Mobile working

Mobile devices are changing the way we work. But are they proving a content management headache for IT departments? By Gary Eastwood.

Recently, the number of subscribers to Research in Motion’s Blackberry wireless platform surpassed the three million mark, with one million of those signing up in the last six months. With Blackberry devices aimed squarely at the professional – as opposed to the consumer – it is a sure sign that the mobile workforce is becoming a reality.

But it is not just the Blackberry that is driving a paradigm shift in the way today’s professionals operate. A range of devices from laptops to PDAs (personal data assistants) to smartphones are fundamentally changing the way we all work. From the field team to the executive, employees now need to have access to the latest information, data and news – whether that’s e-mail, customer pricing lists, a Word document or a Powerpoint presentation – wherever they are.

At the same time, employees are demanding a better work-life balance. Instead of having to stay in the office until midnight, waiting for a call, or document, from the US, mobility offers the means to get data anywhere, at anytime.

Of course, this new-found freedom from the desktop comes at a price. Mission-critical information is leaving the confines of the firewall on a daily basis, and retaining control of who is accessing that information is becoming an ever-increasing challenge for today’s businesses.

“Organisations are facing a massive challenge as the management of PDAs and mobile devices spirals out of control,” explains Philip Stanfield, practice director at Morse Mobile. “People pull information onto smartphones and other devices and keep it there. People now want all their information in one place but, with mobility, information is becoming dispersed across the enterprise, with multiple copies of documents.”

The implications of having out-of-date information, or the wrong version of a document, can be severe. E-mails that have been sent to and from mobile devices still need to be stored in case of legal disagreements, while the sales field force needs access to the latest pricing information in order to avoid giving customers too much or too little discount. Likewise, information has to be captured at the point of presence – for example, on a customer site, and stored and managed appropriately.

“Allowing information to be mobile is great, but it also means that this information is outside the realms of normal control. The principle of content management is to have it once, and store it once. But without the right controls and IT in place, information will only be as up to date as the last time a mobile device is synchronised,” says Stanfield.

Michael Decker, managing director of Cryoserver – which provides a ‘forensic compliance system’ for e-mail – goes further: “It’s a serious concern if you do move data out of the company’s ability to control access to it. Unfortunately, companies have blinkers on when it come to mobile – as soon as you provide access to, for example, Microsoft Exchange it means that any e-mail on the server can be printed out from a device with no controls.”

In terms of securing and managing content on mobile devices, there are three types of mobile working, each bringing its own challenge: using a laptop to connect to applications in the office with broadband or a 3G datacard; working ‘offline’ on a document that has been downloaded from the office network; or using a handheld device, such as a smartphone or PDA to access and input information.

The first category – working on a laptop using broadband – is the easiest to manage, and is essentially the same as being in the office. “A broadband laptop is a non-issue – it’s just like being in the office,” explains Tony Heywood, senior VP at ECM specialist Hummingbird.

A broadband connection means that users can connect to the network as though they were in the office. A virtual-private network (VPN) means that anyone accessing company information is subject to the same password, policy and authentication controls, and can access the same applications, as if they were on the desktop in the office.

The second category – working offline – however, throws up some challenges. “Working offline creates an interesting challenge because in essence you want to capture what people are doing, the content they are working on and the changes that they are making,” says Heywood. “How do you manage the conflict if two different people are working on the same document offline?”

In reality, while this is a challenge, most content-management systems (CMS) are up to it. “Most CMSs can deal with disconnected users working offline,” says Dave Gingell, VP of marketing at EMC Documentum. “Most can check information out and synchronise it when it’s re-checked back in, while other users may be made aware that someone has the information offline.”

Of course, where this is not automatic, users may not always re-synchronise when they are supposed to. This boils down to providing them with the appropriate level of education and training when it comes to mobile content management.

“We have a six-pillar strategy when advising clients,” explains Morse Mobile’s Stanfield. “Do you have a central repository of information? What applications will be at risk? Do you have the middleware, security and device management in place, and have you trained users to manage information properly?”

Indeed, a lack of education and training can be a root cause of failure for many mobile projects. “Generally, it’s possible to build a mobile solution for most organisations, but we always ask customers to look at the wider implications of a mobile strategy,” says Steve Butcher, principal consultant at Avanade. “We ask companies to look at what they want from a mobile strategy now and in the future. But it’s also about cultural change – we can build a solution, but it won’t be useful if users revert to their old working practices.”

The third category of mobile working concerns mobile phones, smart phones and PDAs, and it throws up the biggest challenges when it comes to controlling and managing content in a mobile environment. In the first place, says Heywood, just as mobile devices, such as the Blackberry, have changed working practices around e-mail and the way it is used, so mobile could change the way that applications are used.

“We provide mobile content management, and some customers are using it, but we are still at the early stages. The potential is very substantial, but the way we design applications for mobile use is changing – people want an instant response and no one in the industry really knows the implications of that.”

From a technical point of view, it makes no difference to a CMS if content is used on a mobile or a desktop, says Heywood, but in terms of functionality and more tangible problems, such as limited screen size, getting data and documents to and from handheld devices is a challenge. At the same time, a handheld device is more inherently prone to loss or theft than a desktop computer.

“It’s not just about making sure that the upload and download of data to devices is secure – is the data secure once it arrives on the device? You have to make sure you’re confident that it is secure, otherwise your security will be compromised,” says Butcher.

Another problem for mobile devices is the small screen size, with data having to be reformatted or rendered depending on the device. “There’s nothing unique about data on mobile devices in terms of content management, but there is a requirement to identify the mobile device and deliver the right content in the right device format,” explains Gingell.

Stanfield likens the management of mobile content to two pizzas – one large, one medium. The smaller pizza represents IT practice within the firewall, or the ‘inner circle’. But, he says, the outer circle – representing mobility – is often plagued by bad practices, leading to insecure and incorrect information on mobile devices which can, in turn, put the whole organisation at risk.

“You need to treat the outer circle the same as your ‘normal’ IT. Yes, it means you will need firewalls, password policies, two-factor authentication, and so on, but organisations need to move the professional boundary to the outer circle, to include mobility, and treat it every bit as seriously as the desktop.”