by Brian Boyko
Editor, Network Performance Daily

Baseline magazine recently put out an article warning IT departments of under-30 "risk takers." Of course. Why not? Everyone knows that the youth are stuck up, and don't fit into corporate culture.

Being 29 years old a week from tomorrow, I was keenly interested (if giddily bemused) in what pejorative things they had to say about us brash young kids who are Ruining-It-For-Everybody™.

"Millenial workers are nearly twice as likely to use personal devices such as cell phones, PDAs and laptops in the workplace as their older counterparts."

Yes, from a security standpoint, an infected laptop or smartphone could provide trouble for the security of the network. But that also means the under-30s are more connected.

Let's look at this from a holistic standpoint. Yes, network security is important. But if personal computers and handhelds provide a more efficient way to get information, they enhance the power of the network. IT is about application delivery - and mobile devices might just be the most efficient way for Young Turks to get to the application. Yes, they can cause problems, but a NOC with automatic reporting can identify the problems quickly enough that the benefits of the always-connected employee outweigh the risks.

"Millenial workers are more than likely to use their work and personal computers for professional and personal use."

I admit that I do this. Sometimes, I need to use my personal Mac to edit video for work, or I need the computer at work to execute a Windows program. But again, this makes me more efficient. I often (after hours or on my lunch break, of course) use my work computer to send personal e-mail, and in fact, is one of the reasons I use Google Mail. Conversely, I log into Exchange to check, and send, work related e-mail from my personal computer at home if something needs my attention.

"Millenial workers believe they should have the right to use software of their choice on their work computers, regardless of its source."

NetQoS has a policy of allowing everyone to install whatever (legal) software they deem necessary to complete the work (as long as it doesn't affect other's network performance). As research for articles I write, I've got a variety of freeware programs, including GIMP, VirtualBox (virtualization software), various video editing programs and, the big one, Firefox, which I downloaded on day one. (I will never understand companies that make you use Internet Explorer in the name of "security")

I've worked at places where we were severely limited in the programs we could have. There's a reason I'm not working at those places anymore - the lack of trust in the ability for a person to choose their own software - their own tools - shows a lack of trust in the ability of the person. And it paints IT as productivity preventer rather than enabler.

This is not to suggest that there should be complete anarchy on the network. But when the IT department locks down everything, it creates more of a productivity hassle than any damage that a virus or hacker can do. There are unsecure apps out there, and the good judgment of the majority does not make up for the poor judgment of the minority. But with that said, why punish the majority for the transgressions of the minority.

It is not, after all, the downloading of malicious apps which affects the network - it is the traffic that those malicious apps produce. Instead of trying to control the application on the desktop (and relying on security on the user/desktop level is futility at best) it's better to control access to the network. You can put computers with out-of-date antivirus or unauthorized apps on an alternative network. You can use anomaly detection to find malicious traffic before it does damage. But there are a whole host of options between application anarchy and resorting to the draconian measures of a culture of complete control.

"While Millenial workers are more likely to visit unauthorized Web sites and install unauthorized applications, they are also more aware of security risks then their Gen X counterparts."

"Millenial workers are slightly more aware of what it takes to secure their apps and devices."

These could easily translate as: "Don't worry. We know what we're doing." And while those have been famous last words a number of times, in this case, I don't think it's ironic. But more importantly, security should never be left to the end-user. We've tried it countless times, it doesn't work. If you rely on defenses at the edge, your network is only as secure as your least security savvy employee.

This next one is very important:

"While all workers want access to technology and devices, each group reports little to no productivity gains as a result. Millenials, however, are more likely to perceive productivity gains from collaboration and Web-based apps." [Emphasis added]

When you think of Web based apps, you immediately consider the network. This is a generation raised on MySpace and Facebook, and Google Maps, and Google Mail, and Google Analytics, and Yahoo Answers, and Wikipedia - this is the generation of the Web based app. These are the tools that the upcoming generation is comfortable with. And the people who develop tools know this. This is why application performance - especially for Web based apps, is so crucial.

In the end, Baseline put out a separate article a few days later, pointing out that under-30s in IT had benefits as well as drawbacks. But why should we believe them? Everyone knows that you can't trust anyone over thirty.