All the rage

Bring-Your-Own-Device (BYOD) has become somewhat of a buzzword. With the push generally coming from the top, namely Senior Management and C-executives, there is a lot of pressure on IT to accommodate for the use of smartphones and tablets for work purposes. However, integrating new devices within the business environment is not all easy and straightforward, from an IT point of view.

Before allowing BYOD there needs to be a lot of planning, especially to insure the appropriate level of security. What end users sometimes fail to understand is that with the introduction of personal smartphones and tablets, the security of information which pass through these devices is at risk. These devices can be more easily hacked compared with a company-approved laptop, and they can be stolen or lost. Although there are some measures to wipe data off a device remotely after it has been lost or stolen, there is still the risk that information has already been seen, copied and used for fraudulent activities. Breaching the Data Protection Act will result in hefty fines that can put pressure on the company’s financial position, and it may also damage the most important thing – its reputation.

A BYOD policy will also create new issues for the IT Service Desk. IT engineers who are not familiar with these devices and the operating system they are working on will have to get some training, or more often than not, self-train in order to be able to support them. It takes time to learn new things and create knowledge-based documents for everyone to learn from, and the initial unfamiliarity with the systems might slow down incident resolution rates. Analysts might also get a number of calls regarding things that are out of their remit, such as ‘How do you turn this thing on?’ or ‘I need to download this app…’. All these things will affect the level of service and therefore any metrics, Key Performance Indicators or Service Level Agreements will have to take this into account.

On the bright side, this is also a good opportunity for IT staff to learn and practise new skills, get to know new systems and make their work more varied. It will ultimately increase their expertise and value.

Generally speaking, it is a good idea to introduce BYOD slowly by starting from one feature in particular. For instance, at the company where I am working in a managed service environment, it was only applicable to email on iPhones and iPads. Documents can be read and sent but not saved or modified on the device. Now that this project has been rolled out, gone live and is running smoothly, we are planning to allow document editing on the devices, once we have come to terms with the security concerns.

Companies shouldn’t avoid BYOD policies just because of the technical complexity or security issues involved. The advantages they can enjoy may outweigh those: BYOD creates savings, as less company-approved phones and laptops have to be purchased for employees; increases productivity as professionals are able to easily work on-the-move and while they are away from their office, for instance visiting a client’s site; and gives employees the chance to take on emergency work and answer urgent emails at any time of day and night and from anywhere.

Why is it that certain sectors are so attracted to the prospect of being able to use their own devices for work? In the financial sector in particular, it is not difficult to guess – so many professionals work nearly 24/7, hardly ever switching off. Their personal and professional lives are intertwined and it is a nuisance for them to have to carry around: a personal mobile phone for personal and work-related calls; a work mobile phone to check emails on-the-go; a company-approved laptop to work from a different office or the train; their personal tablet to show clients presentations. If they can have all-in-one on their personal phone or light-weight and easy-to-carry tablet, it makes life much easier for them.

In the future, BYOD is likely to increase, and we might see some environments entirely populated by employee-owned devices, though this is more likely to happen in start-ups and small organisations rather than medium and large-sized companies. There is also an argument that BYOD is driving Cloud services, as the latter represent a more secure way to manage data without taking the risk of saving it onto devices that can be stolen, lost and hacked.

All in all, BYOD can bring many benefits, but needs careful planning and security measures to be adopted correctly. A policy where employees can use their own devices for work purposes should serve as a way to improve productivity. It shouldn’t be an excuse for people to shun secure and approved devices and use expensive and sexy new gadgets just for the sake of being on trend, putting security and efficiency at risk.

Nick Fenton, Team Leader
This article has appeared in the July/August edition of FSTech – Financial Sector Technology: http://www.fstech.co.uk/Digital_fstech/pdfs/digital_fstech_july_aug2012.pdf

BYOD brings on new issues and chances for IT Support staff

With growing pressure on the IT Service Desk to allow the use of tablets and smartphones for work purposes, it is important to understand how this will affect the IT Support function and the metrics used to evaluate its efficiency.

Perhaps surprisingly, demand for Bring-Your-Own-Device (BYOD) tends to come from Senior Management and C-executives rather than from the more tech-savvy ‘Generation-Y’. These types of users are strongly attracted by new devices and find it easier to work directly from their personal equipment rather than carry around a corporate-approved laptop and phone.

But end users are sometimes unaware of the technical and security issues involved in a BYOD policy.  First of all, if their expensive smartphones and devices are stolen, lost or hacked, the information stored on or accessible through them is at risk, which could result in hefty fines and loss of reputation in the case of a Data Security Breach.

