A Vodafone White Paper - Executive Change Group

Secure mobility for efficient, effective working


A Vodafone White Paper

A Vodafone White Paper


Always-on productivity The reshaping of the economic landscape and the renewed focus on productivity and costs, has had a major impact on business. It has lead to some major changes being experienced in the workplace, most notably around mobile and flexible working practices, which are being widely adopted by organisations of all sizes. The move is being driven by market pressures, but also by changing workforce demographics, employee expectations, and the arrival of new enabling technologies. It is now not uncommon for employees to want to work beyond the office and outside the traditional 9 to 5. As a direct consequence, business has become wholly reliant on the availability of fail-safe and secure data communications channels and voice networks. To ensure maximum productivity, workers need to be able to connect simply with colleagues from wherever they are, and be able to access online information securely while out in the field, just as easily as they do when they are in the office. They have to be able to do what they need, at any time, from any location, securely and without downtime.

Benefits and demands of new-style mobile working practices Whether it is in providing employees with anywhere access to customer records, enabling them to make a higher numbers of sales calls per day, or ensuring they have everything they need to make more right-first-time service visits, organisations of every size stand to gain once the workforce is mobilised. The flexibility of being able to connect wirelessly from a laptop or tablet, or use a mobile device or smartphone to collaborate over a cellular network, promises seamless and secure employee productivity. Currently almost 200 million workers worldwide are working this way, and Forrester Research expects that number to double by 2012 – by which time 75% of the global enterprise workforce would have been mobilised. One latest survey, entitled The Mobile Workforce Report 2010, reveals that 93% of business professionals now view mobility as essential. “Recent advances in sophisticated and affordable mobile devices, and faster connectivity have enabled employees to be far more effective and productive while on the move.” Email (85%), telephone (75%), text messaging (67%) and instant messaging (66%) are tools that all contribute positively to employee productivity, mobile employees believe. The survey also found that mobile employees are more likely to telecommute, with more than half working from home at least one day per week. This leads to direct cost savings, in particular those related to reduced travel and office accommodation, as well as helping support HR policies that promote a better work/life balance.

2 A Vodafone White Paper


Working with corporate data assets on the move An imperative for the IT executive is in developing an environment for business that is always secure, where information is always kept safe, and where data access and voice communications are always transmitted across the most cost-effective choice of network. It is not without its challenges. In a major study carried out for Vodafone and F-Secure by the highly regarded and independent Ponemon Institute, employee computing endpoints and wireless devices were revealed to be the most difficult business asset to secure. Among 488 highly experienced UK-based IT and IT security practitioners, some 59% felt their organisation’s security and data protection policies were not being strictly enforced in this regard. The research, which polled the practitioners on their perceptions about the technologies, controls and governance practices used to prevent enterprise security attacks and mishaps, revealed information theft or loss of data stands as one of the greatest perceived threats. This is especially true where the data and the data users are constantly on the move. This stands as a major issue for them, because IDC estimates that 70% of enterprise information now resides on mobile devices and, as a consequence, corporate data has become as mobile as the corporate workforce. Security advances have been made in this arena, however, and Ponemon found that security practitioners regarded mobile security technologies as highly effective. Indeed, they are considered to yield greater prevention value than many of the legacy information security systems that have been deployed in the past, and currently reside on networks or are embedded in enterprise systems. Anti-virus and anti-malware on mobile devices, encryption for data on mobile devices, mobile device data loss prevention, and wireless mobile device security are all regarded as high-impact solutions that produce a high return. They are considered inexpensive in terms of the cost per user, node or endpoint; the technology is effective at stopping threats and/or attacks; and the deployment of the technology is not difficult, and requires few resources – especially where it is deployed as a managed service.



