By Will Sturgeon, 10 January 2005 16:35
NEWS The number of employees returning from Christmas with new mobile devices has given IT managers across the UK a New Year headache they could have done without.
Many of the mobile phones, laptops, PDAs and MP3 players unwrapped around the Christmas tree will inevitably find their way into workplaces, connecting with the network and synching with their desktop.
And it appears more than a few employees doing so will require help from their IT department. According to independent research conducted on behalf of O2 only one in four companies have a formal policy in place to control the use of mobile devices in the workplace and IT managers are losing one working day per year to supporting personal devices.
Unsurprisingly the majority of IT managers (79 per cent) believe mobile device support disrupts the regular and intended services of the IT department and yet almost the same number (76 per cent) say they have no formal policy in place.
PDAs are the most common personal device to enter the workplace - affecting 79 per cent of businesses. iPods have been cropping up in increasing numbers and are now actively used in 29 per cent of businesses. Personal smart phones are used in 35 per cent of organisations and eight per cent of businesses have even seen staff provide their own Blackberry devices.
Such figures likely only indicate what the IT manager knows about - many mobile devices within an organisation exist below the radar.
Most companies agree that greater mobility and the freedom created by the current range of devices is a boon to staff and the business itself, but these findings reveal the need for the process to be managed effectively.
Hugh Griffiths head of data products and services at O2, said companies need to recognise that their staff are now 'voting with their gadgets' and rather than resist they must enable the move to mobile more responsibly.
"We hope IT departments recognise this obvious pent-up demand for mobile devices from users and better manage the issue of mobility within their organisation," said Griffiths.
By adopting a 'turn a blind eye' approach to managing such devices companies "are not exploiting the full potential of mobile devices, which ultimately can help people do their jobs more effectively", he added.
But even those companies with policies in place are only really scratching the surface. Only 25 per cent of policies actually stipulate that users cannot carry sensitive date on their personal laptops.
Mobile devices, boasting ever-larger storage capacities, have long been identified as a security threat through both intentional and unintentional misuse. While nobody would necessarily question an individual who enters and leaves the workplace each day listening to an iPod the potential is now there for that person to be moving 60GB of data each day.
Similarly an employee's lost laptop or PDA, used at their own risk, may not cost the company anything to replace but if it contained sensitive data the cost to the business could still be considerable.
Peter Dorrington, head of fraud solutions at SAS, told silicon.com: "There is definitely a major threat of 'data harvesting' with these devices. Back in the day a rogue salesman might have printed off a few pages of contacts, or might have filled a floppy disk with data, but the issue now is the sheer volume of data which these devices are able to contain."
"You can now fit a whole company database onto a device the size of your finger," he added.
Dorrington cited the cases of some banks which now require employees to check all personal mobile devices in with reception, but warned that a workforce poorly informed on why such measures are necessary may resent them and see it as 'killjoy-ism'. Similarly such measures may not limit the activities of those with a malicious intent.
Asset management must also play a part, said Dorrington. Typically larger companies have a better idea of what is on their network and what devices are being used because they employ more effective asset management. As such the threat of "data harvesting disproportionately affects small and medium-sized companies", added Dorrington.
Dorrington warned that any policy making is inherently flawed, because it relies on individuals to play by the rules. "We cannot simply rely on people to act responsibly," he said, advising companies to "divorce the data and the business" and take whatever measures they can to remove temptation.
Comments
There are 12 comments. Join the discussion
1. Music Lover
Where do you get your data from???
"iPods have been cropping up in increasing numbers and are now actively used in 29 per cent of businesses"
That’s the biggest load of rubbish Ive ever heard, it may be true in "the city" but for the rest of us in the real world that’s just complete nonsense! What is this stupid techy obsession with ipods anyway? I’m a big music lover, but the only possible time I would get to use one is walking the 15m between the front door of my house and my car! I have a stereo in my car and at home, I listen to music if im out at a pub or club. My PC at home and at work has perfectly good sound capabilities. Perhaps ipod users are such nomads they use them to shut themselves off from the grim reality of their dull existence!
2. Rob Naylor
Mr Music lover - Jealousy is so un-becoming. Although I do admit some iPod owners can border on an almost religous worship of their devices, and I agree that the "35% of companies", can only really apply to the city - I hear they wont let you in unless you sport at least a 20GB pod...
3. Chris Brunnen
I am a photographer and many of my clients use iPods. After a studio shoot he drops his iPod in my dock and and I put all the images on it. Seconds later he's off - No burning CD's or DVD's - fantastic. All businesses should have one.
4. anonymous
Perhaps the 'music lover' from Coventry should get out more!
5. anonymous
Poor old IT managers. If only all staff conformed and worked their dumb Windows machines and did what they were told.
6. John
20 gig!!!
