Workers are no longer shackled to their desks — notebooks, PDAs and cellphones have set them free. But this increased freedom comes at a price. As workers unlock the information that has traditionally resided within office walls, they leave an opening for those who want to get their hands on that
These days, when employees go out on the road for long periods, they are no longer confined to days-old, paper-based data. They can now set up office wherever they are — a coffee shop, a client’s offices, an airport lounge — and take all the information they need with them. They can connect to and send back information in real time, increasing efficiency and ensuring everyone always has access to the latest data. But with the ability to carry away information comes an increased security risk.
When workers leave the office they leave behind all the security it provides. At many organizations, pass codes or security cards are a must, providing at least some degree of protection for office equipment — and all the data that resides on it. But laptops can easily be snatched, PDAs lost and information sent insecurely over the Internet, stolen.
“”Everything you’d normally use inside an office doesn’t exist anymore,”” says John Girard, a vice-president and distinguished analyst with the security research group at Gartner Inc. in Stamford, Conn. “”Everything you assume about your inside security is gone. Theft or loss of the mobile platform is the largest risk.””
Hundreds of thousands of mobile devices go missing each year, Girard says. Yet most phones and PDAs and a great many laptops are not password protected.
“”With a phone or a PDA, everything is in memory. If the device is locked, most hackers just give up,”” he says.
But password protection is not enough, he says. There are plenty of free tools out there that can be used to reset the administrative password.
Stolen devices are something that Trevor Anderson, manager of information technology at Thompson Dorfman Sweatman (TDS) LLP in Winnipeg, worries about.
Almost half of the lawyers at the firm use laptop computers as their jobs are more than 9-to-5.
“”If you’re meeting clients, you can take your desk with you,”” Anderson says.
Locking things down
A security cable much like a bike chain lock comes with every laptop. Anderson encourages lawyers to lock up their notebooks even when they are in the office or at home. Lawyers must sign a policy stressing the need for security and are told not to let family members use their laptops.
The HP laptops that the firm standardized on are loaded with client-side anti-virus and anti-spyware protection monitored and updated through a Windows desktop server. And if lawyers want to set up wireless networks in their homes, they’re encouraged to bring their routers in so the IT department can set them up securely. Employees are also encouraged to bring IT in the loop on any other mobile devices they might be using, such as PDAs or memory keys.
The lawyers use their laptops primarily for word processing and e-mail. The company went with server-based Citrix technology, which the lawyers access through the Internet using SSL encryption. IT workers and employees in the accounting department also have laptops through which they can gain access to all of the files and applications they need. Everyone is discouraged from saving anything in the “”My Documents”” folder.
“”Having a mobile workforce doesn’t have to mean that you opened up a lot of holes,”” Anderson says.
Part of the problem, according to Girard, is the sheer number of devices out there. He himself has a phone, a blackberry, a PDA, three laptops and two desktops.
“”The cost of management tools on these products can be substantial,”” he says. The cost of purchasing devices is just the beginning — the devices also have to be secured, backed up, synched and managed. And many of the smaller devices are being brought in by employees themselves, he says.
“”If users bring their own products in, it becomes even more difficult,”” he says.
To simplify the increasingly complicated task of managing mobile workforces, Girard encourages companies to adopt server-based computing solutions.
“”Ultimately, the information and applications are stored in one place that is under company control. The exposure on the user’s device is minimized. Software distribution is no longer a problem,”” he said
Like Girard, Stephen O’Grady, a senior analyst with Redmonk in Bath, Me., likewise recommends the benefits of thin-client computing over thick-client. The latter presents an increased security risk, he says.
“”Information is present on the machine. Typically that information is more easily compromised than if you have the information stored on the server,”” he says.
Also, people will download things at home that they can’t or won’t in the office, O’Grady says. This leaves their notebooks open to viruses and other malware.
But server-based solutions require constant connectivity for access to files, cutting off users who are not near wired or wireless connections, he says.
Besides giving remote employees access to their e-mail, companies must also start thinking about ways to give them access to instant messaging (IM), O’Grady says.
“”If enterprises don’t come up with solutions for that, users will.””
Robert Mahowld, research manager at IDC in Framingham, Mass., agrees that instant messaging presents a problem for remote workers.
“”There’s no good easy way to do a Web-based client for instant messaging. So, you end up doing instant messaging on the public network. The content is gone, and you have no copy of it. There are numerous cases of messaging logs broken into and being posted on the Internet.””
At Homes by Avi, a Calgary-based home-builder, instant messaging is encouraged as the way for remote employees, who are out at construction sites, to connect. The company uses Microsoft’s Office Communicator 2005 and Live Meeting 2005 provided by application service provider Allstream.
Users now have the ability to see each other when they speak through either instant messaging or in live conferences. And this has helped Homes by Avi consolidate its team, says Darren Soltes, vice-president of business development at the company.
“”It strengthens the company. People work for managers. They don’t work for the company. So if you can strengthen the bond
between the managers and the co-workers, it’ll help people.””
With e-mail, there can be a lack of productivity when people go back and forth on an issue, he says.
Employees can share files with each other over the Internet. The system is SSL-encrypted.
There is an adjustment period involved in using IM to communicate, Soltes admits.
“”Being online, it may affect how the user is initially productive. I may be getting bombarded with people messaging me. I’m constantly available and people know I’m online, and now I have to respond,”” he said
But Soltes hopes once the novelty wears off, people will use IM more appropriately. He’s planning to build an auditing tool to track the level of use.
The company is also planning to use Live Meeting to connect employees. “”Live Meeting allows us to reach a great many people without pulling them into our office. They’re all on the outskirts of Calgary. To pull everybody in takes up people’s time.””
With Live Meeting, employees can be tested or polled on subjects. Soltes hopes to eventually set up Avi University through Live Meeting and change the business into a learning culture.