The Mobile Workforce
No longer are just executives, salespeople or field service technicians relying on smartphones to help increase their productivity and keep them in touch with customers? needs.? Requests are coming from all ends of organizations to access company email, calendars and CRM applications.? As a result, the use of smartphones in the workplace is increasing exponentially.? If you are reading this, you are probably well aware of how many company-issued smartphones you currently have in service.? You are also probably aware that more and more employees are asking to access your corporate network from their personal smartphones.? According to Forrester Research, a leading technology and marketing research company, half of the smartphones in use in U.S. and Canadian businesses are not company assets.
The immense growth over the next several years of smartphones and other mobile devices such as tablets is universally predicted: ?Forrester?predicts that, by 2013, smartphone usage among U.S. information workers will triple.[1] Gartner?has projected that global unit sales of smartphones will exceed PCs by mid-2011, and by some accounts, this has already happened.? At a recent presentation at IFA in Berlin, Eric Schmidt noted that the mobile Web is growing eight times faster than the equivalent desktop Web model of ten years ago, and that smartphone sales will soon surpass PC sales.? And Mary Meeker has predicted that more people will access the internet via mobile devices than via desktops by 2014.[2] In addition, the use of even basic text services on mobile devices has increased dramatically over the past few years.? Indeed, as of January 2011, comScore was reporting that 68.1% of US mobile subscribers used text messaging on their mobile device, up nearly 3% versus the three month period ending April 2010.[3] Others have put US text messaging penetration as high as 72%.[4]
Inevitably, this dramatic increase in mobile device usage will push into the workplace. This will be driven by both employees bringing their personal mobile devices into the workplace (oftentimes being reimbursed by their employers), and by customers and clients wanting to interact with their service providers and vendors while on the go.??? According to a recent survey of 2,000 IT professionals in 87 countries, IBM found that more than half believe that within the next five years, more developers will be working on mobile applications and cloud-based architecture than traditional computing platforms for the enterprise. ?In all areas of software development, mobile computing is seen as the number-one hottest IT opportunity next year,? said Jim Corgel, an IBM general manager of independent software vendors and developer relations. ?Not only will mobile spike to the forefront, but by 2015, respondents said it will dominate everything. The cell phone is no longer a gadget ? it?s what IT is going to become.?[5]
As companies like Microsoft, Research in Motion, Apple, and Google all continue to make connecting employee-owned smartphones to the enterprise easier, the need for increased data security and compliance becomes critical.?? This need is amplified if your industry is regulated, like financial services or pharmaceuticals, where the archiving of business communications is compulsory.? Where do text messages (in the SMS or PIN format), IM?s (instant messages or BlackBerry messages), and other forms of communication sent and received by smartphones come into play when discussing compliance?
Capture and Archive of Mobile Communications in Financial Services Industry
?Just as cell phone calls are not recorded, neither are text messages. Regular text messages sent through regular cell phones are not kept in any central repository. When you zap them from your phone they are, in almost all instances, forever zapped. There is no federal law requiring that they be stored or kept by the cell phone provider.? -? Mike Wendland, Detroit Free Press Technology Columnist
The above quote is from 2008, but not a lot has changed since then.? During this time, several mobile carriers in the US have instituted SMS archiving for short periods of time.? However, special requests have to be made to the carrier, there are no guarantees that the messages will be available and when received, the messages are in bulk individual form and are hardly usable, as conversation threads are not rebuilt.? Software has also been developed that can recover deleted texts from a smartphone?s SIM card.? However, this only works for GSM devices and can easily be manipulated or discarded by the device user.
The need to archive mobile messaging communications is most clear in the financial services industry in the U.S. SEC Rule 17a-4?which mandates that securities brokers, dealers and members of national securities exchanges maintain records of their transactions and business dealings and that those records be preserved for a minimum of six years, the first two years in an ?easily accessible place.?? The affected records are broad and encompass communications generated and received by individuals within financial institutions, including inter-office memoranda and internal audit working papers, as well as automated messages sent to all customers such as email blasts.? Indeed, in a recent administrative action, the SEC found that an investment firm willfully violated Rule 17a-4 because ?it failed to preserve for three years certain communications related to its business as such, including text messages and instant messages.?[6]
FINRA further requires that its members implement supervisory review procedures for all correspondence of their registered representatives pertaining to the solicitation and execution of all securities transactions, which includes email and other forms of electronic communications. In recent guidance regarding the supervision of electronic communications, FINRA clarified that the term ?electronic communications? include ?such forms of electronic communications as instant messaging and text messaging.?[7] To the extent that employees of these regulated firms use mobile messaging for trading or other business purposes, such communications need to be captured and archived.
