Booted Out Of The Of1/2ce

It’s no secret that an increasing number of employees are hitting the road. The mobile computing market in the United States is expected to leap from 7.1 million in 1998 to 12.7 million in 2003, according to market research company Dataquest, a division of Stamford, Conn.-based Gartner Group. Within that market in the same time frame, the number of handheld computers is expected to triple, from 2.2 million to 8.8 million. Cahners In-Stat Group, a high-tech market research company based in Scottsdale, Ariz., estimates that by 2004, the average large corporation in the United States will support about 153 remote offices and 660 telecommuters, and more than 29 million wireless-enabled workers.

CIOs already fighting to keep track of the laptops IS has procured must now also monitor high-tech stocking stuffers. Traditionally seen as toys, popular versions of personal digital assistants (PDAs) may now come with 8MBps of memory and pared-down versions of PC software. Looming ahead are smarter cell phones that will make the mobile landscape muddier.

With those devices, both the pocket and shoulder kinds, comes an attitude. "The whole idea of a mobile device involves freedom, ease of use and fewer restraints, so the user is more empowered," says J. Dodge McCord, manager of telecommunications and business continuity consulting services with Atlanta-based North Highland Co. "Security is exactly the opposite." An effective security strategy is part trust, part education and part plain old-fashioned rules.

Setting A Security Policy

The best security policies must begin with company-provided mobile devices, which are easier for IS departments to manage. Laptops have been around long enough that most companies provide them or at least don’t have problems persuading users to relinquish some control. But handheld computers are causing some companies to revisit their policies. The Marmaxx Group, for instance, doesn’t allow employees to work on handheld computers they bring from home, although the Framingham, Mass.-based parent company of T.J. Maxx and Marshalls stores is testing a program to give non-Internet-ready PDAs to senior management. Mike Coons, a project manager at the information center, says that at Marmaxx, Windows NT is configured so that users without appropriate network access simply cannot install any software—like that needed to synchronize a PDA to one of its beefier cousins—and he’s confident no one’s found a way to sneak the devices past the IS department.

If a company allows users to purchase their own PDAs, however, IT should at least establish a short list of supported models and standardize the way they interface with the network. Mark Margevicius, a Cleveland-based research analyst at Gartner, recalls one incident where a student hired to do network administration decided to synchronize the address book on his PDA with the one on the company network and replaced the e-mail directory with his own, affecting thousands of users. "Even if you can’t control the device, you can control how it accesses your data," says Margevicius, adding that CIOs may also require users to acknowledge that some of the information on the device belongs to the company. Synching PDAs through the network also lets IT track what has been downloaded where.