Remote Control: Managing mobile workers

Mobile devices make working far more flexible, but they also represent a challenge for IT managers.

Mobile devices may be the worker's best friend, liberating them from the desk to operate wherever and whenever they want. But they are also the IT manager's worst nightmare. Keeping a desktop computer in your office secure, particularly before the age of the Internet, was more a matter of ensuring nobody broke in and stole it. Now, however, the device could be anywhere, and potentially in transit between places. In this feature we look at how you can keep your mobile workers' devices protected, so they can remain productive. 

Advertisement - Article continues below

The most obvious challenge with a mobile device is that it can be mislaid or stolen much more easily than a system kept permanently in the office or at home. This can potentially mean the loss of important or even mission-critical business data. Login security policies are a must, but a corporate-grade system that requires this before devices can be accessed is optimal. Even better are devices that incorporate biometric security such as a fingerprint reader. Some Intel-based notebooks will incorporate a Trusted Platform Module chip to provide security at the hardware level.

Although a TPM is not an absolute necessity for this, it also goes hand-in-hand with BitLocker Drive Encryption, a feature that has been available on Ultimate and Enterprise editions of Windows Vista and 7, and now with the Pro and Enterprise versions of Windows 8. BitLocker allows the securing of entire volumes using 128-bit or 256-bit AES encryption, so they can't be accessed even if removed from a password-protected system.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

Of course, passwords can keep legitimate users out of a system as well. A system secured with a password stored in a TPM does not have a back door, and if its hard disk has been encrypted with BitLocker, that probably won't be accessible ever again if the password is lost either. So system administrators must ensure they maintain a method of access. Biometrics are obviously tied physically to specific employees, too, so there needs to be policies and systems in place to cater for when an employee leaves the organisation.

If you don't want to go all the way down the BitLocker route, Windows NTFS volumes have had a less global encryption ability available for years. This is a simple checkbox in a folder's properties, and means that folder will only be accessible to the user who enabled it. The folder will be inaccessible to another user, or anyone who removes the storage in an attempt to access the folder externally. This more limited encryption can be used to keep important business data out of the wrong hands in the case of loss or theft, but limits the impact of the user forgetting their security details. 

The situation has been considerably complicated by the trend towards Bring Your Own Device (BYOD), however. This is where your employees have the option to use their own smartphones, tablets and laptops. Whilst this has been shown to make for happy employees, the devices are likely to be much more difficult to secure and manage due to their heterogeneous nature.

Advertisement - Article continues below

At the very least, employees should be trained to secure their mobile devices with a password or lock code, and one that doesn't make life easy for any unwanted recipients. Remembering passwords is a bane of modern life, but a worrying number of people use this as an excuse to use passwords that are trivial to guess, like 1234 or "password". Employees need a small amount of training here. Pin numbers based on phone numbers that you still remember but haven't been in service for a while can be a good compromise. For a text password, taking the first letter from each word in a memorable phrase will produce a string that will look like random gibberish, but will be easy to recall.

Advertisement
Advertisement - Article continues below

Unfortunately, though, BYOD will often limit how much further you can go with centralised protection. If employees are using their own non-Windows devices, they may not have equivalent encryption. Mac OS has offered FileVault since Panther 10.3, with version 1 allowing encryption of the Home folder, and version 2 introduced with OS X Lion enabling encryption of the entire boot drive in a similar fashion to BitLocker.

However, Google Android-based phones and tablets, and Apple iOS devices, don't have folder encryption built in as standard. Instead, an app like Find My Phone could be used to locate a lost phone or tablet. This also offers a Lost mode which lets the device be permanently locked, whilst the Windows Phone version even lets you erase the contents remotely. Although the threat from traditional viruses and malware is not particularly great for iOS and Android devices, there have been cases of infection, and anti-virus software is available for both. It's still an essential utility for Windows systems.

Advertisement - Article continues below

On the other hand, when your workforce is operating primarily on Windows, their systems can be remotely managed even when they are not on the local network. A Windows 8 tablet is still running Windows, so can be brought within the same auditing and updating policies as Windows desktops in your office building. It can even be configured to accept remote desktop connections, for direct administration. But part of the lure of BYOD is the ability to use the latest non-Windows device, which will entail other methods for keeping control of your remote workers.

Perhaps the most foolproof way to keep the data of any of your remote workers secure, no matter what platform they are on, is not to have it stored locally on the mobile devices at all, or at least not exclusively. Keeping data in the cloud reduces the importance of the device itself. A commercial or private cloud-based system can be used either as a backup or main storage, although the latter means your users will need Internet connectivity whenever they want to access their data, which can cause restrictions. But there are numerous commercial cloud services that could be used, such as Google Drive, Dropbox, Windows Live, and SugarSync, or you can use a corporate private system such as HP Cloud Objects.

Advertisement - Article continues below

One step further is to use the mobile device as merely a window on services that remain hosted on your corporate local network, using a VPN. This is even built into Windows, since version 7, via DirectAccess. Corporate LAN resources available via DirectAccess will become available automatically whenever an adequate Internet connection is made, although once again this system is only available for Windows devices.

The mobile revolution may have brought with it considerable headaches for systems administrators. But the benefits for flexible working far outweigh the difficulties. The problems may be significant, and could cause interruption to productivity if not managed adequately. But ensuring your workers keep their devices password protected, encrypt any sensitive files, and keep mission critical documents backed up in the cloud will mean that their remote activities remain under control.

For more advice on transforming your business, visit HP BusinessNow

Advertisement
Advertisement

Recommended

Visit/business-strategy/mergers-and-acquisitions/355181/xerox-officially-calls-off-hostile-pursuit-of-hp
mergers and acquisitions

Xerox officially drops hostile bid for HP amid coronavirus crisis

1 Apr 2020
Visit/business-strategy/mergers-and-acquisitions/355117/hp-uses-cover-of-covid-19-to-shut-the-door-on
mergers and acquisitions

HP claims Xerox takeover would be "disastrous" during coronavirus crisis

26 Mar 2020
Visit/hardware/laptops/354872/hp-elite-dragonfly-g1-review-an-enterprise-essential
Laptops

HP Elite Dragonfly G1 review: An enterprise essential

27 Feb 2020
Visit/business-strategy/mergers-and-acquisitions/354854/hp-plots-16bn-stock-buyback-as-xerox-takeover
mergers and acquisitions

HP plots $16bn stock buyback as Xerox takeover threat looms

25 Feb 2020

Most Popular

Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/data-insights/data-management/355170/oracle-cloud-courses-are-free-during-coronavirus-lockdown
data management

Oracle cloud courses are free during coronavirus lockdown

31 Mar 2020
Visit/business-strategy/flexible-working/355186/why-were-lucky-covid-19-has-come-now
flexible working

Why we’re lucky COVID-19 has come now

3 Apr 2020