To date, many financial institutions have either instituted a policy forbidding the use of text messaging (except for internal instant messaging systems) and/or have disabled messaging on their company phones.? This is certainly a viable option ? as long as such communications methods aren?t being used for business purposes, then financial institutions can stay in compliance.? The question, however, is whether this model is sustainable.? More and more employees want to use these types of communication methods because they have become commonplace and because they want more flexibility around their work schedules and habits.? One large financial institution in the US, for example, reimburses mobile phone expenses for nearly 17,000 registered representatives, but has implemented technology to disable text messaging because the devices are used for business purposes.? However, because these are phones that are owned by the registered reps, the registered reps have been complaining and the financial institution feels the need to find a solution to this problem.
Even more importantly, however, customers and prospects want to communicate with their brokers and investment professionals via these types of messaging methods.? One small investment advisory firm based in the Midwest relayed a story of one of its most important clients BBMing one of the firm?s senior traders from his yacht on Lake Michigan.? Of course, the trader could not respond because the communication was not being captured.? The device was not in voice call range and so the communication had to wait until the yacht returned to shore later that day. Is it really prudent and/or sustainable to limit an employee?s interactions with their most important constituents?? And when we have asked these financial institutions why messaging has been disabled (or is otherwise unsupported), they say simply ?because we can?t track it.?
Last Fall, the FSA, (Financial Services Authority)?officially extended ?the taping rules? (PS08/1, PS10/17: Taping of Mobile Phones ? Feedback on CP10/7 and final rules) to require recording and archiving of all voice and electronic communications dealing with orders, negotiation or arrangement of transactions in the financial services industry. Today, enterprise mobility and flexible working is a reality as more and more, employees are conducting business outside of the office. Recording mobile conversations now will not only be mandatory in financial services firms but also demonstrates good governance particularly in areas where client transactions are conducted by phone. Now, all calls can be quickly retrieved and replayed to protect business operations from the potential of misunderstandings or misrepresentations later down the road. Corporate mobile phone costs often include a high percentage of personal usage by employees. Recording employee calls ensures better adherence to company policy regarding personal usage of company mobile phones.
Message Capture and Archive in Other Industries
Other regulated industries include pharmaceuticals.? Pharma firms are regulated by the FDA?and other self-regulating industry organizations that have guidelines to help assure that promotional materials used by such firms, as well as communications between representatives of such firms and doctors & healthcare professionals, are accurate, fairly balanced, and limited to information that has been approved by the FDA as well as other standards.? Many pharmaceutical firms want to enable their field sales force to use SMS and BBM with doctors and other customers, but feel the need to monitor such messaging to ensure they are staying in compliance with existing regulations.
Another area where mobile compliance is becoming ever more important is in collegiate athletics.? The NCAA?has strict rules about the frequency with which college coaches can contact recruits and their families.? With mobile compliance solutions, college coaches can more easily report their activities in compliance with the NCAA reporting requirements, and college athletic departments can rest easier knowing that they will be alerted if anyone steps out of compliance.
But regulated industries are only the beginning ? companies from all kinds of unregulated industries are interested in message capture and archive for a variety of reasons.? Ever since the Deepwater Horizon blowout, companies in the oil & gas industry have been learning how to capture and archive mobile messaging and mobile voice calls from their employees and subcontractors on oil drilling sites to ensure they have complete records of all communications between relevant parties going forward.? Construction engineering firms that have had on-site disputes between contractors and subcontractors about changing specifications at a construction site have been inquiring about such a service. Commercial real estate firms want to track the communications of their property management, marketing, leasing and development professionals in the field.? Consumer products companies want to keep track of their sales reps in the field.? The list goes on.
