2013 Survey findings Executive Summary Subject: TEKsystems IT Industry Survey series explores the hottest trends affecting the IT workforce. With over 80,000 IT professionals deployed at 6,000 client sites annually, our network of connections offer real-world insights into what works, what doesn t and what s possible in IT today.
TEKsystems IT Industry Trends Survey Regardless of industry, company size or the market, all organizations will face the Bring Your Own Device () trend sooner rather than later. cannot be addressed by a simple policy that allows employees to bring their personal device to work; the situation is much more complex and offers a number of challenges that can be difficult to navigate. This research explores the landscape, identifies the prevalence of key challenges and offers recommendations that can set your organization up for success. Survey methodology and respondent profile In June of 2013 TEKsystems conducted an online survey of more than 1,500 IT leaders and more than 2,000 IT professionals in the U.S. and Canada. The IT leaders included CIOs, IT vice presidents, IT directors and IT hiring managers. The IT decision makers spanned a wide cross-section of industries, including technology, financial services, healthcare, manufacturing, government and professional services, among others. Respondents also included a wide range of company sizes, from less than $5 million to more than $1 billion in revenue. The IT professionals respondent population included developers, network administrators, architects and help desk skill sets, among others. Annual Revenue Industry Skill Sets 35% 13% 25% 31% 2% 2% 6% 8% 9% Developer Help Desk Network Administrator Systems Administrator 15% 14% 12% 11% 27% 13% 12% 10% 9% Installer/Technician Tester/Quality Assurance Business Analyst 9% 9% 8% Less than $5 million IT Network Engineer 7% $5 million to $50 million $50 million to $1 billion More than $1 billion Manufacturing Healthcare Financial Services Architect Database Administrator 3% 3% Telecommunications Technical Writer 3% Professional Services Security 2% Government and Education Transportation and Construction Energy ERP Storage 2% 1% Retail Cloud 1% TEKsystems.com 2
TEKsystems IT Industry Trends Survey Key survey findings is upon us whether we like it or not. In a typical work day, IT workers spend time on a range of devices for work-related activities, including their mobile phones (82 percent), laptops (72 percent) and tablet devices (54 percent). comes with dangerous side effects. Seventy-three percent of IT leaders and IT professionals believe sensitive company data may be compromised when employees access information from personal devices, with two out of five IT leaders and half of IT professionals estimating 25 percent or more of the organization s sensitive data is at risk. Perhaps most alarming, many organizations are not even sure if they are breaking the law. Thirty-five percent of IT leaders and 25 percent of IT professionals are not confident their organization s policy is compliant with data and privacy protection acts, HIPAA, Dodd-Frank or other government-mandated regulations. The majority of companies fall on one extreme or the other in terms of policies. Only 35 percent of IT employees report their company s policy is well communicated and updated frequently. The other 65 percent report either nothing has been communicated, there are no official policy guidelines or employees are not allowed to use their own devices at work. Clarity and education on what is and isn t acceptable is a critical yet often overlooked step to protecting organizations and their clients, employees and reputations. Seventy-one percent of IT leaders and 64 percent of IT professionals report their organization does not have mandatory end-user training to educate employees and protect the company from the risks associated with. Recommendations TEKsystems suite of services, including IT recruitment, training and managed services solutions, enables organizations to effectively navigate the trend. We help our clients build, implement and enforce a policy that prevents the most common pitfalls while achieving maximum business benefit. Establish a clear policy to mitigate the organization s risk exposure. Implement device tracking and compliance monitoring programs to protect sensitive company data and meet compliance requirements. Determine when and how users can access the network to protect network bandwidth and productivity of work-related projects. Implement ongoing education programs to protect the organization and its clients, employees and reputation. Determine responsibility for and breadth of device support to avoid overwhelming the IT department. TEKsystems.com 3
landscape it s everywhere, for good reason It s everywhere For some time now, the industry has seen a steady increase in mobile device usage compared to desktop PCs. Some estimates indicate that smartphones have actually overtaken or are close to overtaking PCs in terms of products being produced. Our data reflects that explosion of growth, as eight out of 10 end users indicate they spend time on a mobile phone for work-related activities. The business world today demands speed, agility and flexibility. Mobile devices are the perfect vehicle for meeting that demand. In a typical work day, what personal devices do you use for work-related activities? mobile phone 89% 82% tablet 57% 54% laptop 82% 72% TEKsystems.com 4
