Navigating the Minefield of Mobile Technology Purchasing

Tuesday, July 10, 2012

Patrick Oliver Graf

E595c1d49bf4a26f8e14ce59812af80e

Every IT purchase decision compels an organization to confront the diverse, often conflicting, needs of the various departments and functions within it.  

When it comes to mobile and remote technologies, this becomes even more complex as seemingly conflicting ideas — often anchored in control versus access — demand consideration.

With over 70 percent of companies planning on hiring remote independent contractors in 2012, making purchasing decisions around this have become an inevitable reality of today’s workplace.

At the heart of such matters, is the seemingly inescapable tug-of-war between financial and technical considerations, complicated by end-user demands and departmental politics. But does it have to be this way?

Let’s play the old game of putting ourselves in the other’s shoes to understand, fully, what the trade-offs are for both sides and why there’s no right or wrong way to weigh these.

First, let’s start with the scenario of purchasing remote access technology for your company, looking first from the perspective of IT administrators, who typically  want an easy-to-deploy, manageable solution — even if that means spending slightly more.

Why?  With a remote access solution that requires a labor-intensive rollout, each device on the company network will probably need to be installed with proper software. This means it’s not just the cost of the solution that needs to be considered, but how much time and money will be spent on documentation.

Keep in mind that in BYOD cultures, the rollout means that IT needs to first work with HR to develop a protocol for which personal devices can and cannot be used for work. Then, IT needs to set up time with each individual employee within every department, usually coordinated with department executives and HR, to both install the software and train employees on how to use it.

And in many cases throughout this process, the IT administrators know they are arming colleagues with a double-edged sword, simultaneously giving them the power to work remotely and to compromise the security of the company through misuse.

Today nearly every proactive solution brought forth by IT gives other employees new ways to screw up. In fact, a recent Gartner report predicts that in a few years IT departments will not be able to keep up with the different ways in which employees can compromise data security.

From finance’s perspective, costs go far beyond the upfront price of the solution. The actual cost of a device is not just the sticker price, but also employee training and documentation costs, to name a few. To remedy this, finance might consider imposing limitations on the number of employees who can participate in remote access or mobile working.

Then there’s the inevitable end-user consideration. When traveling or accessing the server from home, the last thing employees want to worry about is a complex sign-in and security process with their VPN. However complexity is often a primary safeguard for network security.

This dichotomy leads to two unfortunate results. The first is an increase in help-desk calls, frustrated employees inquiring how to use the service designed to make their lives easier. The second and more dangerous from a security perspective is the tendency for employees to turn to workarounds. Instead of taking the time to learn the new system, they might turn to free consumer-based remote desktop or file-sharing solutions, exposing the network to a plethora of potential vulnerabilities.

Security executives are going to attempt to implement restrictions right through the software itself.  Internally, other IT colleagues will also look for workarounds in order to minimize the amount of time they need to spend on helpdesk calls and configuration. And, again in a vicious circle, there are the end-users themselves- employees from all other departments who will raise concerns that remote dial-ins are too slow or complex, or that the solution is not flexible enough to meet their particular job needs.

Finally, there is the always looming issue of intra-office politics. Like other IT tools, most remote access solutions come with a certain number of centrally administered functions that allow IT to set protocols and permissions for individual employees or departments. 

For example, sales teams are privy to access the server remotely under some circumstances, whereas marketing is privy under a different set of circumstances. The difficult part about this is, it quickly becomes known throughout the office that IT is acting as a gatekeeper, barring some employees from certain information while allowing others greater access.

A sales representative might ask to be granted full remote access even before the solution is fully up and running in order to close a deal. Customer service might question why other departments are allowed to work remotely before they are.

In all organizations, there is a constant struggle between satisfying the technological needs of workers, while also maintaining an adherence to compliance and security. Remote access represents the next major iteration of this battle.

When selecting new solutions to help the office run more efficiently, the decision and deployment process should take into consideration these particular pain points. In today’s office, IT is not a medical kit or a gatekeeper. Instead, IT is a facilitator of the best working experience possible, which now includes whether or not the employee, or entire department, even needs an office at all.

The end-user isn’t just a passive recipient of technology and financial considerations exceed initial cost points. But this complexity also means there’s far more overlap between the pain points – and how to solve them – across an organization. Sometimes it’s this understanding that can transform a minefield into a cake walk.

Originally posted at Business 2 Community

Possibly Related Articles:
13450
General
Hardware
Compliance Enterprise Security Budgets Mobile Devices Vendor Management Hardware Information Technology Policies and Procedures BYOD
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.