In a survey of over 100 technology and strategy decision-makers responsible for messaging archiving conducted in 2010, Forrester found that 40% of messaging archiving stakeholders planned to roll out or expand solutions in 2010.? And while IT operational objectives such as lowering storage costs, improving backup and recovery and boosting message application performance definitely remain important, legal risk mitigation needs have become paramount.? Among stakeholders planning to expand or roll out messaging archiving in 2010, the top drivers are meeting regulatory requirements (85%) and easing eDiscovery burdens (77.5%).[8]
Policy vs. Privacy
Any type of surveillance tool, however, should be treated carefully by companies that seek to deploy it.? First and foremost, companies should be upfront with their employees and put them on notice that their messaging is being archived for corporate purposes.
Indeed, in a June 2010 decision, City of Ontario v. Quon, the US Supreme Court unanimously upheld the search of a police officer?s personal messages on a government-owned pager, saying it did not violate his constitutional rights. The warrantless search was not an unreasonable violation of the officer?s 4th Amendment rights because it was motivated by legitimate work-related purposes. The city was trying to determine whether it needed to modify its wireless contract, which imposed fees after employees exceeded character limits on text messages.
While the privacy issue in?City of Ontario v. Quon?involved a government intrusion into personal communications, that is, whether or not the 4th Amendment applied to the electronic communications of public employees, the decision will likely have an impact on future court decisions involving private employers.? It is clear from the Court?s decision that, although companies certainly should be as explicit as possible, an employer?s policy regarding monitoring need not specify every means of communication subject to the policy. The implication is that employees should assume that any electronic device provided by an employer may be subject to monitoring, whether or not such a device is specifically mentioned in a written policy.
Elements of an Ideal Solution
Any solution to the problem of mobile communication capture and archiving must be comprehensive.? The solution must be able to monitor, log, archive, or block mobile communications, and must be able to recreate the entire message conversation just like an email chain.? In addition, the solution must be able to track the movement of mobile communication devices and ensure that employees cannot get around the policy.? Finally, it must be easy for your compliance team to access the information necessary to properly address security breaches or violations of company guidelines.
Features of the solution aside, it must offer many characteristics that allow it to be implemented easily and integrated seamlessly into your company?s network.? Scalability, upgrades, and data backup must also be key factors.? Let?s start breaking down the ideal mobile communication monitoring, capture and archiving solution in terms of its handling of various features and functionality.
Handles All Message Types
The ideal solution captures a multitude of popular mobile messaging types, such as SMS, BBM, PIN-to-PIN messaging, and some of the public mobile instant messaging services such as AIM and GoogleTalk.? All of these message types should be captured through a single application and each message type should be able to be identified as such.? The ideal solution offers data storage in the WORM (Write Once, Read Many) format making changes and deletions impossible.
Device Platform Agnostic ? Client Based Solution
The ideal solution should also capture messages from any device.? Some solutions are centered around the BlackBerry Enterprise Server?s messaging logging capabilities, but that leaves a large portion of smartphones without coverage.? The best way to ensure coverage on all major smartphone device platforms is to have a client-based solution, meaning software applications that are downloaded to the device and then ?listen to? or ?watch? messaging activity occurring on the device in real time.
Several ancillary features then accompany a client-based solution.? First, the client application should regularly report to the backend server that it is running properly.? Second, other features such as message blocking (described later) must be able to be provisioned from the web, providing a remote control function over the client application.? Finally, regular updates and upgrades to the software application must be automated and pushed over-the-air (?OTA?) to mobile devices in service.
Conversation Thread Rebuilding
Because much mobile messaging consists of short, sometimes cryptic text, it is ever more critical for an archiving solution to be able to rebuild the message conversation thread so that messages can be viewed in context.? The conversation threading parameters should be configurable by the enterprise as well so that they can change the ?length? of the conversation as needed to see the entire context of the conversation.
