I am always fascinated by the myriad ways that new technologies break into previously unimagined markets and uses, and the problems they bring with them. The Aerospace Industries Association’s new report, “Best Practices for Exploiting the Consumerization of Information Technologies,” is a thoughtful consideration of the pros and cons of this pattern.
The symbiosis between commercial and defense technology development continues – although right now it seems that the private sector has the momentum. While there are many tech breakthroughs for which we can thank the Defense Department (GPS, anyone?), today it’s the influx of consumer products that is serving as a major driver of government IT changes.
Think about it: the revolution in mobile computing power, contained in a tablet or smartphone and available to anyone for personal use, will not – does not – stop at government security checkpoints. As government users discover that tablets offer the same kind of Internet access, speed and power as their laptop and desktop computers, they are “infiltrating” federal networks. As smartphones become ubiquitous, clever users figure out how to create apps geared to those networks.
This is human nature. If you’ve got a tool that’s really useful in one sphere of your life, you’re going to look for ways to use it in other spheres.
But this also highlights some of the flaws in human nature: We discount security measures because they’re a nuisance; we blur the lines between our personal and professional lives; we don’t think out the consequences of our actions – heck, much of the time we’re ignorant of what those possible consequences may be!
It’s a little bit like the 2008 banking crisis. Investment bankers thought they were minimizing risk by collecting subprime mortgages into large pools called CDOs, “collateralized debt obligations,” slicing them into tranches and encouraging the broadest possible investor participation; instead, they accidentally maximized risk by infecting the whole world’s balance sheets. (I’m not a banker – this is a very simplified explanation!)
In much the same way, the flexibility, power and usefulness of our personal devices leads us to incorporate them into agency work environments it also leads to conveniently overlooking how employees may be spreading cyber risks across the agency.
If you don’t have policies in place, or are just developing them now, AIA’s report has some thoughtful recommendations for network administrators concerned about the influx of personal devices into their systems.
COMMENTS