Taking the enterprise network on the road: Solutions for the mobile workforce

As more and more companies are recognizing, there is a solid business case for providing remote and traveling employees with the same IT and communications resources available to staffers back at headquarters. After all, allowing employees to access enterprise applications, data and capabilities wherever they happen to be can enhance productivity and efficiencies, may potentially decrease costs and may even improve overall competitiveness.

The hard question is, of course, what is the best way to make those resources accessible? What technologies, management, and security issues arise? And how do you address them? Sandra Weinstein, Marketing Director for Remote Access Services at AT&T, answers the most common questions faced by companies looking to support their mobile and remote employees.

Q: How should a company decide which applications and resources to make available to mobile employees?

A: We find that the more progressive companies are thinking about extending their IT and communications resources out to their employees — whether in a company office, in a hotel, at a customer site, or even at home. These enterprises want to maximize investments in communications, applications and processes which means empowering employees to use those systems and assets, where and when they are working at the moment.

The ideal is to take the capabilities and systems that an employee may access at the office — email, order entry, customer databases, pricing tools, inventory data, and the like — and think about how to make those same capabilities available wherever the employees happen to be working. Availability becomes a matter of who the employee is, not where they are.

Q: What about the available access technologies? Is it wise to standardize on a single remote access method -- such as dial-up, or wireless, or public Internet -- to simplify administration and management?

A: In general, it does help IT organizations to standardize on technologies and systems, especially in big organizations that support large numbers of employees.

But when thinking about network access, there is really no need to limit employees just to dial-up or wireless, or to using only laptops, for example, simply to make everything more manageable. The better approach is to allow employees to access the network through the medium available to them at the time — on whatever device they’re using. It should make no difference whether they’re in a wireless hotspot in an airport, using dial-up or Ethernet in a hotel, accessing their network through a PC at a customer’s location, or checking email on a hand-held PDA. The networking options can vary significantly depending upon where they are traveling or working, but their capabilities need not be limited. Ideally, it should all be transparent to your employee.

In fact, it is possible to deploy a global network ‘client’ that automatically manages access via virtually any method or protocol, yet still works with whatever privileges have been established for that employee or user. You essentially decide who can access what resources, and the ‘client software’ manages the actual access, via whatever method the employee happens to be using.

Q: What type of enterprise network architecture lends itself best to remote capabilities?

A: There are ways to implement remote access for many different types of networking architecture -- whether you are using a private line network, frame relay, or some sort of hybrid. More and more, however, companies are migrating to a converged, IP-based network for their voice traffic, as well as their data and applications.

Better still, with a Multi-Protocol Label Switching, or MPLS, enabled IP network-- you have an architecture that lets you manage quality of service levels for different services and applications over your network. This allows you to ensure high performance when transmitting delay-sensitive applications, whether it’s voice, video or instant messaging.

Q: How can a company provide such flexible and widespread access and also address the security needs of the network?

A: Extending your network capabilities out to remote or traveling users does require some additional security considerations that might not be a factor in on-premises networking. In the mobility world, you should address four different issues:

• Is the device — whether a laptop, or PDA, or other device — authorized and recognized by the network? Can you authenticate that device?
• How will you protect the data on the remote user’s device? If you allow users to download sensitive customer data, proprietary pricing or technical information, for example, you need to provide a way to assure that data is protected.
• How do you secure the end-user’s device against malware or malicious code that can compromise the enterprise network, or affect performance of the end-user’s device?
• How do you protect the remote access connection from eavesdropping or data theft while online?

To address these issues, industry practices provide a way to:

• Establish policies, and check every access attempt against the policies
• Deploy personal firewalls in all remote access devices
• Perform user authentication in the device, so that lost or stolen devices cannot access the network. For stronger security, two-factor authentication can be used.
• Authenticate the device into the network, so that unauthorized devices cannot access the network (even if lost or stolen) and to ensure the device is deemed compliant.
• Encrypt sensitive data.

The decision to become a highly mobile company seems simple, but implementation is not. Technological challenges are significant. Mobility helps create a corporate competitive advantage in employee and customer satisfaction.