|
Working with technology outside the office brings many challenges. Use of laptops has grown from limited user communities to widespread desktop replacement and broad deployment. The complexity of managing these devices outside the walls of the office is something IT departments have learned to address. Remote connection has extended from fixed location dial-in to wireless on the move, and smart handheld devices such as PDAs have become networked, converging with mobile phones. This larger and more diverse community of mobile users and their devices increases the demands on the IT function which has to secure the device, data and connection to the network, keeping control of corporate assets, while at the same time supporting mobile user productivity.
- Experience reduces overall anxiety, but heightens awareness of specific needs
Security fears although still significant, gently decrease with greater experience, and those with broad wireless laptop experience placed less emphasis on this aspect for the deployment of smart handhelds. However experience of smart handheld deployment boosted the numbers seeing the need for increased provision of user support and training.
- For laptop security, people are the weakest link
Anti-virus software, secured VPN access and personal firewalls are deployed by over two thirds of IT professionals, but those with broad wireless experience regard loss, damage or unauthorised use as the major concerns, and these depend on the care taken by users and well communicated security policies.
- Rules rather than technology keeps smart handhelds usage in check
Businesses with existing experience of smart handhelds favoured a policy of controlled deployment, with almost two thirds providing a limited choice of devices, and only one third using a technology solution based on continuous synchronisation. However broad experience increases the use of other automated solutions, such as centralised software management and remote device deactivation.
Bringing control and security to a diverse mix of mobile devices
Organisations need to deal with the complexities of a diverse array of mobile devices, whether officially sanctioned or not. This check list serves as a reminder for those experienced in mobile device management or as a discussion document for those validating their concerns with a third party.
- Establish policy. Start with a business policy for mobile access, which feeds into a narrower IT policy. Set out in clear terms what the organisation plans to do, why actions should or should not be taken and how. Decisions are then aligned to business needs rather than the technology-de-jour. Policy is important even if there is no plan to officially deploy smart handhelds or laptops.
- Communicate. Policy must be understood from the top to the bottom of the organisation and implemented as business processes. These should be part of employee training, from the induction process, to regular ongoing communication say via an intranet site. Every user should understand the company policy, their responsibilities in the business processes including expected levels of care, penalties for misuse, and acknowledge their understanding and acceptance.
- Build on experience. Policy and processes need to adapt to changing technology, threats and usage patterns of mobile working. Use pilots to gain internal experience, but foster and make use of external relationships with suppliers and partners to learn, review and build best practices. - Support policy and processes with technology. Not as is often the case, the other way round.
Automated backup and data synchronisation reduces the need for user intervention and the possibility for errors. Over the air updates simplify device management ensuring that critical patches and security upgrades are deployed as soon as possible. Dependence on the over the air connection is a limitation, but it is a useful solution when impractical or uneconomic to ?return to base?.
- Single point of support. Users need a simple method of getting help or advice in the event of a problem. During a pilot, provide specialised support, but once deployment broadens, fold it into the standard support services. One number to call, one website to visit, one email address. - Protect the device. Antivirus, firewall and VPN software protection should not be left to users, but provided as a corporate resource, installed on every suitable mobile device and updated regularly and automatically. If users provide their own devices, organisations should mandate licenses for protective software.
|
