The Changing Mobile Worker: Balancing Productivity and Security

As an IT veteran, I have observed and helped drive tremendous change, not just in the technologies we use but how we use them. Among the more dramatic shifts has been the definition of being a mobile worker.

When I was a mainframe programmer in the late 80’s, being “highly mobile” meant I could log in at any mainframe terminal in the office, do my programming, submit my jobs to the queue and do my (internal only) email. Later, I had two desks in two different buildings and mobility became driving between them multiple times each day.  Virtual Private Network (VPN) technologies allowed me to be on call and dial in (literally via a phone-line) from home rather than having to get to the office.

The Internet made mobile work more bearable, but it still required a laptop or desktop.  By plugging my blackberry into my PC as a modem, I could work on the train to my office in Boston.

What really transformed mobility (or the trend of more employees working out of the office using mobile devices) for me was the iPhone (followed by the iPad and Android devices.) Not only was I in touch as frequently as I wanted to be via email capabilities, but the enormous ecosystem of apps allowed me to be productive in the ways that fit me best.  I was – and am – able to define how I work and where I work.  “Work” has stopped being the place I went to and instead became what I did.

Today we have tremendous capabilities on our mobile devices, and we rely on these devices for extended periods of time — even full time in some cases. The evolution of apps allows users to share content, communicate and be productive with amazing ease.  But those benefits have also created other IT challenges, such as how an organization enables and expands those mobile capabilities for workers while maintaining the integrity of company intellectual property.

In EMC IT, we unlock these capabilities with an Enterprise Mobility Management (EMM) system to enable mobile devices to securely maximize mobile worker productivity while respecting the privacy of their personal content on the device. kenblog1

Arriving at our current state has been an evolution. In 2010, we managed mobile devices with a simple mobile data synchronization technology from Microsoft called ActiveSync.  This gave IT more control than I think most people realized – with very little granularity or automation.  Users would configure their device with the Exchange server settings, and ActiveSync would allow for deployment of screen lock, passcode, encryption and other fairly generic policies.

However, if  I misplaced  my phone or if I left the company, the only way EMC could ensure potentially sensitive company information was removed from my device would be to send a wipe command, erasing personal data, pictures and music as well as work data.  ActiveSync didn’t allow for granular management or for other areas of enablement.

Click to Enlarge

That’s where modern EMM tools add tremendous value—but they also tend to add considerable controversy among users, some of whom view such controls as intruding on their privacy. There is a LOT of misconception about what EMM is and does.  EMM is a suite of tools which allows for management of mobile content, applications or of a mobile device (Mobile Device Management – MDM) via APIs provided by the OS manufacturers (Apple, Google, Microsoft etc.)

These tools do allow IT to enable or restrict capabilities, enforce policy, provide configurations for a device and enable the delivery of applications / content to a device.  However, they don’t have to intrude on users’ privacy to achieve these capabilities and safeguards.

EMC IT recently launched AirWatch EMM, offered by a company which EMC subsidiary VMware acquired in 2014. To accommodate our users’ demands, we provide two options for our employees.  First is the traditional MDM which we use to configure a user’s connection to EMC’s Exchange email platform. We push down a wireless network profile to connect to the corporate mobile device wireless network, and we ensure screen lock and a passcode are set and that the device is encrypted.  Most importantly, we also provide access to the enterprise app store where all internal apps can be installed on a user’s device.

In our environment, IT has ZERO access to a user’s personal email, text messages, image library, music, etc.  We do have access to the device location, though this can be turned off. This is used  to help locate a lost phone or for a feature we are not using today but may be useful in the future called geo-fencing, where capabilities are turned on or off depending on the location of the device.  When a user leaves the company, we can now do what is known as an enterprise wipe where only the EMC ‘stuff’ (apps, content, configurations, profiles which EMC enabled) is removed but personal data remains.

Click to Enlarge
Click to Enlarge

The second option we offer is “Email Only,” to accommodate some of our customers who felt they would never use the app store, and only needed email.   This is effectively a secure container on a user’s device which allows access to their email without requiring MDM.  Of course this means the other capabilities (access to corporate wifi, the app store etc.) are not available.

Throughout my career mobility has meant different things – I like its current meaning quite a lot – enabling me to be productive in my job, securing my company content while respecting the privacy of my personal content – anywhere, any time on almost any mobile device.  I can’t wait to see what the next generation of mobility will unlock!

About the Author: Ken Stambaugh