Get ready CIOs. They're coming. They have gadgets and doohickeys galore. They like their music downloadable and portable, and they grew up with the Internet, not before it. Their idea of community is socializing with people in other cities or countries through Facebook, MySpace or instant messages, and they use e-mail so often they probably think snail mail is an endangered species.
They're the Millennials - those tech-savvy, 20-somethings-and-under bound to warm up scores of office chairs left cold by retiring baby boomers. There's a good chance many will come to a government workplace near you, but their digital literacy could prove worrisome for security-conscious bosses.
Most agencies manage sensitive citizen data: addresses, Social Security numbers, financial records and medical information. You name it, some state or local office has it, and probably electronically. The problem? Many theorize that the Millennials' penchant for online openness could unintentionally expose private information, leaving it ripe for the picking. Millennials bring innovative ideas about technology's use, but for that same reason, do they also pose new security risks?
The Hard Truth
Anti-virus vendor Symantec released a study in March 2008 assessing this issue. Symantec commissioned Applied Research-West to execute the study, and 600 participants were surveyed from different verticals, including government. Survey participants included 200 IT decision-makers, 200 Millennial workers and 200 non-Millennial workers born before 1980.
The data revealed that Millennials are more likely than workers of other ages to use Web 2.0 applications on company time and equipment. Some interesting figures include: 69 percent of surveyed Millennials will use whatever application, device or technology they want at work, regardless of office IT policies; and only 45 percent of Millennials stick to company-issued devices or software, compared to 70 percent of non-Millennials.
According to Samir Kapuria, Symantec Advisory Consulting Services' managing director, C-level administrators and agency heads view IT as a controllable asset, but Web 2.0 threatens to take control away.
"Those lines of control start to blur because the assets in question aren't necessarily that of an organization, but that of a private person or a third party," he said. "The mechanisms that allow a CXO [corporate officer] to control the usage of that asset start to dissipate as well."
Interesting facts on IT use at work include:
· 66 percent of Millennials access Facebook or MySpace, compared to 13 percent of non-Millennials;
· 75 percent of Millennials use Web mail, compared to 54 percent of non-Millennials;
· 75 percent of Millennials have downloaded software on their work computer for personal use, compared to 25 percent of non-Millennials;
· 46 percent of Millennials use an instant-messaging client on the company network, compared to 22 percent of non-Millennials;
· 38 percent of Millennials access streaming video at work, compared to 18 percent of non-Millennials; and
· only 57 percent of both Millennials and non-Millennials think they've been properly trained on their employer's technology-use policies.
"With these sorts of online assets or social networks, you've got the capability of information within the organization to leave the organization," Kapuria said, "[though] not necessarily for malicious purposes."
Kapuria offered an example: An employee e-mails a work-related spreadsheet to his or her personal e-mail account to download at home to complete after work hours.
The spreadsheet represents an informational asset of the agency that is no longer connected to the organization's network. According to Kapuria, "The corporation is not aware that their asset is out there. And now the risks posed to those assets are things an organization cannot mitigate."
Facebook, MySpace and other Web 2.0 tools can be great networking and communication business tools - connecting with clients and building contacts. But these same tools can be terrible for privacy. Sensitive in-house data could be displayed over a public network for thousands to see. These networks can also be means for employees to store work-related