vindy.com | Use own gadgets at work? Views mixed

Sunday, February 19, 2012

San Jose Mercury News

SAN JOSE, Calif.

Like many employees these days, Kim Gibbons uses her own smartphone and tablet for her job at Cisco Systems. That way, no matter where she is — including weekend soccer matches with her children — “I’m still very much connected with everything at work,” she said.

Hers is one of a number of companies that encourages this bring-your-own-device trend. But the practice is causing consternation among executives nationwide. While loath to alienate employees by being too restrictive, many fear their companies’ confidential or critical business data could be accessed from poorly secured gadgets by hackers, who are attacking firms with increasing ferocity.

As a result, rules regarding the use of personal devices vary widely. Some companies permit it with tight controls that include having the ability to remotely wipe the gadgets clean of all data — personal or otherwise — if the machines are lost or stolen. Others bar employee-owned devices altogether or haven’t figured out what to do.

“The world is going mobile,” said Bob Worrall, chief information officer at Santa Clara, Calif., chipmaker Nvidia, which recently decided to let employees use their phones and tablets at work. But how to adapt to that shift while protecting company secrets, he added, “has really become a question that legal and security teams have wrestled with across the industry.”

For many workers — particularly the young — having to use a clunky company- issued phone or laptop is unthinkable. A Cisco survey of 2,853 adults younger than 30 last year found 70 percent preferred to use a work device of their own choosing. And among those in college, 81 percent expressed that preference.

Still, recent research by McAfee and the National Cyber Security Alliance has found that nearly three out of four adults fail to protect their smartphones with security software. Moreover, people often use their phones, tablets and laptops to frequent social media or other websites that tend to attract cybercrooks. Consequently, many business executives aren’t keen on the idea of letting their employees use such devices for work.

The practice was forbidden by 48 percent of the 1,500 information technology managers Cisco queried in January, although 57 percent added that some of their employees disregard the ban.

In another study this year by Check Point Software Technologies of Redwood City, Calif., 65 percent of 768 information technology professionals contacted allowed employee-owned gadgets to connect with their corporate networks. But 71 percent blamed such mobile devices — both personal and company- provided — for contributing to “increased security incidents,” such as risky Web browsing and “corrupt applications downloaded.”

Some companies are secretive about whether they allow personal gadgets or not. Oakland, Calif.-based Clorox would only say, “It’s not our practice to discuss security issues publicly.” Others embrace the idea, which can be a big cost savings for companies.

“It’s working very well,” said Steve Martino, vice president of information security at San Jose-based Cisco, where a little less than half of the company’s employees use their personal devices. He said the gadgets are connected to Cisco equipment to block spam and some of them can be remotely wiped of sensitive information.

“Our primary concern is protecting Cisco’s and our customers’ data,” Martino said. But, he said, the company also wants to make its employees “happy with the kind of device they have.”

Among those pleased with the policy is Gibbons, who joined Cisco in 1999 and is marketing director for its global government solutions group.

Equipped with a company-issued MacBook Pro as well as her personal iPhone and iPad, she much prefers this arrangement to her previous job, where she toted both a company phone and one she owned.

“That’s very difficult when you’re carrying around two phones,” she said. “It just makes you less productive.”