I'll need 5 minis then!
Not...enough...pockets...
However on a more serious note data theft, especially in high turnover industry sectors such as sales is something that mobile media devices (not just iPods) seem to be ideally suited to. Catching someone copying data to forty floppy disks is a lot easier than to a 1 gig memory stick. Companies without policy in this area will need to be burnt once to realise this.
7. anonymous
This does beg the question. Are IT departments support to facilitate the business, which is why they were set up in the first place. Or have the elevated themselves to policemen, who decide what can and can not be used/deployed.
Let's say a training specialist decides he needs a streaming server to deploy e-learning to remote sites. Is it really IT's job to deny that initiative on the basis that it would use bandwidth/open ports/whatever excuse they could cook up?
I'm glad I work in an organisation with an excellent IT dept who understand that they are there to make things happen, not to decide what should happen. Sadly, my company seems to be the exception
8. Kevin
I have an Ipod, & derive much pleasure and calming from it when travelling by train. But do I need to manage my music store or play-lists at work by synching with my company laptop? Absolutely not, not even for todays latest release.
The case for allowing use of PDA's and Smartfones - or even an Ipod as a business tool - is however a legitimate consideration & effective IT departments should embrace it/them. Synching contacts in utlook, mobile & PDA (especially when changing mobiles) is clearly beneficial, but destabilising my laptop with a new, untested (by my IT guys) application could reneder me unproductive for days.
It comes down to establishing the right approach:
will it be beneficial to allow connection of a device?
what are the risks?
when can it (and the necessary app) be tested?
Who can test it? many employees outside the IT support department have the skills to do this these days.
If the company is large, it is likely to be impractical to assess aproving every device, but larger companies provide devices for those that need them, and choice is usually limited.
Smaller companies may encourage the use of personal devices. The key here is settingb the right policies on what is allowed and what is not.
9. anonymous
Anonomous Product Manager, the main reasons for IT departments protecting their networks from such storage devices is to prevent cretins from infecting networks with viruses. Ask yourself how you would feel if you lost use of your e-mail for 4 days because of this, i would be pissed off and would want the cretin with the ipod removed.
we are not policing we are protecting.
If users thought about the consequences of their actions then life would be so much easier. Managers and senior execs are the biggest risk to networks, mainly because they think they can do what they want and bugger the after effects.
10. Tone Trainer
Device management made easy - we are looking at a solution by a company called becrypt.
Integrates with AD its so easy!
11. Paul Wilson
Being an IT person, Networking, building networks, designing networks etc etc, it gets frustrating when companies have NO policy. One of the biggest problems that hit any company, big, medium or small, is the number of 'Illegal' files being transmitted across a LAN. Bill with his new CD, sharing it with Jo, 700mb of music, then there is the other muppets who want to share their holiday snaps with all the department, not only do they use up valuable disk space on the servers, they also use valuable bandwidth everytime Bill or Jo or whoever decides they want to look at the scenic shot of Fred falling off the camel etc. Company's should ensure that their employees are aware of the policy, and stick to their guns that "Unless they can justify a business case" it does not get added to the 'WORK' environment. This is not to say the guy with his ipod used to transport pictures, or 2gb memory pen used as data storage cannot be plugged in and used, it is a case of managing the Network, ensuring the device is going to be used as intended, and if it overloads the network, refusing connectivity. Unfortuantly IT does not mean freedom to connect what you like to your PC. If it is for personal use, plug it in at home. If it is for business use, then adhere to policies. Not all the users fault, a lot of IT Managers are inexperienced and think that 1gb fibre backbone gives their users unlimited transfer rates.
12. anonymous
After reading the comments in more depth, I have come to the conclusion that alot of the inept, stupid, moronic, inexperienced, niave & selfish people in networking have answered IT Managers around the world main question, the answer being "Yep, these muppets / numpties are as thick as we thought", We are not Spoiling YOUR fun, we are trying to keep a BUSINESS running, but are fighting a never ending battle against the turds and plonkers who think that what they can do at work is the same as at home. Well it is not, if you want to infect your pc at home, and because you have either dialup or broadband, then fine, you cack your pc, tie up the bandwidth on the connection to the internet, BUT LEAVE the Corporate networks ALONE. We do NOT want to come to your desk to solve YOUR problems as to WHY you cannot download KYLIE to your ipod or MP3 player, NOR do we want to see you, your missus, or your kids on holiday, you want to look lovingly at them, put them on YOUR PC at HOME, not the company server, 20 of your pictures can take from 18mb to 120mb (depending on number of pixels and format) which is a lot of space for documents (which normally are anything from 10k but average on 1mb to 3mb). When the company you work for, starts charging you for Personal storage, then you can Save what you like to the server, as you will be charged per mb. Think before you complain.