A secure strategy for business mobility Jonathan Rutherford, Vodafone UK Safeguarding data in the mobile environment has never been more important. Malware has become a persistent and pernicious problem. There has been a rapid growth in cyber crime. There is also the very real problem of people losing a business ITC device such as a smartphone, laptop or a USB memory pen with sensitive data held on it. On that note, regulatory bodies like the Information Commissioner’s Office in the UK can now impose fines of up to £500,000 on organisations that fall foul of unsafe data management practices. These are some of the reasons why data access controls and information security policies have become central tenets of today’s enterprise IT strategy. The common approach of locking down the business behind a firewall certainly helps ensure security. The objective is to block all movement of enterprise data beyond the secure network perimeter and so prevent information leakage and the likelihood of data loss. Nobody can argue with its effectiveness. Locking workers into safe but inflexible procedures can be to the detriment of employee productivity. However, policies and procedures that limit access to information from outside of the enterprise firewall, which protect devices from malware by limiting their usability, or enforce rigid security policies at the expense of the user experience, can sometimes hinder productivity. They will certainly hamper flexible working. Without open policies, supported by latest technologies, the flexibility of mobile working practices is significantly reduced, impacting directly on the effectiveness of employees and overall business efficiency. There are new more productive and highly secure options designed for mobile working, which allow many more freedoms. These options provide secure remote connectivity, will automatically enforce access policies before allowing connection to the corporate LAN (across the lowest-cost communications route), and offer protection against all known and some unknown types of malware. As such, these solutions are ideally suited to remote workers and mobile employees who need to retrieve email or access corporate resources and applications. Employees can use web-based intranet applications from any public or personal computer. The system will automatically enforce the launching and establishment of a VPN connection back to the office whenever the PC connects to the Internet. It will prevent the user from obtaining unrestricted access to the web, and can fire up a personal firewall and additional security software to enforce access policy and filter content. Such services give remote and mobile workers the flexibility they need to remain productive wherever they are and whatever the time of day, effectively helping transform dead minutes spent on the road or in the field into productive time spent on business.



Towards a smarter world of work With so many employees beginning to use their own personal devices or self-provisioned mobile units for business use, another important aspect of any mobile security solution is device agnosticism. Unlike the fairly homogenous PC world, there is significant heterogeneity in smartphone and mobile platforms and a one-size mobile security solution may not fit all. In one poll by IDG, which surveyed almost 400 security and IT decision makers about the creeping consumerisation of enterprise IT, a quarter of companies were found to allow their employees to use their own PC or mobile phone for work purposes. It was also revealed that in 60% of organisations, employees now have a say in which smartphones their enterprise will support, and at 20% of firms, they get to decide what unit they actually prefer to use. Just over half of companies look to employees to provide input on or make decisions about their use and deployment of netbooks, while slightly fewer involve staff in decisions about desktops. The survey revealed that more than 75% of security and IT leaders believe this ‘enterprise consumerisation’ trend is causing a fundamental shift in how organisations evaluate and purchase their security provisions. In short, employees are demanding mobility and collaboration tools in the workplace to match the ones they use in their personal lives. Most notably, they want to access social networking sites from their mobile devices. This is important to them because many employees believe the use of smartphones and social media together helps increase their productivity. However, left unmanaged this trend can also pose some new potential security risks. This is because such sites have fast become a hotbed for cyber crime. In addition, they have become a potential gateway for malware and there has been an alarming development in viruses, worms and botnets in recent years. The pace of infection is disturbing, as the distribution of malware on social networking sites only first occurred in small amounts towards the end of 2007. Similarly, malware has not until very lately taken hold of mobile devices, chiefly because they have been limited in their functionality. But with the current generation of devices, which incorporate many of the same characteristics of desktop PCs and which can run many of the same applications, they have become more susceptible to potential malware attack. The size of the potential problem can only be expected to escalate. Smart devices are becoming truly ubiquitous in business life. Analysts forecast that hand-held data will grow in volume by 22% in 2010, as the numbers double from 18 to 36 million by 2012. Left unchecked, this could expose an organisation to incremental and unacceptable levels of risk, downtime and lost productivity. Put to work properly however, with a strategy that balances security and control with the freedom to work in progressive and productive ways, smart devices and flexible working will lead to smarter work practices and more profitable business.



