The lack of a strategic approach to Consumerization creates security risks, financial exposure and a management nightmare for IT. Rather than resist it, organizations should embrace Consumerization to unlock its business potential. This requires a strategic approach, new flexible policies and new security and management solutions.

Recommended 3-step approach to Cosumerization:

1. Have a plan. Take a strategic approach to Consumerization and develop a cross-organizational plan. IT cannot do this in a vacuum and will have to engage executives, line of business owners (marketing, sales, HR, product development) as well as customers, partners, and internal early adopters. While planning to adopt new consumer technology, IT managers should survey their most innovative users to discover what devices and applications they like and what they find most useful in their work activities. In this way IT will pull from users’ experience rather than pushing IT views to their base.

2. Say yes – but not to everything for everyone. Develop a set of policies that clearly define what devices and applications are considered corporate-standard (fully supported by IT) vs. tolerated (jointly supported with the user) vs. deprecated (full user liability). In addition, IT should profile the global workforce based on relevant attributes such as role, line of business and location. And then map technologies to user profiles and define SLAs for each intersection.

3. Put the right IT infrastructure in place. Deploy appropriate IT solutions specifically designed to secure and manage consumer technology in the enterprise. Be aware that while some offerings have already materialized along the lines of specific product segments, no single vendor can provide one single solution covering all functional requirements across all platforms. As vendors enter the Consumerization space with solutions initially developed for adjacent product segments, most solutions tend to offer overlapping core functionality and to lack the cross-platform support critical to protect and manage the full spectrum of Consumer technologies. IT will have to integrate multiple offerings across different product categories. To name a few: security solutions for Internet content security, mobile antimalware and mobile data protection, Mobile Device Management tools for system provisioning and application management, and Telecom Expense Management for procurement, support and cost control of voice and data services.

As Consumerization is not just about securing smartphones, several IT solutions already exist to give IT managers visibility and control on specific consumer-technology categories:

- Desktops, Laptops and Netbooks: employee-owned devices with large screens and traditional operating systems such as Windows can be safely and cost-effectively used for work related activities by relying on VDI – Virtual Desktop Infrastructure – solutions. Plenty of options are available from established VDI vendors such as vmware, Citrix and Microsoft. In addition, to efficiently secure these VDI deployments organizations may look at agent-less solutions such as Trend Micro’s Deep Security that deliver the performance and consolidation ratios necessary to preserve the true ROI of the VDI investment.

- Tablets and Smartphones: these small screen devices typically run new mobile operating systems such as Apple iOS and Android – soon Windows Phone 7. Traditional VDI doesn’t really cut in this situation. A better approach to embrace the benefits of these devices in the enterprise may involve Mobile Device Management solutions. Many specialists such as Sybase and Good Technology offer best-of-breed point solutions while established security vendors have quickly complemented their corporate suites with similar baseline Mobile Device Management extensions – Symantec, McAfee and Trend Micro among these. Whether the specific solution involves taking complete control of device rather than a containerized approach that limits to enterprise applications and data, the underlying assumption is that IT has the permission from the end-user to install some sort of control mechanism on their personal devices. This may not always be the case. As a complement to traditional Mobile Device Management, some vendors will soon offer innovative agent-less solutions that protect data and infrastructure at the network level and therefore do not require additional user permission or endpoint software – i.e. Trend Micro “Project Butter”.

- Social Networking, Collaboration and File-Sharing: many popular consumer-grade services such as Facebook, DropBox and Linkedin belong to this category. Again, many enterprise solutions already exist to secure and manage social network activities and internet file sharing. Trend Micro SafeSync for Business and VMware project Octopus are two great examples of enterprise corporate-grade alternative to DropBox. These solutions allow end-users to access files from any device, including smartphones and tablet computers, and share them with people inside and outside the corporate realm while allowing IT managers to get visibility and control.

Cesare Garlati

Senior Director Consumerization @ Trend Micro

More on Consumerization at http://BringYourOwnIT.com