New information technology now tends to emerge in the consumer market before it reaches the business market. This development is presenting a challenge to organizations that must be addressed. Employees increasingly use personal devices to work outside the office, and many consumer applications offer employees more nimble services than those provided by company IT departments.

The ascendant generation of new hires believes that technology is a matter of personal choice that does not require professional consultation. But this belief is not limited to these so-called digital natives; the rapid spread of smartphones and tablets, and the popularity of social networks and other free online tools, have made people across the age spectrum accustomed to being constantly connected. And these people are demanding the same kind of access at work. Two years ago, Accenture, a consulting firm, had about 30,000 smart phones and mobile devices connected to its network, most of which were supplied by the company. Today it has over 85,000, of which less than a third are company-supplied.

The trend toward consumerization is also encouraging customers and vendors to demand that organizations become more transparent about their technology infrastructure. Organizations that operate on a “need-to-know” principle will simply be left behind.

Experience in medical computing puts many of these trends in particularly sharp relief: while personal medical matters certainly require a high degree of privacy, consumers consistently demonstrate that privacy and security is a secondary priority for them, falling somewhere after cost, quality, and access. When patients are supplied with mobile devices to support remote clinical trials, the harshest criticisms relate to the functionality of the devices, which are widely perceived as inferior to consumer health-management applications and devices; privacy and security receive attention from only a minority of the population.

Employees increasingly desire to become digital “nomads”, working at a distance from corporate IT systems. Companies that try to respond by exercising “high control” over their operations will face increasing difficulties. Recent studies by Forrester, Aberdeen and PricewaterhouseCoopers all concluded that traditional strict control by IT is simultaneously the least secure and most expensive approach to cyber mobility. “Policy-based” IT which engages employees as participants is the least expensive and has the best security record.

IT departments at organizations cannot abandon their role as stewards of security. The chief asset of an organization is increasingly the data it manages; data has long-term earnings power and “scalability” that few physical assets enjoy. As a result, the value of security needs to be properly understood and addressed.

Today’s security practices, however, are primitive. Daily incident reports make it clear that undisclosed intrusions are quite common and that IT departments need to improve their performance. According to the 2011 CyberSecurity Watch Survey, 81 percent of organizations surveyed experienced a cyber attack in 2010, up from 60 percent in 2009. The threats will only increase as mobile devices become an increasingly established part of business-as-usual. McAfee reports a 33 percent increase in the last 12 months in the number of mobile malware samples doing the rounds. Attempting to completely fortify the organization will simply not work in today’s online business environment—it can only be accomplished by turning off the Internet.

Virtualization offers organizations another way to respond to the challenges presented by mobility and consumerization. It allows a single physical computer to run software that makes it appear as though one or more “virtual computers” are available. Employees can use these virtual computers to get access to their work desktop from anywhere, and via any device. These virtual computers can also be quickly suspended, restarted, copied, deleted, moved and restored without anyone having to arrange for space, cabling, or air-conditioning in a physical computing center—making access easier, cheaper, and, arguably, more secure.

Virtualization offers more than “anywhere, anytime” access, and it allows for fine-grained control of that access. An employee sitting at a desktop in the accounting department can have a broader view of a company’s data than an employee using a laptop from an airport coffee shop. Access through a company smartphone can be tuned differently from access through an employee’s personal iPhone. Access through a personal iPhone can also depend on how rigorously personal items on the iPhone are separated from work processes.

For example, an executive needs convenient access to a wide variety of services, files, and applications through a personal tablet. Using virtualization, the executive can install a virtual “player” on the tablet. The “player” strictly separates personal information from work. When used for the latter, the tablet opens an encrypted channel to a copy of the executive’s office desktop. No information is downloaded to the device, it is only displayed on the screen, and no company records are ever transferred to the tablet. If someone steals the tablet, all the information is automatically wiped clean, including the details of the network to which it was connected.

Virtualization is not a “magic potion” that solves security problems on its own; it is only a tool, one that needs careful planning, and expert deployment. In principle, other techniques offer ways to customize levels of access; virtualization, however, is the approach that is currently receiving industry attention and investment. It is the best vehicle for now to deliver valuable information to a remote worker while still controlling in a useful way what happens to that information when disaster strikes.