Secondly, BYOD can create new issues for the IT Service Desk. There may be an increase in the number of incidents IT staff will have to deal with, as engineers might not be familiar with the devices and could require additional training. Also, analysts might have to deal with a number of calls that aren’t necessarily relevant to their role, but they are still expected to answer, such as how to download an app or change the ringtone.

These issues will potentially slow down incident resolution and increase the volume of incidents, affecting service levels and therefore any Key Performance Indicators or Service Level Agreements that are in place.

Of course there are also advantages to BYOD: IT analysts can enjoy a more varied environment and get the chance to learn something new. The newly acquired skills will add to their experience, making them more valuable as professionals.

Nick Fenton, Team Leader

This piece appeared in the Summer edition of IT PRO Quarterly Report

The Post-ApocOlympic IT scenario: scalability, mobility and security

The Post-ApocOlympic IT scenario: scalability, mobility and security

As organisations of all types and sizes prepare themselves for the Olympics as best as they can, there is still a lot of uncertainty with regards to not only what will happen during the summer event, but also what to expect from the aftermath.

Uncertain forecasts

The latest post-Jubilee figures, issued by Visit England, show that the Queen’s diamond jubilee celebrations have brought an estimated £700m boost to the UK economy; this amount being based on four million people who took overnight trips, spending an average of £175 each. With the Olympics expected to attract an even bigger crowd to London for up to two weeks or possibly even more, it is difficult to foresee what effects there will be on UK businesses, let alone how they will be affected afterwards.

The Bank of England believes that the struggling UK economy will receive a boost that could spell the end of the double dip recession, with an expected output of around 0.2% higher in the third quarter than it otherwise would have been. But others are not so optimistic. Citigroup research based on data from ten Olympics held between 1964 and 2008 shows that there is a tendency for growth to rise in the six months before the tournament, but this is then followed by six months of much weaker growth which can start even before the Games begin.

How are companies preparing?

With so much uncertainty, organisations aren’t really sure how to prepare for all eventualities. Their business might increase greatly during the Olympics, creating a need for more staff, a stronger IT infrastructure and greater IT support to deal with the growth in demand; but they also need a level of scalability that enables them to go back to their previous size afterwards, or to accommodate for any long-term changes if their business finds itself deeply changed. A flexible and scalable IT system and IT support service is vital to keep companies working in a cost-efficient way.

This need for scalability and flexibility has also pushed organisations to try new ways of working, such as mobile and home working, allowing individuals to work around the summer events’ issues and reducing the need to travel into potentially congested areas.

The post-Olympics scenario

After trying mobile and home working during the Olympics, forward-thinking UK businesses might decide they want to adopt this as part of their longer-term IT strategy, finding it a cheaper, more efficient solution that allows them to scale up and down more easily. They will embrace desktop virtualisation to allow employees to work from their own PCs and laptops, and design BYOD (Bring Your Own Device) policies to use tablets and smartphones for work purposes.

This might be the start of a revolution. With the upcoming Windows 8 being able to run on tablets, these will become more powerful and users will be able to do more with them, such as access their familiar Office applications, which at the moment is not always possible. These touchscreen devices could replace mice and desktop PCs, and as users move towards using a single device, it might well be that they will only be using tablets in a few years’ time.

However, right now the tablet doesn’t meet most people’s requirements as an everyday work device: its screen is too small, touch keypads are not as accurate as a standard keyboard and it’s not ideal to quickly switch between multiple applications. It will probably be a while before tablets replace desktop PCs, but they are already starting to replace laptops for things such as working on-the-go, sales and giving client presentations.

New issues

With this new way of working, hardware is not a problem anymore – employees can use their own PC, laptop or tablet, or the company might just set a budget and let the employee choose which device to purchase. The problem, in this scenario, is data.

The data saved, transmitted and processed on employees’ devices is part of the organisation’s Intellectual Property and therefore has great value. How do you make sure that it is secure, managed appropriately and stored in a safe place? Even if virtual desktops allow users to work from their home PCs, you cannot be sure that they don’t store data on their machine.  And when cloud services are used, where is the company’s data kept – is it stored in a data centre in another country, where different laws apply with regards to data security and access? People are using cloud because it is cheap and easy, but it is often not secure enough. You need to wrap something around it to make it more secure.

Companies need to adopt appropriate security measures, such as network access control, strong policies for document management, and use of robust encryption technologies, so that even if data is stolen or accessed by non-authorised people, it cannot be read.

