Lead

Managing mobile manpower

Businesses need an immediate connection and feedback system with customers to sense their needs and respond in the shortest possible time. Kusum Makhija finds that mobile infrastructure is the backbone of any such system

As companies expand their product and service offerings, they inevitably attract different categories of customers and find themselves competing in entirely new markets, thus broadening their overall exposure to competition. Businesses need to have an intimate and immediate connection and feedback system with customers to discover their needs and react in the shortest possible time. For this reason, the need for mobile infrastructure among the workforce is being strongly felt across various verticals.

So far, the most common application deployed over mobile infrastructure is mobile e-mail. It is no surprise therefore that this has the highest penetration among all applications. IM, access to corporate directories, personal information management, and wireless enterprise applications are the emerging applications over the mobile infrastructure. Examples of wireless enterprise applications are mobile-CRM and mobile-ERP. The next wave is expected to come from wireless vertical applications, especially those for different verticals such as manufacturing, logistics and finance.

Says Amit Sheth, Head of IT at Sun Pharma, “Mobile applications in our organisation are being used primarily by the marketing field force. These users, currently numbering around 700, range across the hierarchy from zonal managers to sales representatives. Gradually, the entire field force will be covered with such applications.” The mobile applications help to increase the time top performers can spend with customers, thereby increasing the likelihood of them doing more business.

Organisations today need their remote and mobile workforce to stay connected in a secure, cost-effective and efficient manner. “Some industries are already deploying these applications given the impracticality of wired infrastructure. However, the difference now is the move towards standards-based technologies and solutions,” says Parijat Chakraborty, Senior Manager, User and Comm-unications Research Group, IDC India. “Given the multiple features and applications used on such a platform, it is therefore important to ensure that these same functionalities and resources are made available to mobile workers whether they are on the road or telecommuting.”

Due diligence

IDC believes there are eight major areas to look into before deciding if mobility is right for any organisation, and how to best implement it to optimise returns.

The first is infrastructure, that is, to have a stock check on what or who needs mobility and where. The next one is quality management, which includes trials, documentation of processes, and reports on usage to identify problems, benefits to measure against expectations, and goals for further improvements and modifications. This is followed by security. It is important to have multi-layered security checks, especially in case of remote access and guest log-ins. The organisation also needs to have adequate and well-measured standards for future-proofing and scalability. With various solutions available in the marketplace today, it is important to know which standard works best for which applications, users and locations. Training is next on the IDC list. It is important to ensure adequate education and awareness to manage expectations and prevent misuse of technology at people’s disposal. Equally crucial are applications and support; organisations need to see how anytime, anywhere mobility can be properly executed.

At the end of the day, it is important to appreciate the benefits but recognise the risks. “The corporate information residing on devices is at risk, and the employees must be educated about these risks. Security policies need to be enforced. Companies need the ability to control hand-held devices remotely, including software, settings and data. The limited use of hand-helds will not eliminate the risks,” says Chakraborty.

Who needs how much

Today’s knowledge worker usually needs a wireless laptop and a cell phone or a smart phone. Also appearing on the CIO’s list are tablet PCs, Wi-Fi broadband connections for home workers, handheld scanners, RFID devices, and the new hybrid Wi-Fi cell phones.

Clearly, CIOs now have a lot of options and need to decide which device will work best, what capabilities are needed, what security features will be critical, and where hidden costs lie. “Getting the application up-and-running requires a Java-enabled mobile handset, GPRS connectivity, and a valid and authorised application-level user-ID and password. Once the application is running, the additional costs incurred are on the mobile handset (which is a one-time cost), the GPRS connectivity charges (which are recurring in nature), server maintenance costs (whenever required) and costs incurred in training the user. In some cases, additional costs may also have to be incurred in replacing a lost handset,” says Sheth.

However, the CIO also has to make a choice in terms of who needs how much. Segmenting employees allows CIOs to designate who will get what device, as well as what kind of access to the network and applications each employee will have. Today’s users are clamoring for even greater wireless access to corporate databases. Gartner estimates that 60 percent of Global 2000 workers have mobile access to corporate applications.

Observes Prashanth L J, Global Marketing Head, Infinite Computer Solutions, “Who needs how much mobility is a business decision to be made by senior management. It is governed by the role that the individual plays in the organisation. If providing mobility can help an employee serve his internal and external customers better, then the company does not see an issue with it.”

