Technology vs. experience: the changing workforce
Agencies must adapt security procedures to blend with new ideas about security, privacy and technology
- By (ISC)2 Government Advisory Council Executive Writers Bureau
- Jan 28, 2011
According to the Office of Personnel Management, nearly half of the federal government workforce is eligible to retire within the next five years. As agencies prepare for this transition, it is important to understand how the traditional approaches to information security and privacy differ from the perspective of the next generation entering the workforce, those who ultimately will assume leadership roles in the years to come.
The key will be determining the best use of institutional knowledge and experience to complement evolving missions, technology and workforce demographics to ensure that critical infrastructure and information are adequately protected.
With the advent of the PC, mobile devices and ubiquitous Internet, the methods of knowledge and information exchange are constantly changing and evolving, making it essential for businesses and the federal government to remain up-to-date with the continual technological advances and changing workforce demographics. People of each generation tend to adopt the technology of the time to communicate with peers. While most agencies have successfully adopted e-mail and instant messaging, how many are prepared for the social media and cloud-based platforms that today’s college graduates are accessing through their networks?
How to get ready for the ‘net generation’
In an increasingly competitive business environment intensified by the state of the economy, agencies are hiring less experienced workers right out of school instead of more experienced professionals. This trend will likely increase over the next several years, as a considerable number of federal employees will be retiring, transitioning to part-time status, or otherwise shifting their employment. By 2015, an estimated 48 percent of all federal employees will be eligible to retire and, given the current fiscal realities of the federal pay freeze, there may be additional incentive to do so.
To help mitigate the challenges of retiring workers and their subsequent replacements, it is imperative for organizations to invest time and resources into capturing and transferring knowledge to the next generation. Baby Boomers and Generation Xers have witnessed an unprecedented rise of technology and social changes in the workplace. However, their counterparts, just entering the workforce, have grown up with the technology and are not familiar with a physical workplace, let alone a world where their favorite technologies or services do not exist.
Therefore, in addition to knowledge transfer, it will be equally important to prepare for the changes that come with workforce transition.
Graduates now entering the workforce hold different notions of security and privacy than their predecessors. Their worldview of technology is often dramatically different than those of senior management, which often causes the two worlds to collide.
In many cases, most of these new employees have relied on social media, smart phones and cloud based e-mail platforms for their survival in school. Every facet of their financial, social and early professional lives is intimately woven into the Web. For example, according to IT services provider Telindus in its 2008 survey, 39 percent of 18- to 24-year-olds would consider leaving their jobs if a social media ban were imposed.
Yet, social media sites pose unique challenges for the enterprise. In addition to lost time and productivity, these sites are constantly in the news for their users being targeted with phishing scams and malware. This generation’s reliance on social media and emerging platforms makes them more likely to bring these tools with them to work, potentially adding significant risk to the enterprise.
Another consideration is that certain technologies in the workplace are often not given to new hires. For instance, BlackBerrys and other smart phones have traditionally been reserved for management or mission-critical employees. However, these new employees often own and carry phones a generation or two more sophisticated than the standard enterprise offering. These phones link their personal e-mail, social networks, online calendars and a host of messaging capabilities.
Given the freedom and productivity afforded them in their personal lives, it is likely that work material could be forwarded to personal e-mail or embedded in personal calendars. Should these phones be lost or compromised, what are the chances that organizational data could be exposed? In the future, this problem will be compounded as more and more consumer devices, such as tablet PCs, enter the workplace through new employees and early adopters.
Given these realities, organizations must do several things to protect their critical infrastructure and sensitive information.
First, they must adapt their security training to emerging technology and services that are making their way into the enterprise. More experienced employees can lead the way by conveying the risk associated with these nascent technologies and by working with new employees to discover new trends.
Additionally, the organization can create policies to address appropriate use of these tools and, if necessary, employ technical blocks through Web filtering or data-loss prevention tools.
Alternatively, organizations can adapt to the changing technology by developing creative ways to secure these resources.
As these tools gain popularity in the consumer marketplace, enterprise management solutions for them are developing as well. Ultimately, with these emerging trends in retirement, attrition and technology, it will be imperative for agencies to develop strong technical training and succession plans in the years to come.
Members of the (ISC)2 U.S. Government Advisory Council Executive Writers Bureau include federal IT security experts from government and industry. For a full list of Bureau members, visit https://www.isc2.org/About/Advisory-Council#