Google should shoulder some responsibility for remote access to corporate information systems. Its Internet engines suggest it is possible to access anything anywhere anytime. If Google can do it, executives argue, why not rip down the walls on corporate information systems and let employees access them anytime anywhere too?
A growing gaggle of businesses are doing precisely that. Australian Bureau of Statistics (ABS) figures show that 24 percent of employees now do some work from home, and recent research from Unisys and the State Chamber of Commerce shows that two in three businesses have employees who telecommute at least occasionally - that is up 36 percent on last year, and 60 percent on 2004.
For CIOs, this rising tide of demand requires technical savvy coupled with careful attention to usage policies and procedures. It is no good letting someone work from home if the business gets slapped with an occupational health and safety suit or is hauled over the coals for privacy lapses.
Businesses that do permit remote access have to ensure secure and appropriate access to applications and data; they have to be assured that the person logging on is who they say they are, that the remote computer set-up remains in synch with the core systems and cannot crash the core, and that remote employees are not downloading data onto memory sticks or burning CD-ROMs inappropriately.
And how do you make sure that the home worker is following occupational health and safety guidelines rather than lounging on the floor and generating a workers' comp case in waiting? How do you schedule necessary maintenance if employees want round-the-clock access? How do you support and service remote computers and their users? How do you ensure long-term telecommuters remain productive, motivated and in touch if they are rarely in the office? How do you make sure that the employee going over the big deal on a computer in an Internet cafe is not being watched by an industry rival sitting at the next station?
Stephen Arnold, CIO of Ernst & Young, is an old hand at offering remote access. Some 90 percent of Ernst & Young's PC population is laptop - about 4000 machines. "We have been geared to mobility and to allow people to connect remotely for a long time," Arnold says. Early in the 1990s the laptops were stand-alone, with modems added as they became available. "Now we are more reliant on Internet-type technologies, largely because our clients have digital or VoIP telecommunications," he explains. "There is no facility for analog dial-up, so we use the Internet to connect or wireless connection." He is currently wireless-enabling the entire fleet of laptops.
Arnold says two of the most important elements of a successful remote access program are, first, to ensure that all users are fully trained, know how to connect remotely and properly use their applications, and second, that proper security measures are in place.
For Ernst & Young that means encrypting all data on the laptops and the virtual private network sessions established once a user dials into the Ernst & Young network (using an RSA token for more secure access). Although the firm looked at thumbprint access nine months ago, the biometric technology was deemed too immature and too expensive. However, Arnold says his firm will definitely look at it again. "We want to make it as easy as we can for our users."
Unlike some corporations that provide screen-scraped access to applications, Ernst & Young loads the application onto each laptop. "That's because connectivity can be problematic on occasion," Arnold says. "If you are on a plane or at a mine site, for example, you need to make the employee self-sufficient." Each day when the PC is connected to the corporate network the data on it is backed up centrally to protect against a crash or machine theft.
Usage policies are clear that the firm's laptops are only intended for employees' use, and no unauthorized software is to be loaded onto them. Arnold acknowledges though that it can be tricky to ensure that data on the laptops is always used appropriately. "It can be difficult to protect the data. You have to limit the things that people do. Every time you stick in the memory stick our policy appears on the screen. We are now working on something so that every time you burn a CD or store data onto a memory stick that will be encrypted as well."
Encrypting memory sticks, or USBs, is something that Gilbert + Tobin CIO Mike Solomon has also been asked to look into. Often used in client meetings to share documents, USBs, which can store up to a gigabyte of data, have become hugely popular - but also a headache to manage.