Essential Guide

Browse Sections


This content is part of the Essential Guide: Consumerize This: Supporting consumer devices and cloud
Get started Bring yourself up to speed with our introductory content.

Walking the line between enterprise security and consumer freedom

It's not easy, but sometimes IT just needs to let go and allow some consumer freedom when employees bring in devices and access certain apps.

In an increasingly mobile world, sometimes you just have to go with the flow. IT administrators have to deal with more devices and more enterprise security risks, but in some cases it's better to give users their freedom rather than lock everything down out of fear.

Steve Damadeo Steve Damadeo

That's because users are going to find ways around IT's rules if they really want to, said Steve Damadeo, an IT operations manager at Festo Corp., a global industrial automation and pneumatics manufacturer based in Long Island, N.Y. His organization runs what he calls a "controlled" consumerized environment, where users have some restrictions around enterprise application access and the use of cloud services but aren't slapped with too many limitations.

Damadeo shared his thoughts about allowing for consumer freedom while supporting bring your own device (BYOD) and how all those tech-savvy users have affected his environment.

Do you think the consumerization of IT is positive or negative, and for your company, what's been the hardest part to handle?

Steve Damadeo: Both. The positive is, it's brought more educated users to the table. That's very helpful, because one of the old IT doctrines is the idea of there being an education gap between individuals [regarding] how to use technology. The negative of it, and this is the hardest part that we've dealt with, is the idea that now the company has 15,000 IT experts. What works in a consumer environment may not always be the most appropriate for an enterprise environment, particularly when you deal with management, security, things like that.

How do you support consumerization in your organization and your mobile workers' needs?

Damadeo: We've maintained two separate policies: one for personally-owned devices and one for corporate-owned devices. The reason for that is that we offer certain things for certain types of devices. For example, we don't just allow anyone to bring in any laptop or any device; we do a controlled consumerization. We're selective in what we do and do not allow, but we're always having a conversation about why we're doing certain things, as we open it up to more and more alternatives.

What are the support policies and restrictions for users that bring in personal devices?

I think people need to focus on the user needs.

Steve Damadeo,
IT operations manager, Festo

Damadeo: We don't allow personal laptops. We will hook [smartphones and tablets] up to our corporate environment, in terms of being able to get email and basic messaging attachments, and some VPN connections as well. What we don't allow is our entire enterprise application suite on those devices.

We have a personal device use policy; we call it that because we want to avoid acronyms, whether it be BYOD or whatever it's called the next day. BYOD is just a purchasing mechanism. Our policy is outlined like I mentioned, with what we do and do not allow, and also what some of the expectations are from an IT and from a company perspective. So, for example, in order to connect your device, we do at least mandate a password. And we have the ability to selectively wipe information if necessary. But we keep those requirements very basic because we don't want to lock down devices, which would basically turn it into a glorified brick.

What about cloud services for storage or collaboration?

Damadeo: We aren't naïve enough to believe that people aren't using them, but we don't overtly support it. But if people want to find their away around something they always will. So the way we've approached it is trying to explain what would be considered good or bad behaviors and why or why not to do something.

We block some consumer cloud services like Dropbox for example; right now in our corporate firewall we do have them turned off, so you can't get to them through the corporate network. But I can't stop somebody when they're working from home from disconnecting from the VPN, putting something on their device and reconnecting. It's not possible to block everything; anybody who says that they block [an application] completely, I would question that.

How else has consumerization affected your environment?

Damadeo: I wouldn't say that it's affected us that much. The people are still the same, the technology and what physical device you bring is a little bit different. So I wouldn't say too much has changed; I haven't had to rearchitect our support structures or anything surrounding this. I think people need to focus on the user needs. If you focus on the people -- more so than the technology -- and what the real business impact is and [what] you are trying to accomplish, I think people will find it's a lot easier to manage. 

Dig Deeper on EMM tools | Enterprise mobility management technology

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Focus on people. That's why he lost his entire staff. Can't even manage himself if you've seen his teeth lately!!!