Monday, August 2, 2021

Smartphones: Business Tool and IT Burden

Jim Linn, IT director at the American Gas Association in Washington,

D.C., knows the benefits of smartphones that offer voice and data

functionality.

But he also knows the risks.

Like many of his colleagues, Linn is worried about the liability of data

loss or corruption if users send and receive corporate emails over their

cell phones and handhelds. ”I know there’s a need for mobile devices and

I want to meet that need. But my feeling is that I’m ultimately

responsible for the data going back and forth over anything,” says Linn,

who oversees the network for the energy trade association, which serves

195 local utility companies.

To that end, Linn has told employees they only can use company-managed

BlackBerry devices to access their corporate email. The approach has been

successful as 60 of his 80 users have Research in Motion BlackBerrys that

they use regularly. ”It’s one of the most amazing productivity

boosters,” he says.

In fact, Linn says that the devices offer more than just voice and

e-mail, they also give users remote and synchronized access to their

contacts and other important data. The management of smartphones is just

one more headache for already overloaded IT staffs.

But not managing them opens IT teams up to tremendous risks.

Linn says he chose the BlackBerry phone and PDA combination devices

because he could control and secure them at every level using the

accompanying enterprise server platform. With the server and device

linked so tightly, Linn says he is confident that data, including

customer information stored in contacts databases, is not comprised.

”When you have wireless devices of any kind, you open yourself up to

security risks. At least I know with the BlackBerry that I can control

that risk,” he says.

In fact, if one of the devices is lost, Linn immediately, and remotely,

can lock down that device and erase it so others can’t access the

information stored on it. He also can make sure the device software is

updated regularly and that messages are encrypted.

Taking no Chances

But Tom Gonzales, senior network administrator at Colorado State

Employees Credit Union in Denver, Colo., is not convinced.

He is opposed to the use of smartphones and handhelds for any corporate

information. In fact, Gonzales only uses his Blackberry to receive pages

that tell him to log on to his company mail through the VPN. ”I don’t

believe you should send anything more than what you’d write on a postcard

across [smartphones],” he says.

Gonzales adds ”all data has to be protected and respected.”

As an IT pro for a financial institution, he says he is working under

regulations such as the Gramm-Leach-Bliley Act. ”If you lose your

[smartphone], you could give away your recently called list, which might

have confidential customer information,” he says.

Instead, Gonzales has each of the 230 employees at the credit union sign

a mobile electronics policy agreement that states the strict rules

regarding company data, including a rule that mandates that no credit

union member data can be sent over an unencrypted voice or data line.

”We let them know the high numbers of cell phones and PDAs that are

stolen or lost in taxis and elsewhere,” he says.

Gonzales says it’s important to explain to users in a clear policy why

the restrictions are in place. ”Otherwise, there’s no recourse to take

action if phones and PDAs are being misused,” he says.

Randy Giusto, group vice president for clients and mobility at the IDC

research firm in Framingham, Mass., agrees that setting policy is key to

protecting company assets. Traditionally, companies have worried more

about PC risks, he says. ”It’s a good practice for the IT organization

to create policies as small mobile devices do pose threats,” he says.

Because ”the corporation owns the customer names and addresses in those

devices,” they have to be protected like parts of the network, he adds.

Brian Schwartz, a technology specialist at CDW Corp., a provider of

technology services and products in Vernon Hills, Ill., says the policies

that IT creates should include tips for users.

”If they lose their phone or data device and it contains sensitive data,

they need to alert their IT administrator right away,” he says.

Schwartz adds that IT should use every security option available in their

tool box.

For instance, ”To make sure that important information is saved on

smartphones, they should use the setting that allows e-mail to be deleted

on the phone, but retained in the corporate server where it can easily be

archived and restored if the phone is damaged or lost,” Scwhartz says.

This also helps with compliance mandates, he adds.

Overall, Giusto is seeing companies turn away from supporting mobile

devices as the support and maintenance is too time-consuming. ”Who’s

going to integrate a Treo or some other device into the back-end

[enterprise mail] servers? Users can’t do that on their own,” he says.

He adds that IT organizations have to be savvy about the devices being

used in the network. ”Not only do they have to lock each device down and

know what data is on them, but they have to be able to identify them and

update them. That’s a huge cost in time and personnel,” he says.

”IT managers do need to make sure that devices have the latest

software,” says CDW’s Schwartz. ”It is very similar to patching PCs or

updating anti-virus definitions.”

Linn is all too aware of all of these burdens on IT.

”I wouldn’t want to be in an environment where people can bring in

whatever they want. We have enough responsibility in managing what we

have,” he says. ”That’s why I recommend picking one device or family of

devices and sticking to them.”

Similar articles

Latest Articles

Data Belongs in the...

In 2012, IBM made an oft-quoted claim that 90 percent of the world's data has been created in the last two years. They grossly...

Google Cloud Rolling Out...

WASHINGTON, D.C. — Google Cloud is helping the government sector with zero trust. The set of services are designed to help U.S. federal, state, and...

CFOs Committing to Digital...

STAMFORD, Conn. — More CFOs are planning to increase their spending on digital than any other part of the business in 2021. Eighty-two percent of...

SAP and IBM Partnering...

WALLDORF, Germany and ARMONK, N.Y. — SAP and IBM are working together to help financial institutions accelerate cloud adoptions and “modernize operations.” SAP plans to...