused) password.
Given the tendency of some users to ignore or contravene security policies, it’s important to make the security experience as convenient and transparent as possible. Single sign-on is one way to do this. You can also use security software to automate policy enforcement, such as encrypting business data on mobile devices by default and analyzing endpoints before allowing them to connect to business resources.
2. Make Network Security Pervasive but Streamlined
The growing role of mobility and remote access in the enterprise — yes, especially among millennials, but across all generations to some extent — can make it all too easy for attackers to penetrate your network and steal data or wreak havoc.
To allow full productivity everywhere and on any device your users choose, it’s important to allow people to connect securely from wherever they’re working, whether at home, in a café, on the road for business, overseas or anywhere else, without making them learn a lot of different access methods.
At the same time, though, you have to be able to maintain the kind of contextual security described in the last point. Unifying and consolidating access across all enterprise and cloud apps can make life simpler for users while also giving you a way to enforce contextual policies consistently and comprehensively every time people connect.
3. App and Data Security Give You Peace of Mind Everywhere
Wherever your applications run, your data is at risk. The answer is to run all your apps in a centralized and secure location, like your data center.
Virtualization lets you centralize both apps and data so that IT gains a single point of visibility and control to define and enforce access policies.
It can also be a good idea to enforce policies controlling users’ ability to save, copy, print or otherwise move data. At the same time, you don’t want to make it too hard for people to get their work done or to collaborate effectively across and outside the organization.
An enterprise file sync and sharing service can give IT the centralized control, security and auditability needed to manage risk while making it simple for users to access and share centrally hosted files via emailed links. For mobility, the challenge is to allow people to run personal apps on the same devices they use for business, which is often their personally-owned smartphone or tablet.
Containerization lets you maintain clear separation between personal and business apps and their data, and prevent the apps in one container from accessing the data in the other container. IT maintains full control of the business side of the device, where it can apply container-based security measures including encrypted storage and usage, app-to-app data control and data wipe policies.
4. Analytics and Insights Deliver Proactive Security
Security will always be an active function. There’s no such thing as a perfect technology or policy.
Constant vigilance is essential, including end-to-end visibility into application traffic as well as auditing and accounting of resource access. If an employee is engaging in overly risky behavior, or usage patterns suddenly diverge from longtime norms, you need to know right away.
It could just be a harmless anomaly, or it could be the first stages of an attack or compromise.
Also, with more than 300 security- and privacy-related standards, regulations and laws globally, security solutions should provide complete and automated monitoring, logging and reporting of data, user and network-level activity to help respond to audits quickly, efficiently and successfully.
5. Increase Employee Awareness of Security Best Practices
Finally, remember that learning is a lifelong pursuit. Baby boomers, millennials and everyone in between need constant reinforcement of your security policies and why they matter, from password hygiene and phishing alertness to the perils of a jailbroken smartphone.
Nobody wants to be the person who brought the company to its knees through a careless action; the embarrassment you avoid may be their own.
A multigenerational workforce can be a boon to your organization — one more dimension of diversity to foster cross-pollination of ideas, viewpoints and practices. Differences like these can make work all the more interesting, inspiring and innovative. Just make sure that all your employees, of any age or background, share one thing in common: a secure and productive work experience.