Ask, decide, and document, document, document.
Does your enterprise have a telecommuter policy? Among other things, do you deal with optimizing the way in which telecommuters communicate? Are you sure the procedures being used are safe–that they don’t compromise your network safety? One of my best friends in IT did a hand-wringing session with me the other day. He asked–rhetorically, I was assured–these and similar questions. I could tell that he was just getting around to asking these questions of his organization, and not liking the answers.
The cause of his trepidation was not only the recent spate of warnings about hackers using the mobile door provided by travelers and telecommuters to get into company networks for their crimes. It was also the result of a fair number of the company’s telecommuters whining about their connection speeds and other didoes. They forcibly reminded him of the smorgasbord available: DSL, cable, satellite, dialup, wireless. One person in particular is itching to use the new v.92 standard for dialup modems. She, of course, is oblivious to the fact that the company has several hundred people using dialup modems, and changing them to v.92 is not a trivial exercise. She just wants the advantages.
Not unreasonable, really. No more than wanting the broadband capability of DSL or cable. The fact that it is impractical (costly, buggy, complex, unreliable) is not the consumer’s concern. Or so they think. In any case, it was my friend’s concern. Some days he thinks he should just give them a T1. At least he understands that technology, and the Telco folks are likely to install it correctly.
What he would like to do is handle each telecommuter on a case-by-case basis, and select the best possible (current) technology. His idealism is noble. Unfortunately it comes apart at a number of points. His staff can’t possibly handle the support for more than one or two communications technologies at a time. Even with third-party or outsourcing, the range of options must be limited. Then, of course, the technologies are changing. Some of this is improvement, but some of the changes are simply finding out that the technology doesn’t work well under certain circumstances. DSL, for example, is running into many kinds of glitches in switching, line interference, bad connections, and oddball wiring at the user end.
Staying on top of all the situations, improvements, and advancements is impossible. So you narrow the choices. Yesterday DSL looked great, today it’s cable, and tomorrow it could well be satellite. Pick your horse? As my friend put it, “They tell you quite a bit about the horse. They tell you nothing about the track conditions, the weather, or the field. Makes betting difficult.”
Then there’s this newly amplified anxiety about telecommuter security. My friend admitted to one hack the company has already encountered. He made a profound wince. “We have no idea.” He left that statement hanging, as in: We don’t know who did it, how they did it, or why they did it. I sympathize greatly because I know how easy it is for people to be careless when they’re traveling or at home–especially at home. One just doesn’t have one’s paranoid business hat on when sitting in the family den; plus there are so many distractions. How easy it is to leave the modem connection live when you run upstairs for (a two-hour) dinner break.
Of course, there are things that can be done. Technological fixes are available, to a certain extent. For example, personal firewalls may have some effectiveness, but there’s always the problem of installing and maintaining them. From a company’s point of view, it would be great to have telecommuter firewalls that could be tuned for the company’s protection. This is possible, even with current software, but the cost and complexity of making it work for hundreds or thousands of employees is daunting. The same problem applies to almost any other approach to security. It gets complex, and when the complexity leaves the building every day and goes elsewhere–well, the IT manager knows all about leaving too much in the hands of fate.
And the point of this litany about telecommuting? Did you know that a telecommuting policy is also a bit of a safety net? If you don’t ask the questions, and if you don’t document your answers and remedies, then you don’t have much of a story to tell when disaster strikes or users revolt. Accountability may be a pain in the butt, but it’s also CYA.
Editor at Large Nelson King also writes Pursuits monthly for ComputerUser magazine.