Generation Z: A security conundrum

Generation Z, the internet generation, brings its own devices, but also its own apps and approach into the enterprise; Diana Wong explains how we must adapt our security to recognise and cater for this change.

Diana Wong, director product marketing, RES Software
Diana Wong, director product marketing, RES Software

Just as companies were starting to think they'd got their heads around the nuances of millennials and what that meant for security, a new generation begins to hit the work place – Gen Z. Unlike any other generation that have gone before them, Gen Z has been brought up with the internet. Anything they've ever wanted has only ever been a mouse click away.

This brings with it different expectations and demands. Gen Z live in an instantaneous society. They expect to be able to jump between their smartphone, tablet, WhatsApp and Snapchat with ease and simplicity. It's how they've always communicated and they're bringing their ‘ways' in to the corporate environment. It would be easy to try and resist change, but in doing so companies could be overlooking the opportunity to digitise and recruit the best talent.

For security professionals Gen Z are potentially one of the biggest insider threats they are ever likely to face. They share everything, their location, the intimate details of their lunch, snap pictures of their friends and press upload without a second thought. They might be the most digitally savvy generation, but they are also the least security focused.  

This lack of awareness has the potential to manifest itself in a number of different ways.  To stay on the front foot and protect the corporate network, security professionals need to act proactively to manage Gen Z's expectations and ensure their company remains secure. Here are some key things to consider:

A shadow is lurking

Gen Z brings with them devices. This might be nothing new, after all BYOD is a mature trend. But the difference is that Gen Z doesn't just bring one device with them, but preferred apps too and they'll want to use both while working in the enterprise. If they can't, pretty soon you're going to have a significant shadow IT emerging, over which you have no insight or control. The key thing here is choice. You might not support one particular app, but if when they seek to use it they get a pop-up directing them to a portal where they can download similar apps with the same features and functions, they are less likely to seek a work-around. Quite often when people come into the enterprise they don't know what services are available to them – they just see a big buffet of apps. Provide direction, education and choice. The risk is that if you don't, pretty soon you'll have a very extensive shadow IT problem, populated with rogue apps which don't have the appropriate licensing, and you won't be applying the required patches or updates.

Right access points

Gen Z is equipped to work any place and any time, bringing with them a new agility. However, just because they're ready to work, doesn't mean that they should. For example, they could be trying to connect via an insecure WiFi connection. IT needs to have an understanding of the context in which employees – not just Gen Z – are seeking to access the network and elevate or depress their access depending on these contextual factors. It could be that if an employee is in what would be deemed a hostile environment that their log-in process becomes elongated and access to certain aspects of the network is time limited.  Role-based privileges are not enough, because an identity can be stolen, misrepresented or used to create a diversion whilst a different attack is launched when attention has been diverted.

Predictions don't just come once a year

With a plethora of apps available to this generation, offering them a choice and selection, as previously mentioned, is not enough. The subsequent step companies should be making and investing in is predicting the tools they will need. This could be based on other employees in a similar role, examining what apps they use and then suggesting them to similar employees - pre-empting the tools they will require. This ‘prediction', visibly seen by online retailers such as Amazon, suggests future purchases based on past purchases. This could ease the app-finding process for employees. Predictive apps may also avoid Gen Z looking for a work-around, decreasing the chances of and dangers of rogue IT. Gen Z want to be good corporate citizens and do the right thing, but they need the environment in which to do this.  Predictive IT migrates pain points for both Gen Z and security professionals.

Gen Z bring with them an IT revolution, but it doesn't need to be an insecure one. Quite the opposite, it offers corporations the ability to create an agile and robust security strategy for the era of digital transformation.

Contributed by Diana Wong, director product marketing, RES Software