Anarchy is Knocking at the Gates of IT Security, Says Gartner

Challenge of Managing Employee-owned PCs Highlighted at Gartner IT Security Summit in Sydney, 14-15 August

SYDNEY, Australia, August 15, 2007 � The client computing world is increasingly in conflict, as individuals empowered by technology in their personal lives are increasingly pitted against beleaguered IT departments concerned about security and compliance, according to Gartner. As the boundary between personal and enterprise computing becomes blurred, organisations should treat all network access as potentially hostile and apply appropriate security technologies and policies.

Robin Simpson, Gartner research director and co-chair of the Gartner IT Security Summit in Sydney this week, said new rules are needed to allow enterprise IT assets and functions to coexist with employees� personal digital assets.

�The traditional response from the IT department was to say �no�, but that�s no longer an option,� said Mr Simpson. �You can�t hold back the changes being driven by your user population by force, or they will simply conspire against you. But you can�t just relax control. You need to find a way to delineate between the business and personal computing worlds so they can work side-by-side and the boundary can be secured.�

In his presentation �Your Systems, Someone Else�s Device�, Mr Simpson highlighted five key reasons that employees don�t want to use corporate owned PCs:

  • Executives and key knowledge workers often prefer their own PCs to the corporate standard
  • User requirements are not “one size fits all”
  • Outsourcing and use of contract and temporary workers continues to grow
  • Travelling workers need personal data and connectivity while on the move. Nobody carries two notebooks
  • Full- and part-time teleworking is increasing

Gartner predicts that by 2008, 10 percent of companies will require employee-purchased notebooks.

�Just as company-owned cars ceased to be an integral element of the employee’s package, so company-owned computing devices, especially notebook computers and mobile phones, need no longer form part of the overall benefits package. Our research confirms that companies around the world are increasingly considering employee-owned devices to be formal business tools.

A 2006 Gartner survey of medium-sized business in six countries found that 42 percent of organisations had policies or schemes allowing personally owned PCs to connect to the corporate network, and this figure was higher in the U.S. (51 percent) and UK (49 percent).

According to Gartner, businesses should prepare for employee-owned notebooks with a thorough review of security, compliance and application delivery architecture.

�By taking security precautions and investing in foundational security technologies now, enterprises can prepare themselves for increasing use of consumer devices, services and networks with their organisation, and manage these risks,� said Mr Simpson.

�The key is to assume all access to your corporate network is potentially hostile,� said Mr Simpson. �The only real solution is to increase core system and information security while relaxing user constraints and shifting responsibility to them. Although they may lack maturity and come at a high price, the tools do exist to manage the risks of non-company equipment in the enterprise.�

Many of these security tools, such as network access control (NAC), stronger authentication technologies, PC virtualisation and digital rights management (DRM), are being adopted by enterprises to manage other threats and can be configured for consumerisation threats. While in some cases it may be too early or costly to invest in these tools, Gartner advises that enterprises can start with policies and procedures, and use these to help guide future technology deployments.

More than two years ago, Gartner said that consumerisation would be the most significant trend affecting IT during the next 10 years, as employees expect to use more of their personal equipment and services at work, and enterprises adopt more consumer technologies in business operations. However, consumerisation also represents one the most significant threats to enterprise security, and security managers must prepare for, and manage, the security risks.

At the IT Security Summit, Gartner analysts will present new research and provide practical advice on information security, risk and privacy issues. For more information, please visit

About Gartner

Gartner, Inc. (NYSE: IT) is the world’s leading information technology research and advisory company. Gartner delivers the technology-related insight necessary for our clients to make the right decisions, every day. From CIOs and senior IT leaders in corporations and government agencies, to business leaders in high-tech and telecom enterprises and professional services firms, to technology investors, we are the indispensable partner to 60,000 clients in 10,000 distinct organizations. Through the resources of Gartner Research, Gartner Consulting and Gartner Events, we work with every client to research, analyze and interpret the business of IT within the context of their individual role. Founded in 1979, Gartner is headquartered in Stamford, Connecticut, U.S.A., and has 3,800 associates, including 1,200 research analysts and consultants in 75 countries. For more information, visit