Business benefits of business mobility Development of a more open approach to mobile security can become a key enabler of flexible working. It will: • Empower staff to work effectively with business information assets through secure remote access • Meet end-user demand for technology that helps them do the jobs they need to do • Allow staff to use any choice of preferred productivity device for work • Help continuously secure employee data use and maintain the security status, whatever the user case • Help establish appropriate security measures, which meet regulatory and compliance obligations but do not suppress productivity.

The business value of cost-assured mobility The deployment of enterprise mobility solutions can be done at fairly low cost, and will quickly produce modest ROI. Tightly run and well-managed deployments, where full use is made of automated systems management tools, services and solutions, means an enterprise is able to fully optimise costs to drive maximum value out of their investment. This is important because during the past five years, enterprises have seen their wireless costs increase 20% to 35%, even as wireless service costs continue to decline. When they are out and about on business, employees will rightly consider a charge incurred for mobile broadband or usage of hotel Wi-Fi as a legitimate business expense. The problem for business managers is that mobile workers do not always opt for the cheapest option. Solutions available on the market that offer connectivity management and least-cost routing policy enforcement offer organisations genuine cost benefits, in this context. Because they can be configured to always direct remote access across the most costeffective data communications channel, they help business managers optimise the overall cost base while maintaining productivity levels of individual employees. As well as cost avoidance, adoption of such a solution can help businesses drive real gains in operational efficiency and enhanced productivity. One case in point is that of Harvey & Thompson, a business that found it was able to mine new seams of profitability with a business mobility initiative in support of its new line of high street gold exchanges.



Accelerating time-to-value with mobility When Harvey & Thompson, the UK’s largest pawnbroker launched a new line of business and opened mobile units in shopping centres where consumers could exchange cash for gold, it needed to minimise administration by giving staff secure, rapid remote connectivity to the company network. It deployed Vodafone Secure Remote Access (VSRA) enabled laptops to provide its workers with easy-to-use, cost-effective connectivity for email, data entry and Internet access. The company was quick to realise the benefits of the deployment: • Faster data analysis allowed the business to react speedily in the marketplace • Mobile connectivity increased profit and agility • Secure remote access ensured regulatory compliance • Ease of use increased productivity and promoted efficient customer service. With VSRA, rather than spending time writing paper receipts and sending them to the office, staff can enter them directly into the POS system, where they instantly become available for processing and reporting by accounting staff. By cutting out time-consuming paper-based processes, the accounts team can process orders faster. In the words of Dave Parry, Head of Operations for H&T’s new Gold Bar business unit, “The paper-based system was creating around 80 extra hours work a week, so we were looking at taking on more accountants to handle growing sales. By implementing VSRA we’ve replaced manual data entry with swift, secure transfer of data from all 65 units. As a result, our accounts team is more productive and the speed at which we process information has significantly improved.” The business reckons the reduced administration time has saved it £40,000 in recruitment costs, as it expanded its new line of business. For Andrew Lawrence, IT Manager at Harvey & Thompson, there have been additional benefits. “We discovered that VSRA could be used to roll out secure mobile broadband connections from the Gold Bars through our VPN client to our WAN. VSRA features an intuitive user interface that makes it simple for users to establish remote connections. VSRA continuously monitors hardware and software inventory, connectivity options and security applications, and gives us simple, effective control over policies for end users. Full disk encryption and media encryption help protect the company’s laptops and data in case of loss or theft, and also proves that our mobile data is encrypted, enabling us to demonstrate regulatory compliance.” Secure mobile working has given Harvey & Thompson the agility to pursue a lucrative new revenue stream, using VSRA to expand the business line rapidly to take maximum advantage of its latent profitability.


© October 2010. Vodafone Limited. Vodafone and the Vodafone logos are trademarks of the Vodafone Group. Other product and company names mentioned herein may be the trademarks of their respective owners. Vodafone Limited endeavours to ensure that the information in this document is correct and fairly stated, but does not accept liability for any errors or omissions. Vodafone Limited Vodafone House, The Connection, Newbury, Berkshire RG14 2FN vodafone.co.uk Registered in England No. 1471587 TT XX/XX