Leadership

IT risk and the millennials


I know, it sounds like the name of an old school rock band, but it's not. Managing risk with the millennial workforce is actually going to be one of the most pressing issues for IT in 2008. With millions beginning to enter the workforce from Generation Y, CIOs are scrambling to understand and address perhaps their greatest risk ever.

In 2007, IT is just beginning to get its hands around the concept of IT risk management and figuring out how to translate that for executives and the board. Now they're confronted by the millennial worker (the worker raised on video games and mobile phones), which is almost cause to rethink IT risk management all over again. Trying to implement IT risk management policies with a millennial workforce-one that has been labeled as "risk takers"-is very problematic. In general, most millennials tend to believe in a "no-walls" approach when it comes to sharing information. Why shouldn't all information be shared? Their strength is digital sophistication; some would even claim that the true concept of "information technology" is their birthright.

FORTUNE'S May 15, 2007 cover story refers to millennials as the most high-maintenance, but also most high-performing workforce in the history of the world. Why? Because they have more information in their heads and more information at their fingertips.

Some have referred to the trend that millennials are driving as the "consumerization of IT." Remember the days when IT would provide you with software and equipment far better than you had ever purchased? Those days are all but gone. Now, millennials are accustomed to freely downloading software from the Internet, using applications like Facebook, and bringing their iPods and laptops into the office-all of it blurring the lines between personal and work life.

Faced with this dilemma, some IT organizations have reverted to asking employees to sign a code of ethics and others have gone as far as banning all unauthorized use of software and electronics in the workplace.

Granted, consumer technologies can definitely pose a threat to network security, but their increased use in enterprises is a trend that's hard to stop, let alone detect. Gartner predicts that by 2012-just five years from now-the majority of new information technologies that enterprises adopt will have their roots in the consumer market. How is this possible? Well, millennials are demonstrating that the consumerization of IT can actually increase productivity and reduce costs.

Think about the huge business benefit of knowledge management that has been afforded through the emergence of social networking applications. The tagging technology that is often found in services such as Flickr and Del.icio.us has spurred new ideas and options in organizations to help share and find data more easily. Or consider how the new generation of smartphones is exponentially increasing accessibility and productivity. And you can't deny the cost-savings being recognized with free and low-cost VoIP technology, such as Skype.

But the millennial craving for the latest and shiniest new technology-often under the radar of IT-is not without risks. For instance, the potential for confidential information leakage is very real through the use of social networking software. And how often have we read about leakage through portable devices? Now you can imagine we're only at the tip of the iceberg as handhelds and laptops are obliterating the boundaries between work and personal life. And with the myriad of new Web apps out there from desktop search to in-the-cloud storage, and millennial use running the gamut, the implications are huge and cover the full range of IT risks-availability, compliance, performance, and security.

So what are CIOs to do? Should they build up the Great Wall of IT by blocking all consumer technology use or promote the spirit of free work expression? Ultimately, the issue boils down to choice vs. control. Never have the ramifications of this age-old balancing act been as acute as what IT will face going forward.

Fortunately, the same five steps for executing an effective IT Risk Management program will prove essential in addressing the IT dilemma posed by the surging millennial workforce. He five steps are:

§         Awareness

§         Quantification (of business impacts)

§         Design

§         Implementation (upon alignment of business and IT value)

§         Governance

Think about it in a simplified manner. First and foremost, IT needs to be educated; CIOs need to understand what's going on when it comes to the network and technology usage. A thorough assessment will reveal what technologies and practices employees are using and why, and this will better equip IT to figure out next steps with regards to either adaptation or constraint.

Naturally, IT will recognize the potential risks posed by certain practices and will be able to quantify their impact to the business, whether positive or negative, and then design remediation solutions based on the organization's risk profile and ease of mitigation. For instance, IT may discover widespread usage of social networks and be convinced of the tremendous value such practice provides from a collective intelligence perspective. But depending on the nature of the business, IT may have to restrict such usage because it may pose too much of a threat to operational success. Or IT may be able to compromise and implement an internal system for information sharing.

Finally, as part of the implementation process, IT has to ensure that the proper controls are in place (i.e., identity management or data loss prevention) and employees are fully aware of, and educated on, the policies that will help to govern their consumerized IT activities.

Now this by no means is meant to belittle the challenge that millennials are beginning to introduce. The risks are real. And they're quietly emerging in cubicles, home offices, hotel rooms, wi-fi hotspots, and sidewalks all around the world. We're hearing this straight from the CIOs, who didn't plan this into their agenda, and yet it's risen to the top as a priority. They're trying to figure out how to keep up with this crazy Web 2.0 world. Some are old school and just don't get it. Some are asking a lot of questions and feeling the pain of being constrained by limited resources or legal and compliance issues. Others are recognizing the potential for competitive advantage if they're able to adapt and embrace change.

Either way, 2008 should prove to be really interesting when it comes to IT transformation. And we'll all have a front seat. Coming to an organization near you, IT Risk and the Millennials.

Samir Kapuria is managing director, Symantec Advisory Consulting Services

2 comments
wayoutinva
wayoutinva

"Their strength is digital sophistication; some would even claim that the true concept of ???information technology??? is their birthright." Only for the "toys" and web sites that they are familiar with. In working with some of them, I dont see a much greater overall knowledge about technology (again outside of a few specific toys) than you see in the older generations. I know from a computer standpoint, even with them growing up with one, a lot of them know very little about the workings outside of "facebook", "utube" etc. They seemed to have spent so much time there they didnt have time to learn outside of their chosen circle of information...And yes there are exceptions in every generation, so this does not apply to all of them obviously. I to am all for the latest & greatest, but have realized in business that cost consideraitons over ride the need for newer "toys"

CharlieSpencer
CharlieSpencer

I have no additional comments. I posted so there would be at least one comment so I could subscribe to any discussion. Thanks.

Editor's Picks