Breakin’ the Law: Corporate IT Policies and the Mobile Workforce


Thanks to broadband and mobile technology, the tools and the very nature of work are changing, but are corporate IT policies keeping up? According to some data released today by Cisco (s csco) from its Connected World report, the answer is no; workers feel stifled by corporate “acceptable use” IT policies, and are prepared to break them in order to get their jobs done. Only 34 percent of the 1,303 end users surveyed who had an acceptable use policy in place felt that they adhered to it all of the time. The primary reason for not adhering to policy (as reported by 41 percent of those who didn’t stick to their company’s policies) was that they needed access to unsanctioned programs or devices in order to do their job. Overall, a whopping 64 percent of the workers surveyed felt that their IT policies could use some improvement.

As I outlined in a recent post of GigaOM Pro (sub. req.), workers are breaking their firms’ IT policies because they are frustrated with the limited choice of tools available in the workplace. Smartphones, tablet computers, collaboration software and video conferencing apps are just some of the sophisticated tools available to consumers outside the workplace; it’s understandable to want to use them at work, too. While mobile technology and broadband mean that workers can be more productive, this “consumerization” of the workplace is a potential problem for corporate IT departments, because it can introduce security risks and also add to a firm’s IT support costs.

Given that it’s very difficult to stop consumerization of workplace tools (simply blocking their use just leads to added worker frustration), corporate IT departments need to redraft existing guidelines to make sure they aren’t draconian and allow workers more autonomy in their choice of tools, while they also need to educate the end users on the security risks. Worryingly, 37 percent of the IT decision makers in the survey had the opinion that end users did not feel that breaking IT policies presented enough of a security risk to be concerned. There needs to be better communication and understanding between IT departments and end users: staff need to understand that unsanctioned tools can present a security risk, while IT departments need to understand why staff want to use those tools in the first place.

If you’re interested in learning more about how businesses can adapt to a new era of working and how to manage the equipment and software that the modern worker needs, you should come to our Net:Work conference, coming to San Francisco on Dec. 9, where we’ll be discussing these topics in-depth.

Does your employer have an “acceptable use” IT policy in place? If so, how could it be improved?

Photo courtesy Flickr user Carl Lovén

Related content from GigaOM Pro (sub. req.):



You make the mistake of assuming that because it’s a corporate IT group a) it understands security best practices and b) it is capable of implementing and recommending such (frequently IT knows what they’re doing but is overruled by more powerful groups).

I’ve had our corporate IT recommend I install IE6 to deal with legacy programs. I’ve found IT directors accidentally sharing secure directories on their internal machines (those were some interesting memos).

If there’s a straightforward security solution, they manage to pretty much screw it up. I’m much more secure routing around their broken policies — if I actually adhered to them my machines would be getting owned by teenagers in Hong Kong every week.

Simon Mackie

True. Part of the frustration experienced by many end users is knowing that the policies are outdated or just plain dumb. Greater communication and understanding is required.

Comments are closed.