For good reason is here to stay not only just because employees expect it but also because it promises several business benefits. Interestingly, IT leaders and IT professionals are aligned in how they rank their organizations ability to achieve various objectives of policies. It s not a coincidence that accessibility and employee satisfaction are rated as most effectively achieved, as an organization that simply allows for some personal device usage is already increasing employee access and satisfaction. Nor is it a surprise that customer satisfaction and IT expenses are rated lowest. Both of these objectives provide a more challenging ROI metric and gauging their effectiveness typically requires a longer timeframe. Measuring improvement in customer satisfaction due to factors isolated from other variables is tricky. Moreover, while can lower hardware costs, a poorly constructed policy can also result in many indirect expenses, such as an overwhelmed support desk or network bandwidth issues. Despite the alignment in effectiveness rankings, nearly half of the IT leader and IT employee populations believe their organizations are either achieving a middle-of-the-road effectiveness or are completely ineffective, suggesting many policies require improvement. If your organization has a policy, how do you rate its ability to support/achieve the following objectives? Accessibility (increasing employee access for workrelated purposes) Employee satisfaction (improving employee satisfaction by offering greater freedom of choice) Productivity (improving efficiency and productivity) Customer satisfaction (improving response time to customer questions/issues) IT expenses (offsetting cost of providing company issued devices) Effective 63% 57% 51% 41% 39% 55% 48% 44% 42% 55% Middle-of-the-road effectiveness to completely ineffective 37% 42% 49% 60% 62% 45% 45% 52% 56% 58% TEKsystems.com 5
risks people feel comfortable with how polices impact them but not with how they could impact the companies they work for Comfort with personal impact End users accept that their employers are not going to pay for all expenses related to their personal mobile device. And it s doubtful that an IT leader or professional would go without a smartphone because their employer doesn t cover all of the expenses. The fact that some organizations do cover all expenses is typically considered gravy. The high level of comfort IT leaders and IT professionals express with their organizations policies is likely due to the prevalence of more relaxed policies that do not infringe on personal freedoms in order to protect sensitive company data. While this approach may assist with achieving the goal of employee satisfaction, organizations must weigh the cost of the risk involved. Are end users expected to cover the cost of their mobile devices when it comes to business activity? Which of the following statements accurately describes your thoughts on your company s policy? Yes, my company is fiscally frugal 45% 54% The organization s policies on mobile data protection are fair and I am comfortable with them 92% I pay a portion of the expenses 29% 35% 86% No, they cover all related expenses 20% 17% I feel like the organization snoops on me and I don t like it 8% 14% TEKsystems.com 6
Risk to company IT leaders and IT professionals agree that sensitive company data is at risk when employees access information from personal devices. Approximately three quarters of IT leaders and IT professionals believe their organization s sensitive data is at risk due to end users accessing information from personal devices nearly a quarter of IT leaders and a third of IT professionals go so far as to rate the risk as great. Additionally, almost half of both groups feel that 25 percent or more of their company s sensitive data is exposed. With this level of risk exposure, many organizations are not sure if they are breaking the law. Failure to comply with federal regulations can result in severe consequences such as fines, probationary periods of oversight by federal agencies and criminal penalties up to and including imprisonment, making it all the more critical that organizations have a clear strategy in place to protect themselves, their clients, their employees and their reputations. To what extent do you think sensitive company data is at risk due to employees accessing information from personal devices? What percent of your organization s sensitive data do you think is at risk due to end users accessing information from personal devices? Great risk 22% 34% 75% to 100% 12% 20% Somewhat at risk 51% 39% 50% to 74% 10% 14% Not much risk 22% 21% 25% to 49% 18% 15% No risk at all 5% 6% 10% to 24% 32% 24% TEKsystems.com 7
35% Risk to company (continued) 65% Are you confident that your organization s policy adheres to government-mandated regulatory compliance (e.g., data protection acts, privacy, Dodd-Frank, HIPAA)? 35% 25% 65% 75% Yes No Yes No 25% Challenges faced Clearly, the trend presents a challenge of conflicting objectives for IT. Accessibility and employee satisfaction are at odds with keeping an organization s data secure and costs down. To address the security concern, organizations must not only consider how and when users access data; they must also think about worst 75% case scenarios, such as a lost or stolen device. If IT is unable to remotely wipe the lost device, organizations risk exposing sensitive company data and ending up on the nightly news. In terms of costs, an effective policy must first address not only the types of devices that will be supported but also the different versions and platforms. It should further differentiate between a business need and a personal support need. Secondly, the policy must consider how support will be provided. Is it performed on a case by case basis through help desk tickets or are end users referred to a resource where they can perform self-help and diagnosis? Finally, the policy should address when support will be provided. Is the help desk on call 24/7 for all employees or is support only offered during business hours? The answers to these questions are not as simple as they at first appear. Today, employees of all levels of technical proficiency not only want to access data when they want and how they want they expect it. However, the fact that only about half of IT leaders and IT professionals report their organization offers sufficient levels of support for their devices is a missed opportunity. If support is too robust, costs will balloon. But if support is too limited, organizations will fail to experience the productivity and efficiency that arise from employees using personal devices to get work done. TEKsystems.com 8
Challenges faced (continued) As an IT leader/professional, what do you despise most about? Security encryption, access, scan and block remote wipe, etc. Does your organization offer a sufficient level of support for the devices end users would like to use for work-related purposes? : 31% : 28% 53% 47% IT support device assistance when issues arise : 19% : 17% Yes No Nothing, I love : 10% : 14% 53% 47% 54% 46% Yes No TEKsystems.com 9
