The technology implications of flexible working

On the April 6 2003, the Government’s Flexible Working initiative became law and employees with children under the age of six, or eighteen where disabled,have the right to request a flexible working pattern. Employees may request flexible hours to provide a better fit with their home life; a worker may wish to start earlier in order to leave early and pick up their children from school. Other approaches include compressed hours, working longer hours on some days and shorter on others, flexitime, job sharing and working from home, placing new demands on IT infrastructure.

The law obliges employers to give consideration to these requests. Rejections will only be likely where there is a clear business justification.

Many organisations already started to reap the benefits by defining their own flexible working policies ahead of the Government’s initiative. Twenty-two such companies have formed an alliance to foster and encourage flexible working. The alliance, supported by Tony Blair, is known as Employers for Work-life Balance and includes organisations such as BT, KPMG, Shell, PricewaterhouseCoopers, and The Royal Bank of Scotland. The alliance’s Chairman is Peter Ellwood, Group Chief Executive of the Lloyds TSB Group. He sums up their efforts:

“By putting work-life balance at the heart of our corporate culture we have, for instance, been able to improve morale, reduce absenteeism and employee turnover.”

Impacting your infrastructure

This new wave of remote users will bring with them fresh challenges for today’s IT departments. How can they support an effective remote workforce without compromising security or quality of service?

Security VPN

Most companies will use the Internet to carry traffic from their remote users to the corporate network. However, for all but the most trivial traffic, this data must be protected from snooping and modification in transit. Virtual Private Network (VPN) technology can be used to achieve this level of protection but the corporate gateway must be highly available in order to provide the quality of service that users have become accustomed to.

While a VPN protects data in transit, it will not protect against attacks directed at the user’s machine from the Internet. If a home worker’s machine is compromised while connected to their office network over the Internet, then a hacker may have direct access to the company’s systems - even over a VPN. Deploying personal firewall technologies to remote users can help, but IT departments must consider carefully which products to use. They must be able to enforce security policies across remote machines when users sign on. The product of choice must also be able to inspect the state of a remote machine before permitting the VPN connection to be made. As an example, the product should be able to detect whether an anti-virus (AV) product is installed and only permit the corporate connection to be made if the AV package is active.

Authentication

In addition to protecting the data, it is also important that only genuine employees are able to access internal systems from remote locations. The simple validation of user names and passwords is far from secure, especially when an Internet connection is used. ‘Two factor’ authentication schemes rely on the user employing a physical token in combination with a username/password, stepping security up a level from ordinary name/password mechanisms. Although ‘two factor’ mechanisms are more costly to implement and maintain than simpler methods, they dramatically increase the likelihood of the user being genuine and are therefore worth considering for valuable data.

Remote Management & Assistance

To provide remote workers with comparable services to those available to office-based employees, IT departments will need access to home workers’ equipment. Software and as anti-virus updates are vital, for instance, along with the on-line backup of remote systems - bandwidth permitting.

Desktop Tools

The IT service desk must also be equipped to assist remote users. Unlike their office- based counterparts, remote users can’t ask a service desk representative to visit their desk when they need help. Remote desktop tools will permit the service desk to take over a user’s system and take control of the mouse and keyboard when a user needs assistance. However, these tools should employ an authentication mechanism and also warn users when their system is being monitored. Deployment of such tools will also require changes to the security rulebases on both the personal and corporate firewalls and these entries should be logged for auditing purposes.

Hardware Maintenance

anisations may also need to upgrade their hardware maintenance provision to support the locations of their home workers. Despite the cost increases inherent in such an upgrade, companies should consider the impact of the inevitable reduction in service levels that will occur if remote users are not adequately supported. In an office environment, for example, a user can normally borrow another machine to complete their work whilst waiting for an engineer. A home worker, on the other hand, is unlikely to have access to alternative equipment and will remain unproductive until the machine is fixed. This requirement needs to be covered by the maintenance company and it may be that a new rapid response contract, specifically for home workers, will be required to meet the needs of the user community.

