Scottish Law firm MacRoberts recently joined the ranks of companies who have decided to give employees access to email on the move. The firm recently issued BlackBerry devices and 3G data cards to staff to help them stay in contact with colleagues and clients.
"Mobile working definitely makes people more productive, and I think potentially [it] has helped us to retain clients by offering better service," said David Murphy, the firm's IT director. "It is increasingly something that people expect us to have."
Mobile working is coming to be seen as a standard service within the professional-services sector, Murphy added. The next step for the firm will be extending access to practice-management and document-management applications to mobile workers.
Research by RIM, the company behind the successful BlackBerry, suggests that using a mobile device to access information on the move can save workers as much as 90 minutes per day.
However, there is no question that mobile data can also present a security risk. Nine out of 10 companies say they aren't completely sure which mobile devices are used by employees or what information they contain, while 60 percent of data breaches reported to authorities involve lost or stolen mobile devices.
MacRoberts makes security a high priority for mobile workers, who may be accessing highly confidential client files, said Murphy. The company has a comprehensive security policy that users are expected to follow when using mobile technology.
A good mobile-security policy begins with a careful assessment of exactly what mobile working looks like inside your company, advised Adrian Tatum, mobile-solutions director with services company Computacenter. For example, are workers using laptops or a range of devices to connect to the network? Are they checking email or using applications and, therefore, writing data to the network? Are mobile workers free to download information to USB sticks or CD-ROMs if they are working from home?
"The biggest mistake is thinking that mobile working is just about a few BlackBerrys with email," said Tatum. "Many small firms think it's just about devices and they're coming at it from completely the wrong angle."
Once you have an idea of which workers are using devices and what information is being accessed, map this information carefully and consider whether it is appropriate. "Every time you have a new device connecting to information, or a new application being accessible to mobile workers, you're creating new copies of information and every new copy is a new risk," explained Graham Titterington, a principal analyst with Ovum. "Your job is to balance that risk against the benefits that mobile working will bring."
This assessment should give an idea of how much access different users need, and to which applications. "Often, you find people are walking around with access to the entire customer database, when they could really manage with a link into their calendar, which pulls relevant customer details needed on a particular day," said Titterington.
There are technologies available that will allow you to create web-based front-end applications for mobile workers who need access to a limited part of bigger enterprise applications, added Andrew Kellett, a senior research analyst with Butler Group. "It may be that it's more effective to have a small, web-based application written that sits on the device and allows people to record information on the move, which is then sent over a secure connection back to the main IT infrastructure."
It's also possible to configure many enterprise applications to provide differing levels of access for different employees. "Once you know what people need, you can set pretty much any sort of policy," said Kellett. So, for example, you could provide different levels of mobile access to financial records depending on an employee's security clearance, giving a director full access but sales staff more limited information. You could also impose rules about what sorts of devices can download information, so that certain data can only be viewed on laptops running antivirus software, for instance.
Once you have secured your corporate network, consider how to secure the connection between the network and mobile workers. "You need to look at how you ensure that, when workers connect to your corporate network, they are who they claim to be, and the connection isn't going to be intercepted and provide someone with a route into your systems," said Alec Howard, head of laptop connectivity with Vodafone UK.
The simplest and most inexpensive way for small firms to secure network connectivity is with an SSL VPN, or virtual private network...