Rogue user problem persists

Users are driving much of the mobile/wireless innovation in the enterprise, which can cause security, support and management problems, according to speakers and attendees at Computerworld's Mobile & Wireless World conference here in Palm Desert, California.

"Innovation comes from the edge, not the center," said technology journalist and Computerworld columnist Dan Gillmor in a keynote speech yesterday. But when that innovation involves devices or applications not sanctioned by company IT departments, problems can arise.

"The problem of rogue employees is maddening. It'll drive you crazy," said Marc Simms, director of IT at Shared P.E.T. Imaging LLC, after Tuesday's presentations. Simms didn't speak at the conference but was on hand to accept an award for Best Practices in Mobile & Wireless.

Simms is part of a small IT support team that serves 110 employees at the Canton, Ohio-based company, which provides medical scanning services to hospitals. Shared P.E.T. ran into support problems when users began bringing in their own mobile equipment. "They were bringing their own laptops in, their own handhelds, different types of PDA devices," he said. "It became a support nightmare."

He solved the problem by defining user requirements and working with the company's hardware supplier, Dell Inc., to standardize company equipment to meet those requirements. In the process, he provided workers with wireless access, which quickly raised the issue of security. Simms said he dealt with security concerns by using FireTide Inc. mesh networks, which use proprietary technology to "lock in" network devices so that they communicate only with one another.

Larger companies deal with the same problem. Colin Seward, an IT manager at Cisco Systems Inc. who spoke at the conference, said his company has launched a program called Cisco Pocket Office Services to manage different kinds of mobile devices. Cisco "recognized that we had to support these devices (because) they were just coming into our organization anyway," he said.

Cisco Pocket Office Services certifies what devices are supported and requires users to register them and agree to conditions for terms of use. It also provides remote management of the devices, including software upgrades and security services, as well as the ability to block network access for those that are lost or stolen.

Richard Stone, wireless and mobility solutions manager at Hewlett-Packard Co., said IT managers all too often aren't proactive enough. Their attitude is, "Wireless is insecure, so we've decided to do nothing," he said. But users aren't standing still. One study, he said, found that two-thirds of mobile devices in a company were bought by employees, not the company. Sales statistics show that half of HP's iPaqs are bought through the retail channel, he said, and it's not uncommon for companies to see "unsanctioned wireless LAN connections popping up."

He said IT managers should "start making recommendations about the types of devices you're going to support" and the types of applications. "Start to set standards today," he said.

Beyond that, Stone said, IT managers should sniff out unauthorized networks and shut them down or show users how to set them up properly. "You can't decide to do nothing any longer," he said.

Proactive steps are needed now, he said, because the benefits of introducing mobile and wireless technology are "compelling." He described an HP program to equip 1,200 customer engineers with notebooks, wireless cards and wireless service. The company estimated that the project would provide a return on investment of US$2.1 million, but the actual ROI turned out to be $8.6 million.

Others echoed the benefits of wireless technology. Bruce Winters, an executive at PricewaterhouseCoopers, said during a panel discussion that his company experienced "very large productivity gains" with wireless technology used for on-site customer visits and for in-house workers. High among those gains was the ability to deliver software applications remotely.

Fellow panel member Tom Dillon, a senior manager at Hilton Hotels Corp., said wireless technology allowed the company to offer kiosk services to guests and increase customer loyalty, a benefit whose value is hard to measure but is obvious nonetheless.

Benefits may not always be clear-cut, "but you just know mobility is valuable," said panel moderator Carl Zetie of Forrester Research Inc.

It's balancing that value with the risks imposed by rogue users that gives companies fits, said conference attendee John Burgueires of Toyota Motor Sales USA Inc. He pointed to another impediment to widespread wireless adoption: budgetary constraint.

"Budget trumps technology," said Burgueires. IT managers may recognize that "there's a zillion things that should be done, but do you have a budget?" Budget priorities are often set by higher-ups, who may not be as connected to what's actually needed on the front lines, which is why mobile/wireless innovation often comes from users at the fringe, without IT supervision.

"That's why with any kind of emergent technology, companies don't want to pay for it" until the technology is totally mature and has proven itself, he said.

Burgueires said the period between when fringe users introduce unauthorized devices and applications and when they are officially sanctioned, paid for and managed is when security and management problems can plague IT managers.

So what can be done to address the problem? It's almost a universal issue, he said, and no one has a magic solution. "You just kind of muddle through."

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place

[]