 |
|
|
|
|
|
|
|
|
|
|
 |
 |
 |
|
|
|
|
|
|
|
 |
 |
| |
|
|
|
 |
|
|
|
| |
|
Remote
working |
 |
Equipping your workforce to work at home
or on
the road offers many advantages,
but there are
pitfalls as well. Kay Ewbank
checks out your options. |
|
|
On a cold dark morning when the 7.35am train is delayed for the third time this week, the idea of remote working may well seem very attractive to both employee and employer. For the employee there’s the lure of avoiding that horrendous commute; for the employer, avoiding the expense of central office resources for workers who have no real need to be physically present. Effective use of computer technology can indeed make it possible for business users to work effectively from any physical location, but there are more things to consider than might be initially apparent.
The benefits
The positive elements are easy to enumerate. Why waste hours commuting when you could go straight to your desk in your home office? Anyone who travels through busy commuter territories will see how fewer journeys would reduce that element of the carbon footprint. If your work involves travel away from the office in order to meet customers, for example, then the right computer software and infrastructure means you can work effectively no matter where you are.
So long as your emails are delivered to your laptop or PDA, and you can view and edit data in the corporate database and other relevant documents, why should you ever have to go and sit at a desk in a geographically inconvenient location just because that’s where the HQ is? If someone needs to work with customers and clients, it’s much better that they work with real data rather than a printout made the last time they were at their desk; and much better if any additions or changes can be entered immediately into the system rather than being noted down for entry once you return to the office, with the potential for errors.
The issues
While there are obvious advantages to remote working, there are also disadvantages. Managing someone you seldom see is difficult, and the person working away from the office may lack motivation. The lack of social interaction can lead to feelings of isolation and it’s hard to maintain the feeling of being in a team if you never see each other. Furthermore, colleagues and managers may see remote workers as either part time or as not really working at all.
The much vaunted arguments about remote working being greener can also be less than completely accurate. Is it better to have several inefficiently insulated ‘home offices’ or one efficient central office? It’s quite likely that the remote worker is effectively subsidising their employer by providing their own phone and paying for their own heating and lighting.
It’s also important to ensure continuity of communication so that a client can contact the worker on the same number whether they’re in the office or on the road. While the classic solution to this problem is to use a mobile phone no matter where the worker is, IP telephony offers a more cost effective alternative.
The final element to be considered is security. There’s obviously an enhanced security risk to working outside the firewall, to say nothing of worries about people leaving unencrypted memory sticks on the train.
Equipped for the road
If you are going to have people working remotely, you need to provide equipment for them to use. The choices range from a standard desktop PC through the laptop and PDA (Personal Digital Assistant) to mobile phones, and the right choice depends on the actual working pattern. If you simply need to be able to work from a single remote location, a desktop PC with a decent screen and keyboard has a lot to recommend it – even the best laptops tend to make compromises with their keyboards and have smaller screens than you would ideally like.
Choosing between a laptop, PDA and mobile phone is trickier and comes down to the split in time between office and out-of-office. If the requirement is largely reading and answering emails and checking appointments, a PDA coupled to a desktop PC back at the office is probably the best compromise. You can produce documents and work with corporate data if necessary, and you don’t have the overhead of carrying a laptop around unnecessarily. The more time you spend actually creating data on your travelling machine, the more sense it makes to have a laptop rather than a PDA. In the following article, Simon Bisson looks into the various PDA and phone platforms available.
The way in which your remote users gain access to your corporate data is a critical area to consider. There are two main options here. Firstly, you can require that the user is actually connected before they can access the data. Alternatively, you can employ some form of local data caching coupled with client-server synchronisation. Each option has its merits, but it is important to remember that the data may be considerably more valuable than the device itself.
Web-only access removes the worry that the remote device contains data that may be lost or stolen. It also ensures that the remote user always sees up-to-date information and doesn’t rely on locally cached data that may no longer be valid. However, the remote user will be unable to work if they cannot connect to the corporate LAN. You will also need to ensure that the connection can cope with the potential data traffic, and minimise the security risk involved in actually transmitting the data.