Communications

Home-based IT users can be broadly split into two categories; high or low volume data consumers. A simple dial-up line may meet the low volume requirement, although this introduces unpredictable telecoms costs and will probably require a dedicated phone line. High volume users are more likely to require broadband connections but these are often unavailable in rural areas. Companies will need to analyse the traffic and work patterns of their users in order to provide the most effective solution. For some it will be best to use ‘fat’ clients on the remote machines, while for others it may be better to use terminal server applications such as Citrix or Tarantella for delivery. Detailed work at this stage will allow organisations to formulate application delivery strategies that extend beyond their home working needs to cover new types of access devices such as PDAs and smartphones.

Telephony services must also be considered and there are several solutions available. The simplest method is to provide a second phone line, with an independent direct line number, to each home worker. Although this is easy to accomplish, it does not integrate well with the corporate phone system, presenting the company’s internal communications system as cumbersome to both internal and external callers. External callers trying to reach a contact working off-site are advised by switchboard to redial a direct line; there is no facility for them to connect the caller. Equally, internal callers are unable to reach their home-working colleagues on short extension numbers and need to dial full, direct line numbers to contact them.

The second method is to provide each remote worker with a mobile phone. For larger companies, these can be accessed as extensions from the main switchboard but smaller organisations will still suffer from the ‘separate’ phone number issue mentioned previously. Additionally, this method incurs high operational costs, as most mobile calls are more expensive than traditional landline connections and internal calls.
Lastly, there is growing concern over the safety of mobile phones and users who are required to spend much of their day on the telephone will be reluctant to make prolonged calls on such devices.
An alternative to these traditional methods is to implement IP telephony services for the remote users, albeit only to Broadband connected workers. Client access devices could be enabled with soft phones and these could be assigned numbers from the corporate switchboard, as well as receiving corporate type telephony services such as call waiting and participation in ‘hunt groups’. An IP telephony solution will require additional equipment and expertise to design, install and integrate but the benefits to the organisation may make it a worthwhile investment.

Home working also has an impact on the most basic of communication services - internal post. The post could be re-addressed and sent to the employee’s home but this has a negative impact on delivery times. An alternative for important or time-sensitive mail is to introduce scanning technology at appropriate levels in the business. Mail can then be converted into electronic format and e-mailed to the recipient. This also enables the electronic copy to be permanently archived or made accessible to a knowledge management system. As with IP telephony, specialist design and implementation skills may be required to build an effective solution.

Conclusion

Initiatives such as Flexible Working will continue to grow in importance as employees strive to create a better balance in their lives between work and family life. Meanwhile, companies seek to increase their productivity while improving employee retention*, morale and loyalty. Flexible working aims to bridge the divide between company and employee needs effectively.

Of the options available for flexible working, home working will have the biggest impact on the IT department and its infrastructure. Companies need to formulate plans to provide robust levels of remote access but may find additional value in re-evaluating their current application delivery platforms and client access device types.

This may be an ideal time to begin technology evaluations and trials of products and services that can support not only home working but be of benefit to office-based users too. Such tools include IP telephony, secure authentication systems, VPN clients, remote control software and personal firewall technologies.
When evaluating these technologies, it is important to gain a good understanding of how they will integrate with the existing environment both technically and from a user’s perspective. Not all tools will suit all organisations and expert help should be enlisted to define the test and success criteria for the evaluation process. In some instances, it may be necessary to build complex test scenarios involving equipment from a variety of vendors to test the products fully, in an integrated environment. Vendor independent test facilities that maintain an existing set of hardware and software assets, from a wide variety of manufacturers, are likely to prove to be the most suitable testing ground because they will have expert systems integration knowledge. They should have load generation and monitoring systems that can also be employed during the testing phases.

Organisations willing to accommodate new working practices may have to invest in technology to enable their staff to operate remotely but the 22 founding companies of the EWLB are already reaping the benefits that flexible working can yield.

*Ernst & Young calculated that the cost of losing an employee amounts to four times that employee’s salary

By Clive Gladwin, Solutions Architect at Computacenter.
Clive works in a team of consultants, providing technical and strategic business advice to Computacenter’s corporate and government clients.