Mobility With Responsibility

With smart devices gradually making their transition from the consumer space on to the enterprise desks, employee-owned mobile devices like iPhones and iPads bring with them productivity-enhancing applications. However, CIOs have a right to be concerned about this trend owing to security risks and potential network management challenges.

Knowledge workers- specifically those in a senior position and field staff, due to the nature of their job, can leverage these devices to a great extent. They can log into the CRM/ERP application through their smart devices and access any critical customer information while on the move, in their personal engagements, or while meeting with the customer. The information can also be provided to the customer on demand.

Smart devices can provide the flexibility to access information at will. It is very useful for client facing jobs where the speed of response is critical. Besides, employees remain connected like never before. They check mails and other updates out of office hours and even when on sick leaves.

Personally, I support the claim of smartphones and mobile devices adding to employee productivity, but only for a specific section of the workforce and not universally, owing to various challenges involved.

Challenges Involved

The portability of devices is a double edged sword. While it gives anywhere anytime access, the same facility also poses a threat. In case the user loses the device, it amounts to loss of confidential information which can fall into wrong hands. The use of wireless networks for data access is also risky as they are not as secured as wired networks. They also have the feature to store data which remains unencrypted.

Countering Security Challenge

Organisations are moving to a combination of alternatives, like issuing older versions of phones e.g. older Blackberry models which do not have a camera. Since the smart phones are becoming cheaper by the day, employees can very well bring their own personal devices to work. Hence those who follow rules, suffer due to lack of features into their devices compared to those who are using their own devices. This looks unfair to employees using the company devices and is not necessary the best way to tackle the problem.

The desired approach should be multi-pronged, something which is followed by most of the CIOs across organisations.

Firstly, Bluetooth, USB ports connecting the PCs and laptops with smart devices can be deactivated and so should be other devices that act as a medium for data transfer. Wireless access should be secured and password protected and there should be smart firewalls to ensure authorised access of data.

Secondly, while the number of controls can be innumerable, the need to connect is still imperative. Companies fulfill this by opening access to internet and social networking sites and other sources of information during a limited window of time during or after work hours.

The other way, typically known as ‘self-policing’, has been a regular in many companies including Tech Mahindra. Herein, an entire team is deprived of a particular service if a member of the team has broken the set rules of the respective service. These strict regulations should be backed by tailored awareness campaigns, mentoring employees to operate by the rule book and getting them to understand why it is important and how it results in better information security. These practices have proven to be reasonably effective for CIOs.

In this dynamic scenario, the key is not to be authoritarian and practice over-regulation because the restrictive approach usually results in employees managing workarounds due to ever-changing technology.