The alternative is to maintain a local cache of the data. This has the benefit of allowing the remote worker to work even when there is no possibility of connecting to the corporate LAN. However the data they work with could be out of date, and the locally cached data must be stored securely.
Microsoft solutions
Microsoft Office Groove 2007 provides a versatile low-impact and yet very secure
environment for collaborating both within and across the corporate firewall.
One solution is to run a corporate portal, in other words a Web site designed specifically to assist your workforce. Microsoft Office SharePoint Server 2007 allows you to create a single location from where they can access all the applications they need, no matter where the application or the user may be physically located. Users can access content through Microsoft Office applications, through e-mail or through Web browsers, leaving SharePoint to manage the content.
This in itself considerably simplifies the support of remote workers, but SharePoint also offers facilities such as Enterprise Search, which makes it simpler for users to find relevant information. When a user enters a search term, they are shown results that include not only the documents and Web content that match, but also business and people-related data, such as the fact that Fred in Accounts is currently working on this project.
Moving to the client, the 2007 release of Microsoft Office makes it easy for users to share documents with colleagues no matter where they are located. As well as letting you print or email a document, Office 2007 lets you publish it to a SharePoint library.
SharePoint is a very effective tool for creating and managing a content management system, but it is large and sophisticated and needs planning and design. Those working in less structured and formal environments can achieve many of the same results using Microsoft Office Groove 2007. This collaboration software gives teams a way to work together through Groove workspaces no matter where they may be located. The advantage is that you don’t need a server or even a corporate network as you can use Groove workspaces using just client hardware and the Internet.
A Groove workspace is simply a set of files to be shared. The creator of the workspace invites other Groove users to join. Each person has their own copy of the workspace where they can edit the documents. Any changes to the data are tracked by Groove and sent to the other team members so that every copy is kept synchronised. If someone is working off-line then the changes that need to be made are queued and sent when they come online.
A rather different solution is offered by Windows 2008 Remote Desktop Services (previously Terminal Services). Here the application is run on the server with the Remote Desktop client providing a remote ‘window’ onto the server desktop. This is an extremely secure solution as no data is actually held on the client machine, but it does require a permanent connection. Citrix Access Essentials works with RDS to enable access through a Web browser and from non-Windows clients.
Keeping it safe
Of course security is a big issue here. When a worker sits at a desk in the corporate HQ, they and their manager can make certain assumptions about the security of the working environment: the machine will be inside the corporate firewall; it will be patched with software updates to meet the corporate security policy; anti-virus and anti-spyware software will be up-to-date and in place.
When a worker connects from outside the firewall, no such guarantees are in place. This is one of the major drawbacks to remote working. We’ve all heard the news stories about laptops left in taxis or memory sticks dropped in pubs, but how do you safeguard corporate data stores?
What is needed is some way to secure the data so you don’t have to rely on your staff being careful and reliable. One solution is to encrypt all data, whether it resides on a hard disk, a PDA, a USB memory stick or on removable media such as a CD.
The BeCrypt range includes software for disk encryption, media encryption, data protection and remote access control. BeCrypt Disk Protect can be used with any hard disk and automatically encrypts and decrypts data in real time while the file is being accessed so that the user doesn’t have to decrypt a file before use. The entire disk including the operating system can be encrypted which means the data can be protected against attempts to decrypt it using specialist file decryption tools. Disk Protect can also encrypt devices such as USB memory sticks and floppy disks.
If you’re working with a portable device, Becrypt PDA Protect can be used to encrypt the device’s removable memory, while Connect Protect is designed to control the ways in which users can connect plug and play devices such as mobile phones and media players to your network.
One security headache faced by administrators is the thought that remote users may be logging in from potentially insecure locations such as an Internet cafe or a PC at a customer location. The danger here is the session information that can be left behind after the user leaves.
The safest way to avoid this problem is to prohibit the use of such insecure locations, but an alternative is Becrypt Trusted Client. This is a memory stick that contains a complete bootable environment. The user inserts the USB device into any computer then turns on the machine. Trusted Client authenticates the user’s name and password, then boots the operating system on the memory stick and launches the preconfigured environment. This would typically be the user interface, a Web browser, email access and optionally thin-client software and standalone applications.
