Rolling out efficient and secure mobility infrastructure across an organisation is a challenging but ultimately worthwhile exercise, particularly as users are demanding access to information anywhere and at any time from a plethora of mobile devices.
This was the general consensus amongst attendees at CIO Australia’s Managing Mobility roundtable, sponsored by Citrix and Fujitsu. Attendees agreed that although rolling out mobility programs is the way forward, creating effective and flexible mobility policies while preventing data leakage is a challenge.
The difficulty in creating a workable mobility strategy is perhaps best reflected by the relatively low number of Australian organisations with mobile-related policies in place. For example, 55 per cent of the users surveyed recently by IDC Australia had no formal bring-your-own-device (BYOD) policy for their smartphones while 40 per cent did not have a policy for tablets. A further 41 per cent didn’t have a policy for laptops.
For Tim Roper, group manager, business systems at Exego Group, mobility means leveraging commodity technology, “much of which just happens to be untethered”.
“Our biggest challenge [in doing this] is changing the mindset of IT staff from a ‘standardise and lock-down standard operating environment’, to one with a more flexible view of the world,” he says. This involves moving from an ‘inside/outside perimeter-security world view to one that is a mash-up of hardware, software and cloud services etc, he says.
Another challenge, he says, is getting buy-in from the business to develop and agree on a new approach to information security that provides ‘degrees of confidentiality’ rather than the black and white view that failed when people started carrying memory devices in their pockets.
Victorian energy management and distribution company SP AusNet, defines mobility as the capability to access actionable information anywhere, at any place and at any time.
Chris Howard, manager ICT business office at SP AusNet, says the company faces three distinct challenges around mobility: securing information; getting connectivity in regional areas, and delivering mobility for up to 10 different user styles.
Mark Naidoo, IT infrastructure manager at Veolia Transport Australasia, says his company’s biggest mobility challenge is ‘defining the demarcation’ between support for remote access and devices brought to work by employees.
“We currently only officially support remote access via company equipment,” he says.
Service Stream’s mobility strategy is based around the company's ‘in-field’ business and information workers, says Craig Wishart, CIO at the national network services designer and builder.
“Specific to in-field workers, our core objectives are to reduce cycle times of work, uplift information management through minimising data input and reducing manual touch points through an integrated data exchange,” he says.
Mobility also increases flexibility for the company’s in-field workers, and provides improved business intelligence and operational reporting through live work status reporting, Wishart says.
Wishart adds that Service Stream’s ICT strategy is underpinned by its approach to enabling workers to be mobile.
“That said, we have invested in cloud-based solutions to enable [staff to more easily work remotely],” he says.
“Our premise for both remains consistent; focus on the business drivers, not the technology. The first question is always ‘how can we improve the business?’ and often facilitating access to systems, processes and information is what people are seeking,” he says.
This means allowing in-field workers to access work systems and processes using an internet-enabled smartphone.
These workers can start and close jobs, take signatures for completion, fill out compliance requirements and capture inventory. This reduces data entry handling and eliminates wasteful processes, he says.
Mobility priorities and issues
Attendees agreed that providing staff with the secure, flexible mobility platforms to do their jobs remotely is a top priority. Exego Group’s Roper says actively supporting the business to leverage mobility rather than it being ‘bypassed or marginalised’ and ensuring information is secure are key.
SP AusNet’s Howard, says the company’s biggest priority is to provide capabilities to field crews who manage assets.
“This includes our support teams who work on our electricity transmission network, our electricity distribution network and our gas network, as well as additional field crews who provide niche services throughout the utility industry.
“We need to deliver these capabilities in a robust, available and secure capacity.”
Eliminating leakage, overcoming data sharing issues
Managing the risk of company data being leaked – particularly if an organisation has a BYOD program – and potential data sharing issues given that users are accessing corporate data on personal devices were also significant issues.
Veolia Transport’s Naidoo, says even though the company ‘officially supports’ company-owned devices, users have been using their own devices for access.
“We are still in the process of finding a solution,” he says.
To keep data secure, SP AusNet has created a high-level strategy for its mobility roadmap, which includes an architecture and set of capabilities required.
“We are in the final stage of analysis on integrated tools that we will implement in our environment to deliver a managed mobile service,” says SP AusNet’s Howard.
Data leakage is an issue that is considered in Bakers Delight’s strategy and managed based upon the level of risk it poses, says Stubbs. The company manages this risk by using Citrix technology and delivers the majority of its applications through secure internet connections.
Creating a workable strategy
Organisations need to think about what types of data they allow on which devices when they are creating secure mobility policies that reduce the risk of data leakage.
According to Andrew Dent, CTO office, director of strategy and communications at Citrix, this “might necessitate the need for data security taxonomies.”
“Mobile content management products allow customers ‘fine-grained granularity’ to specify whether or not certain enterprise data is viewable or even downloadable to mobile devices,” he says.
These products also enable organisations to manage the risk of potential data leakage by allowing them to remotely access enterprise data from a BYO device without affecting a user’s personal data.
Martin Mizen, program director at Fujitsu Australia, adds that organisations can take a variety of approaches when trying to reduce the risk of data leakage from providing limited access for personal devices to a much more open, less controlled environment.
“Different approaches work for different industry sectors,” he says. “For example, the health sector has strict patient data privacy requirements to meet; this drives a much more restricted access model.
“Compare to this say a retail franchise operation which cannot dictate either what devices their franchisees use or what controls are in place on the devices.”
On the issue of potential data leakage, Mizen says high-risk sectors that are highly regulated such banking, healthcare and government, have a clear need for secure data transfer, access and storage. They will typically provide users with a set of approved devices that are managed and controlled by the organisation.
“These are the only [devices] supported in that environment, all others are locked out and strict access controls are implemented at the application level. While this protects data, it does introduce a level of inflexibility that is at odds with a BYOD program.
“Such tight controls will increasingly fail to meet the aspirations of the employees and therefore businesses need to find solutions that can manage the data leakage risk while enabling the flexibility that BYOD offers.”