Following a recent regional digital workspace study, Duncan Hewett, who is VMware's senior vice president & general manager for APAC & Japan, talked with Computerworld Malaysia on the IT ramifications of a rapidly changing workforce.
As a preamble, Hewett pointed out that VMware's Digital Workspace study (based on a survey of 2,500 working adults in Indonesia, Korea, Malaysia, Singapore, and Thailand) noted that at least one in three employees in ASEAN companies are using unapproved personal devices for work, which may put the business at risk of multiple data breaches.
Other findings of interest included:
- Singapore and Malaysia (both at 38 percent) were found to have the highest number of employees who use unapproved personal devices at work, followed by Indonesia (34 percent) and Thailand (30 percent).
- Overall, 81 percent of respondents admitted using their personal devices for work, specifically to check work e-mails (65 percent), access work files (41 percent), and conduct financial transactions (38 percent).
A third of the polled workers use the same password across multiple devices, while 29 percent save passwords as notes on their mobile device. In addition, 38 percent of respondents do not comply with their company's IT policies or do not know them at all. Singapore topped the list with 50 percent.
Photo - Duncan Hewett, Senior Vice President & General Manager, APAC & Japan
It's apparent from the report that workforce changes are largely driven by mobile but what most stood up for you about the Malaysia findings?
Today's workforce wants the flexibility, convenience, and productivity of mobile solutions and the freedom to work from anywhere on the devices and apps they choose. Being the world's largest smartphone market, Asia Pacific certainly has enormous opportunity and challenges when it comes to enterprise mobility.
Findings from the VMware Digital Workspace Study suggest that employees in companies across Malaysia have lower cyber awareness, when compared to the respondents from other markets in the ASEAN region.
Considering that there are close to 18 million smartphones users in Malaysia, and one in three employees uses unapproved personal devices for work, there is a real need to provide seamless integration across mobile devices and office workstations to reduce exposure to security risks and cyber-attacks.
To help companies address this, VMware is leading the industry in delivering an innovative digital workspace platform that provides the necessary infrastructure to securely deliver the apps and data employees need, accessible on any device, even on high-latency, low-bandwidth networks.
Would you say there is still a major imbalance in the vulnerabilities caused by the human factor vs external 'tech' attacks?
Malaysia ranks as one of the ASEAN countries with the highest data security risk. IT non-compliance arises when users (42 percent) use overly simple passwords, face challenges accessing the information they need on different workstation platforms, or when work apps don't work as they should.
Under these circumstances, most employees turn to their own solutions, which are usually not properly secured or aligned to IT policies. Across APAC, we see these incidents happen across the board because employees simply want to get their work done. Not only does IT non-compliance bring significant and unexpected costs and complexity, it also hinders effective digital transformation.
These actions of non-compliance increase security risks and raises concerns among employers, creating the need for greater employee education. By building on a virtualization foundation and moving to a new security architecture that's intrinsic, highly granular, and policy-driven, IT departments can help manage these security complexities, while ensuring that the business is still driving innovation.
How is the current operating environment affecting security budgets, resourcing and cyber 'preparedness' activities?
With increased business demands, customers are driving innovation with new technologies, but they still want security to be ensured by IT departments. The cost of keeping up with the innumerable security patches for organizations has been steep. Despite spending more - organizations today are at a greater risk of a cyber-attack.
In Malaysia too, there is still a lack of awareness and preparation amongst enterprises when it comes to cybersecurity threats, with 42 percent of respondents not complying with IT policies. Enterprises need to provide employees with a digital workspace platform that has a user-friendly interface, delivers unified access and allows IT departments to retain control over security.
What's your take on the current cybersecurity skills situation?
Across APAC, progress has been made in closing the cybersecurity skills gap, both at an enterprise and governmental level through awareness programs and training. However, cybersecurity is a subject that evolves every day as the attacks become more sophisticated and new loopholes in the organization's infrastructure, applications and devices are discovered. Security skills need to be updated constantly and should not be a static program or training course.
Companies must also use technology to streamline and simplify compliance - by delivering end-to-end visibility and control of all users and endpoints, all the way from the user into the data centre or cloud, without impacting a user's consumer-like experience.
Overall, it is essential that enterprises and governments make a concerted effort to reduce the cybersecurity skills gap. However, security risks and lack of compliance is not just a manpower issue. VMware customers are also transforming their ways of working based on how people are using their mobile devices in each country, and we are helping them manage the proliferation of devices to achieve true business mobility through effective device management, collaboration and enterprise security.
Would you say security is being handled with more strategic will by the top management of Malaysian companies?
Larger enterprises generally understand risks posed by IT non-compliance more than the SMEs. According the VMware Digital Workspace Study, most local SMEs perceive investments in IT infrastructure as an unnecessary cost and hence, do not invest sufficiently to mitigate cyber risk.
Every business is a potential target for an attack. No company wants to lose brand reputation and customer or employee trust, so IT must ensure the business is secure. But traditional security models that focus on reinforcing the perimeter aren't working. Companies must therefore rethink cybersecurity - VMware believes that every organization, regardless of size, needs security that's integrated within, highly granular and policy-driven. Companies need to have an architecture at the infrastructure level that supports centralized user and identity management, application-level micro-segmentation, secure containers, and fine-grained access to application capabilities and content. All these capabilities deliver inherent security from the data centre to devices to end-users.
Moving forward, what key security takeaways for companies in the region?
In APAC, there are markets where users are using smart devices before proper roads have even been built. With unprecedented growth in IoT across the region and 8.6 billion connected devices by 2019, we also expect this growth to bring about improved employee and customer engagement through data analytics and network-connected devices, and new revenue possibilities for today's businesses.
But with more endpoints, it also means the cybersecurity threat is real and ever increasing. As companies grapple with more smart devices, they need to consider a digital workspace solution - one that can give IT a more efficient, simplified and secure way of managing users, devices and applications, while providing end-users with a consumer simple way to seamlessly access all business resources regardless of device type.
You may also like to see other coverage of VMware in Malaysia:
-VMware vows to aid Malaysia's digital transformation
-Three-year plan touted for Malaysia and Brunei by new VMware leader: interview
The latest edition of this article lives at Computerworld Malaysia.
Sign up for CIO Asia eNewsletters.