policies less grey area, please Policies are unclear to many Unfortunately the perceptions of the organization s stance are rather murky. Nearly half of IT leaders believe the policy is crystal clear but only about a third of IT professionals agree. It s not entirely uncommon for such a disconnect between leadership and employees on communication about company policy, but there is vastly higher risk for a policy lacking clarity. Since nearly every employee is using a mobile device for work purposes, nearly everyone that doesn t understand the policy poses a threat to the organization. Sixty-five percent of the workforce report that nothing has been communicated, there are no official policy guidelines or employees are not allowed to use their own devices at work. Again, the lack of a policy or lack of communication about it opens the organization to unnecessary risk. However, a strict no tolerance policy may not be the best solution either. Allowing employees to use their personal device for work can increase response time to customers, strengthen employee satisfaction and improve productivity. Organizations need to consider these positive outcomes of and weigh them against their own risk tolerance when formulating an official strategy. Ironically, the majority of IT leaders and IT professionals say they fully understand their organizations stance on and fully understand the risks associated with. Given the lack of a policy or communication about the policy, this understanding may be based on inaccurate or unclear information. Both IT leaders and IT professionals could be operating under dangerous false assumptions. Equally concerning is that nearly 30 percent of IT leaders those who should be crystal clear as they are responsible for cascading policy indicate they do not fully understand their organizations stance on. Which of the following statements best describes your organization s stance regarding its strategy? There is a clear policy that is well communicated and updated frequently is accepted, but there are no official policy guidelines Employees are not allowed to use their own device while at work Nothing has been communicated about 52% 48% 65% 35% TEKsystems.com 10
Policies are unclear to many (continued) Please select true or false for each of the following statements. True False True False I fully understand my organization s stance on policy/consequences 73% 27% 78% 22% I fully understand the risks of 78% 22% 89% 11% TEKsystems.com 11
Precautions are necessary Approximately half of IT leaders and IT professionals report they have practices in place that address most policy concerns which means that the other half do not. A large number of IT leaders (40 percent) and IT professionals (46 percent) report their organization allows end users to install whatever they want on their devices. While a draconian policy that prohibits everything is not wise, organizations do need to think about how and what is being installed via the corporate network on devices that have access to sensitive company data. Fewer IT leaders (29 percent) and IT professionals (36 percent) have mandatory enduser training in place to protect the company from concerns. The low engagement rate is most likely due to an assumption that, because the end user owns the device, he or she should be savvy enough to know how to keep it secure and aware of general best practices for data access. Making these kinds of assumptions could be costly if an end user fails to have proper security controls in place or has a lackadaisical attitude toward keeping the personal device secure for the sake of their employer. Which of the following does your company currently do or have? Restrict employee access to personal content on work-issued devices 69% 69% Capability to remotely wipe data off employee devices 67% 54% Monitor/log end-users network activity on mobile devices and laptops 63% 61% Deploy secure apps without disrupting employees personal data/apps 61% 60% Push and provide updates to mandatory business apps on employees devices 61% 58% Develop mobile apps either in-house or through an outsourced vendor 57% 52% Develop for a sufficient amount of different devices/platforms 53% 50% Allow end users to install whatever they want on their devices 40% 46% Mandatory end-user training to protect your company from concerns 29% 36% TEKsystems.com 12
TEKsystems IT Industry Trends Survey Conclusion In the workplace today mobile devices have become a necessary asset rather than a luxury, entrenched in how work gets done. Without a clear, well-communicated policy, organizations will fail to achieve the benefits associated with. If the benefits are not enough to sway organizations to develop a clear policy, they must consider the potentially dire consequences a single security breach or compliance violation will have on their business. The proliferation of mobile devices and their usage in the workplace will only continue to expand. Organizations that ignore the trend or fail to dedicate time and effort to developing a clear policy do so at their own peril. About TEKsystems People are at the heart of every successful business initiative. At TEKsystems, we understand people. Every year we deploy over 80,000 IT professionals at 6,000 client sites across North America, Europe and Asia. Our deep insights into IT human capital management enable us to help our clients achieve their business goals while optimizing their IT workforce strategies. We provide IT staffing solutions, IT talent management expertise and IT services to help our clients plan, build and run their critical business initiatives. Through our range of quality-focused delivery models, we meet our clients where they are, and take them where they want to go, the way they want to get there. Visit us online at www.teksystems.com. TEKsystems 7437 Race Road, Hanover, MD 21076 888.835.7978 www.teksystems.com TEKsystems, Inc. is an Allegis Group, Inc. company. Certain names, products and services listed in the document are trademarks, register trademarks, or service marks of their respective companies. Copyright 2013 TEKsystems, Inc. All Rights Reserved.
TEKsystems IT Industry Trends Survey TEKsystems.com 14