With the growing concern over security issues among corporate houses, the management is facing stiff challenges as far as usage of personal devices is concerned. As a growing number of mobile executives prefer to carry their own personal devices like notebooks and PDAs, organisations are either deploying strong security technologies or planning to do so in the coming days. The distinction between personal and enterprise devices is fading by the day.

Gartner attributes use of contract and temporary workers, mobile workers needing personal data and connectivity while on the move and the growth of full and part-time tele working as key drivers drivers of this trend. Gartner predicts that by 2008, 10% of companies will require employee-purchased notebooks.

Maximising employee productivity

In order to provide flexibility and get the maximum out of their employees, organisations are allowing the usage of personal devices, whether in office or on the move.

Alagu Balaraman, vice president, Process and Architect, Britannia Industries believes that the expectations of the employee and employer are changing. People are expected to bring skills, knowledge and relationships to the table. "The company may offer a Blackberry connection to the e-mail, but I don't want to change my handset or carry two phones. In that case I want the service but only on my existing handset. If I will use two I might be less effective because instead of working I am trying to learn a new device," explains Balaraman.

Take the case of Mahindra and Mahindra Finaancial Services Limited (MMFSL). The company is allowing its field as well as office staff to use their notebooks and PDAs to access corporate information as and when required.

Nevertheless, some organisations have restricted the use of personal devices. To offer different access options to their employees, these organisations have deployed strong security technologies in place. Jagsonpal Pharmaceuticals, for instance, has permitted its field managers to use their own devices to connect with the corporate network, but has barred the R&D department from doing so.

Explaining the reason for this divide, Prakash Pradhan, head - IT, Jagsonpal Pharmaceuticals, states, "As we are in the pharmaceutical industry, R&D data is extremely critical for us. Hence, we do not allow our R&D employees to use their personal notebooks or PDAs. Though we have relaxed it for our field staff like regional managers."

Relaxing standards; framing security policies

A 2006 Gartner survey of medium-sized business in six countries found that 42% of organisations had policies or schemes allowing employees to connect personally owned PCs to the corporate network. Though the trend is new to Indian entrepreneurs, several organisations are providing this flexibility to their employees by framing strong security policies and relaxing their internal standards. Many of these security tools, such as network access control (NAC), PC virtualisation and digital rights management (DRM) are being adopted by enterprises to manage threats.

MMFSL has deployed SSL VPN along with Citrix security solutions, to enable employees to use their personal devices over the corporate network. Informs Suresh Shanmugam, CIO, MMFSL, "Since our business operations are more into rural and remote operations, mobility on control and collection is used effectively. All requests from our employees are routed through Citrix security or SSL VPN, which is exposed to the internal users on specific registrations on password labels and roles defined during the allocations."

The information required to run a business entity requires some kind of control to accelerate the task force. The quantum of usage should be based on the business requirements and policies derived out of it to ensure better control with accurate information on field. Most companies are relaxing standards wherever they do not deal with 3rd party data, flirting with the risk of getting into a legal liability. "Instead of changing security policies, they are probably 'overlooking' them. It's easy to do, because most security policies are incredibly difficult to implement in a world of rapidly changing standards, devices and usage," concludes Balaraman.