Easily Searchable Archive
In regulated industries, e-communication archiving is compulsory.? But the messages need to be accessed easily in order to have any value to a company.? If each time someone wants to see a message exchange from last year, hundreds of different offline files need to be searched, it puts a huge chilling effect on people actually searching for the relevant communications and in any event will take an inordinate amount of time.? What is needed is a single archive that contains all of the relevant messages, searchable by date, name, keyword, other person in the conversation, and message type.
Monitoring
The ability to monitor mobile communications sent and received is paramount.? The monitoring function gives your compliance officer the ability to identify potentially dangerous messages and take real-time action to enforce company policies and limit your exposure.? The solution must allow you to monitor use of certain keywords or phrases or certain number patterns, such as credit card numbers or social security numbers, in order to ensure employee adherence to company policies.
Blocking and Filtering
Certain types of communications do not belong on your company?s smartphones or within the infrastructure that supports them.? Being able to configure the solution to filter or block incoming and outgoing texts or other mobile messages keeps inappropriate and potentially harmful content and/or communications from coming into the organization or going out of it is critical.? An especially important element of blocking is being able to easily enable it by keyword, domain or sender.
Flagging and Alerting
When a protocol has been breached or when a device or device application has been compromised, your compliance and security staffs need to know right away so they can determine the source and decide on the appropriate response. The ideal solution includes advanced reporting capabilities that send alerts to the right people once any mobile communication protocol has been violated.? When combined with robust logging capabilities, the ideal solution can flag an inappropriate communication and create an audit log file automatically.
Usability
The ideal solution also needs to have an intuitive user interface that puts the power of its capabilities at the fingertips of an authorized user, usually an IT security or legal compliance officer.? Following a secure login, the user should be able to do the following:
Install the solution on a smartphone or other mobile communication device at the device?s keyboard or ?over the air?
Directly access the mobile communication archive to search for messages
Review and annotate conversations to ensure policy compliance
Access a variety of reports and create ad-hoc data queries, then export results to multiple file types
Set up a variety of flags and alerts to be sent out under various circumstances
No Impact to End User
Any client application residing on a mobile device should be ultra-lightweight and should not impact device functionality or, of course, worker performance.? This means that the client application should be optimized to limit processing on the device and to limit battery usage.? An ideal client application should not be noticeable to the end user, meaning an end user should not notice any difference in device functionality or battery life once it is loaded onto the device.
Privacy Features
By their nature, monitoring and archiving solutions provide company IT and compliance departments information that users might not want to share.? As such, it is critical that companies inform their employees that such applications are being used by the company.? In addition, however, the client applications themselves should provide subtle notices or reminders to employees that a message capture application is resident on their device.
In addition, however, message capture solutions can also proactively limit messages captured to those used for business purposes.? In this regard, world class message capture solutions should have time-of-day parameters that capture only messages sent or received by a user between, for example, 8 AM to 8 PM on weekdays.? This would give users peace of mind that their personal messages occurring after hours or on weekends are not being captured.? In addition, whitelist & blacklist features can be implemented to either capture all messages except messages to/from certain specific personal contacts or not to capture any messages except messages to/from certain business contacts.
Uninstallation Protection
On the flip side, companies will not be able to rely on a message capture solution on a device unless there is sophisticated protection from users uninstalling the application.? End users should not be able to remove the client application without a password.? Additionally, in order to ensure nothing has happened at the operating system level, the client application should establish regular communication with the server, with alerts being sent out if these communications cease.
Integration with Existing Archiving Solutions
The ideal solution will integrate with the company?s current email or other document archiving solution or data vault.? This creates ease of use and is a more efficient utilization of a company?s data storage resources.
Encryption / Security
The ideal solution must insure that all mobile communications are secured by using, at the minimum, SSL encryption technology.? Secondly, data backups must be securely encrypted, especially if mirror image records are to be created for web use.? Finally, data archives must be secure and unalterable through the use of encryption and WORM.
The Ideal Solution Exists ? TextGuard
This white paper has discussed the elements of an ideal solution for mobile communication security in great detail.? So just how does TextGuard measure up?
