As organisations move to deploy more advanced technology in an effort to make employees more productive the issue of security looms large.

Meeting both mobile employees' needs and security concerns is a challenge

It is clear that mobility initiatives are entering a new stage, said Pieter Zylstra, global mobility lead in Northern Europe and Asia Pacific for consultancy Capgemini. The era of pilot mobile technology projects is over and executives are deciding to take up strategic mobility transformation programmes, said Zylstra, who is based in the Netherlands.

"We now see a shift in perception on the value of mobility," said Zylstra. "Management has decided very rapidly, very urgently that we need to take a company-wide approach. This is a watershed event."

A study carried out by Larstan Business Reports confirms this trend. Of 988 executives surveyed, 56 percent "reported that providing mobile employees with secure remote access to mission critical information was vital to their strategic objectives." But only a quarter of respondents said their infrastructure was "optimised to support enterprise-wide mobility initiatives."

"The survey reveals a wide gap between knowing that mobility is a strategic development and actual movement to respond to that imperative," reports the study, 'Managing the Mobility Imperative: Enterprises Embrace Mobility Strategies to Achieve Competitive Advantage,' released in December. 

But the gap appears to be closing. IT spending is expected to rise by 2.5 percent this year, according to a new report out from research and analysis firm Gartner 'Delivering IT's Contribution: The 2005 CIO Agenda'. High on the agenda will be security enhancement tools, the survey found, along with business intelligence tools and mobile workforce enablement.

While Blackberry's are becoming increasingly common among the mobile workforce, developing ways to access back-office applications off-site is the new priority.

"That's the next step in the mobile work force arena," said Frans M. Glazener, group business development manager for LogicaCMG Wireless Enterprise Solutions.

Security issues, however, continue to dominate the discussion about deploying mobile solutions.

"The challenge you have with security is you need to balance something iron-clad secure with something that is also usable," said Sean Ellis of 3am Labs, a US-based remote access solutions company.

The debate is particularly acute for employees that are already mobile, such as frequent flyers or Euro-commuters. They are at once one of the greatest potential threats to security and the most in need of mobile technology.

"Nine times out of 10 the road warriors are the most heavy users of IT," said Toby Stevens, managing director of Enterprise Privacy Group, a UK-based membership body and consultancy specialising in privacy management issues.

But IT departments know that an organisation's security can be compromised in a single – potentially innocent – misstep. Anything from using an office laptop through an unsecured internet connection at home to transferring corporate data onto a personal digital assistant (PDA) can lead to a security breach.

As IT has been worrying about security lapses, Stevens says that the portable office has become a reality in the last year.

"Culturally, I've seen that people no longer expect you to be in an office to be credible," he said. "The problem we get is IT departments rarely manage to respond quickly enough to end-users."

IT departments are so busy putting out other fires, such as viruses and spam, that they are not typically proactive about productivity tools, said Ellis, who is 3am Labs' vice president of marketing.

"When they think about remote access, the first thing that comes to mind is security," he said. "We have to do a lot of work to overcome their fears."

In the meantime, employees are finding and implementing their own mobile technology. Many already-mobile employees acquire their own PDAs, mobile phones or remote-access software.

"We have a ton of end-users who deploy it on their own," said Ellis. "It is end-users trying to take matters into their own hands in terms of making themselves more productive."

Security issues at the portable office also give rise to a host of legal and liability issues. Is the employee liable for a security breach when he has taken home his laptop to get some extra work done? Who is responsible for a tampered-with computer in a hotel room or a customs department? Who can be held accountable when a sensitive report or a client list is stolen?

"Any company worth its salt should have an IT security policy," said Stevens. "If they don't, then they deserve what's coming to them."

The worst offenders, he notes, are often an organisation's most senior people. Those at the top can have a sense that the rules don't apply to them.

"If I was doing a security audit," Stevens said, "I would start at the CEOs office and work my way down."

Stevens offers several suggestions to meeting the demand of mobile employees while also ensuring security concerns are met.

ONE: give the staff the equipment and software they need, otherwise they will buy it themselves.

There are not many problems that can't be fixed by keeping them supplied with the latest technology," he said. "Give them the gizmos, if it makes things work."

"TWO: educate personnel about their responsibilities. This can be accomplished through presentations, questionnaires, regular email warnings and asking staff to annually read and sign the company IT security policy. Also, IT should follow-up to ensure that the policies are being followed and unauthorised devices are not being used.

Finally, it is essential to keep an eye on the evolving legal framework so that legal departments can prepare from a policy perspective.  One issue brewing, said Stevens, is the introduction of location-tracking devices, used to help parents locate lost children as well as to keep tabs on everyone from stock traders to taxi drivers. It is often used as a way to improve efficiency but could lead to violations of EU protection laws.

"This is a watch-this-space problem," said Stevens. "Give it three years and it will be the biggest headache HR people have got."

January 2005

Jennifer Hamm is a freelance journalist based in the Netherlands.

Subject: Mobile workforce and IT