"We have defined a separate policy for access from a trusted device like an office laptop and a non-trusted source like a public cybercafe" - Anil Nashier General Manager, ICT LeasePlan India

The organisation has to be clearly focussed on the optimisation of IT investments, and try to justify the use with defined protocols and control mechanisms. “Taking into account various factors, the top management has to define an effective policy to address the mobility and information access level across the organisation. The role of IT is to aid the management decision process, and once this is defined, to implement the policy unambiguously,” opines Sheth.

Associated risks

When it comes to deploying mobile and wireless devices, CIOs need to pick their choices carefully. There has to be a balance between minimising the support costs and making the employees happy and cooperative. Faster devices also mean keeping pace with the security functions that should be on the devices. One of the most critical functions is being able to wipe a device remotely if it’s lost or stolen. Other risk considerations for CIOs include making sure that basic power-on passwords are on the devices, and encrypting wireless transmissions that contain sensitive corporate information. “We are using a firewall, an access gateway as a hardware appliance along with advanced access control, and a password manager. We are now implementing access tokens as well to complete the security cycle,” informs Anil Nashier, GM, ICT, LeasePlan India.

CIOs also need to make sure that the help desk is well-versed in these new devices before they’re rolled out to a single user. “Training people in the use of the applications (particularly when they are spread over a large geographical area), ensuring 24x7 connectivity when there no other means of retrieving the required information from the database, application loading and bug fixes, mobility of the workforce itself (transfers, resignations, etc), and asset management and tracking (in case the devices are owned by the company)—are some of the bottlenecks that are faced while managing a mobile workforce,” notes Sheth.

With business processes moving outside the corporate firewall to encompass remote mobile communication, data security takes on a new level of importance. An organisation needs to connect its workforce in a secure and reliable manner, especially those working at the edge of the network and needing information resources that are stored centrally. Further, this mobile workforce could store vital information on portable computing devices such as laptops, mobile phones and PDAs, and therefore the risk of loss, theft or unauthorised access assumes high proportions. Every transaction—including access to data, storage and transportation—has to be dealt with in a secure manner.

Security is prime

Data security fundamentally deals with ensuring privacy of information, authentication of the user, and integrity of the data. Enforcement of a device security policy is one of the biggest components of any overall mobile device strategy, especially in the light of compliance regulations. Security can be handled at three levels: network, application and user. At the network level, authenticating the data packet and its source is very important. If CIOs are going to allow these devices, then they need to make sure their policies are enforced. One way to enforce a security policy is to track rogue devices as companies should not allow any unapproved device on the network. Tracking requires security software that can (for example) scan for unauthorised device-to-desktop synchronisation, or unauthorised devices accessing your network through your wireless LAN.

“You also need to collaborate and work closely with the mobile service provider to ensure network security at that end. At the application level, secure log-ins and mobile registrations ensure that only authorised users can log-in and access the corporate database. At the user level, security of the physical device itself becomes a vital issue. You need to have a well-defined corporate policy relating to loss or theft of device well-communicated and understood by all concerned,” explains Sheth. If such a policy is in place but is not enforced, the risk to the organisation may be greater than if the organisation were to simply ignore the problem. If any employee leaves the company, CIOs have to make sure that his device has been wiped clean of all company information. “We have defined a separate policy for access from a trusted device like an office laptop and a non-trusted source like a public cybercafe. These policies are automatically applied, otherwise managing information access through various means could become a major bottleneck. Also, the maintenance window for the network is reducing day by day,” says Nashier.

The strategy to adopt

A good strategy for managing the mobile workforce would begin with identifying if there’s a business need for a device; then segmenting your employees by job function; next deciding the list of devices that IT will and will not support; and finally devising a training plan for users and help desk staffers, as well as enforcement mechanisms that will ensure device security.

If CIOs can maintain a visible and enforceable policy, and involve users in the process from start to finish, then the security of the devices will almost take care of itself. Through some pre-planning, risk management and training, they can gain a measure of control over mobile devices while still allowing their employees enough flexibility to get their jobs done. “Our challenge is to support multiple devices with multiple operating systems and capabilities so that our users are not constrained by the device. You have to look at the benefit of what that person can get with the tool versus the added overhead cost of accommodating the tool. It has to relate to how we serve a customer better or get a product to market quicker,” explains Prashanth.

If the cost of the device, or the risk it generates, isn’t greater than the business benefit, CIOs should just say no. In the end, any mobile device is only as secure as the person operating it—and no amount of software can change that.