A new, post-Olympics culture

Working from home PCs, tablets and smartphones is a big cultural shift for many, and has to be supported by other types of behaviour-related change. All the security tools and policies in the world are useless without the appropriate security training; human error is the first cause of data security breaches, and if people don’t understand why they have to implement a certain security measure that will add time to their work, they will circumvent it.

So, as organisations evolve and adapt to more flexible ways of working, they shouldn’t forget the data. Hardware can be replaced, but can they afford to lose the list of their clients to their competitors? Organisations must make users aware of the responsibility this new-found work freedom allows. They, and not just the IT department, are now custodians of the data and responsible for its security so you have an obligation to make them aware of this.  Data security should be included in everyone’s induction training and the promotion of good practice should be a continuous feature.

With the Olympics and technology innovations pushing companies towards more flexible ways of working, the revolution may be coming sooner than we think. But it is important to understand that everyone needs to be ready, not just the IT department, in order for it to take place without the company incurring a new risk that may outweigh all the benefits.

David Tuck, Principal Consultant 

This article can be found in the July/August edition of London Business Matters (page 40):

http://www.londonbusinessmatters.co.uk/archive/2012-07/index.html

Disaster recovery and the mobile office

As we are all aware, today’s working culture has moved on from the traditional old 9 to 5 office work to a new concept where people are working flexible hours from flexible locations. As a consequence, both employers and employees expect more – in particular, the ability to work seamlessly from any device and from any location.

Technology advancements in telephony, collaboration tools, virtualisation, security and application and desktop delivery have enabled the ‘mobile office’ concept to be embraced faster than a speeding freight train. Adoption is also driven by the many benefits achievable through this solution – for instance, basing some staff at home can be used to reduce building and office related costs.

Relocating employees to work from their own desks using their own utilities can not only provide many financial benefits, but also allow avoiding issues such as transportation strikes and weather disasters, or the much-anticipated chaos during the Olympics and Paralympics.

But more strategically, when it comes to disaster recovery and business continuity planning, more and more companies are choosing to utilise the mobile or home office concept as a significant and vital recovery tactic. Dedicated workplace recovery services can be costly, and placing technology services at a designated workplace recovery suite will have an additional financial impact.

Similarly, if a company has multiple offices and the continuity plan states that a number of staff must relocate, for example, from the London office to the Birmingham office, then that number desks must be either kept available, which is costly, or the existing staff displaced, with a loss of function or productivity. Then, there is also the matter of a number of PCs to configure as well as the setting up of telephones and other equipment.

Basing or rotating technical support or business support functions at home can be a huge advantage when faced with a business continuity scenario. Home-based workers are less likely to be affected by denial of access issues such as high profile terrorist targets or threats, major city power failures, office fires or flooding. The first members of staff ready and waiting for services to be brought online to be able to work during an invocation are the home-based employees.

It is not all easy and straightforward, though: all devices used by mobile and home workers – mainly laptops, smartphones and tablets – have to be managed properly and securely by the company.

Policies, technology and management tools must be in place to block users from saving or transferring harmful data onto devices, and also to maintain client confidentiality and adhere to Data Protection regulations as well as contractual obligations to customers, whilst still allowing staff to seamlessly access applications and data stored within the corporate network.

The tools already exist to support businesses to remotely manage, secure or wipe devices, remotely activate device services, and to create and manage their own security policies – whether those policies are corporate ‘end-user acceptable use’ policies, or technology enforcing policies such as disallowing ‘Copy & Paste’ between devices or disabling printing or screen capture.

Fortunately, thanks to new technologies and industry best practices, the tools to achieve business continuity and to make a full recovery after a serious incident are all quite easily available. If the company’s disaster recovery and business continuity plan covers the mobile office service as well as any physical offices, the chances of a successful recovery and return to ‘business as usual’ are vastly improved. Moreover, there may be an advantage to be won over competitors going through the same issues, as well as reputational and credibility gains.

The key to any mobile office solution is resiliency and planning. It is vital that considerable thought, planning and design for the mobile office service is placed at the forefront of any disaster recovery environment and business continuity plan, to provide resiliency and contingency for the mobile and home-based workers in the event of technology failure, office inaccessibility or other unplanned incidents, as these employees may be the key to providing rapid continuation of business services in the most productive, seamless and cost-effective manner.

Jennifer Norman, Technical Consultant

This article was written for Contingency Today:

http://www.contingencytoday.com/online_article/Disaster-recovery-and-the-mobile-office/3464