Steganos Safe is a tool that can be used to encrypt disk drives with a choice of access control. The data is stored in a ‘safe’ that can only be opened when the user either enters the correct password or inserts a specific memory stick. You can create secure drives on a local client machine or on the 
Steganos Safe turns your disk drives and memory sticks into encrypted 'safes' for
secure storage.network, in which case several users can access data in a common safe simultaneously.
One of the worries of having very secure encryption is what happens if the user forgets their password or loses the USB device that they need to access the data. Steganos Safe provides an administrator Emergency Decryption Key (EDK) – essentially a master key that will unlock any encrypted device you’ve set up. In addition to encrypting hard disks, Safe works with memory sticks, automatically encrypting data as soon as the stick is removed. It also includes a file delete option called Steganos Shredder that permanently destroys unwanted files.
Steganos Privacy Suite adds further tools such as the AntiTheft tool that lets you log the details of your laptop with Steganos. If your laptop is lost or stolen, you can check whether the lost machine has been connected to the Internet and provide the IP address to the police to help them trace it. Privacy Suite also includes a password manager for storing PINs and online passwords in a secure encrypted manner. Other tools include an email encryption option that requires the receiver to decrypt them using a previously agreed password.
Keeping control
For the network administrator, the fact that a machine is not physically connected to the local network simply makes their job harder. Microsoft System Center has two tools to help you manage remote machines in Configuration Manager and Mobile Device Manager.
System Center Configuration Manager 2007 is what used to be known as Systems Management Server and is used for deploying and managing servers, clients and mobile devices, no matter where they are located. One key feature when managing remote devices is its Desired Configuration Management option. This lets you specify the features that must be in place, such as the state of patches and software updates, before a machine can be connected to the corporate network.
Keeping synchronised
One problem faced by remote workers is that of keeping the files on the remote machine and the corporate machine synchronised. Copying files manually is time consuming and error-prone. TGRMN ViceVersa can be used to synchronise files, replicate folders, and compare the status of files and folders. You’re shown a side-by-side view of the files in both locations, and can copy and update to ensure you’ve got the right version in both locations. ViceVersa will encrypt the data to ensure it is secure and it also provides compression, automatic synchronisation at a particular time, and versioning so that you can keep track of older versions and the data they used to contain.System Center Mobile Device Manager gives you a simple way to manage the security settings of Windows Mobile devices, allowing you to stop and start applications such as encryption and anti-virus protection. If a user loses a mobile device then Mobile Device Manager lets the administrator lock and wipe the device remotely. It also provides facilities for backing up and restoring the data on the device so the loss is simply of the hardware rather than the corporate data.
Symantec Network Access Control can also be used to enforce security policies. It checks any device that attempts to connect to your corporate LAN to see that the device meets your security requirements in terms of patches, service packs, desktop firewall status and anti-virus software, and will automatically either block or quarantine devices that are non-compliant.
McAfee Network Access Control is another tool that can protect your data by controlling access from systems that don’t comply with your security policies. You can either block or quarantine non-compliant devices, and it offers automated remediation through a remediation portal where the remote user can put right any problems with their system.
Managing and maintaining remote devices is only possible if you know they exist. This is a particular problem with mobile and removable devices which users may introduce to the network in a non-structured way. Layton Technology AuditWizard lets administrators monitor all the IT assets on a network, including mobile and removable devices. It is partially intended to provide compliance for software licensing, but can be equally useful in checking that unauthorised devices are not ‘leaking’ onto your network with all the potential security problems this implies.
|
|
KAY EWBANK
Kay is a database consultant specialising in EIS, financial analysis and GIS systems. While much of her work is based in London, being a consultant gives her the freedom to sail, travel and help out as a part-time sheep farmer.
kaye@hardcopymag.com
|
|
|
Find out more...
|
|
|
|
 |
|
|
|
|
|
|
|
 |
Copyright © 1983-2010 Grey Matter Ltd. All rights reserved. |
 |
|
 |
|
|