TextGuard meets all of the criteria set forth above and its list of features, capabilities, and advantages are substantial.? TextGuard also offers a 24/7 support portal with a comprehensive knowledgebase, updates and new releases, new user setup, and support ticket handling.? In addition, the solution can be customized to your company?s specific needs and requirements.? Uptime and performance SLA?s are your guarantee that TextGuard will perform when it matters most.? Finally, every archived message is continuously accessible with absolutely no time limit.? You may set the length of time messages are kept based on the specific regulatory and compliance guidelines of your industry.
TextGuard was designed by veterans in the Compliance, Data Security and Information Technology industries to be the premier information monitoring, capture and archive solution for mobile communication.? After a thorough technical, market and feasibility analysis, Todd M. Cohan founded TextGuard to succeed in a volatile and ever-changing IT marketplace by being a total mobile communication solution with robust features, 24/7 support, and the innovation necessary to become and remain the benchmark in the industry.? TextGuard offers many different solutions for mobile archiving and allows firms to utilize one vendor for their mobile compliance solutions.? TextGuard offers solutions for text messages, instant messaging, as well as their product VoiceGuard to record and archive mobile voice calls as well.
We hope this white paper has shed light on how mobile communications can be monitored, captured and archived and the unwanted consequences that can result from failure to do so. There can be but one conclusion drawn from the information presented here.? TextGuard is the ideal solution for creating an overall enterprise-wide mobile messaging archiving regimen for every smartphone in use on your company?s network.? For more information, visit http://www.textguard.com.
?
[1] http://www.forrester.com/rb/research
[2] ?Internet Trends? presentation, Morgan Stanley, April 12, 2010.
[3] ?comScore Reports January 2011 US Mobile Subscriber Market Share,? comScore press release, March 7, 2011.
[4] ?Cell Phones and American Adults,? Pew Internet, a project of the Pew Research Center, Sept. 2, 2010, page 2.
[5] ?IBM Survey Says Mobile Apps Will Dominate Enterprise,? The Wall Street Journal (WSJ Blogs, Venture Capital Dispatch), October 7, 2010.
[6] ?In the Matter of Evergreen Investment Management Company, LLC and Evergreen Investment Services, Inc.?, SEC Administrative Proceeding File No. 3-13507, June 8, 2009, page 13.
[7] ?Supervision of Electronic Communications?, FINRA Regulatory Notice 07-59, December 2007.
[8] ?Regulatory and eDiscovery Demands Drive a Growing Messaging Archiving Market?, Forrester, March 17, 2010, pages 4-5.
?
Todd Michael Cohan ??Founder & CEO
As TextGuard?s President and CEO, Todd is responsible for setting the company?s strategic vision and leading its growth and industry leadership. He has guided the company from startup to its current position as the leading mobile compliance company in the US by focusing on customer needs, innovative technologies and industry growth. Todd has over 15 years? experience building businesses in the information technology and enterprise security space.
Todd began his career in IT with Metacom Technologies, which he founded in 1997 to provide Fortune 500 companies with information technology resources. As its President and CEO, Metacom grew to over 100 consultants, generating over million in revenue and became the first IBM Premier Business Partner to host a training facility for IBM staff and IBM business partners.
At the request of several customers, in 2005, Todd launched Sacure, a provider of data security, managed security and professional security consulting services. Sacure?s clients ranged from banks and financial institutions to auditors who rebranded the solution for compliance requirements for regulated industries. Todd was responsible for the design, architecture and staffing of the world-class 24/7/365 security operations center, developed all marketing and public relations campaigns, developed and led the telemarketing and sales division, and built strategic relationships with industry specialists and advisors.
Todd Michael Cohan founded TextGuard in 2007 with parental monitoring and child protection in mind, but quickly saw the emerging needs in the financial services industry as well as other industries such as pharmaceuticals, healthcare, construction, and energy. TextGuard has been featured in the media including CBS TV as well as on Dr. Phil.
Todd received a B.S. from Rutgers University in 1995 and lives in New York, NY. Todd is also a graduate of MIT?s Birthing of Giants Entrepreneurial Program, and was named as part of the Top 100 Entrepreneurs in the United States very early in his career. Todd has also appeared on CNBC, in the Wall Street Journal and on various nationwide radio programs.
?
Article from articlesbase.com
Related Design Llc Cloud Computing Articles
elisabeth hasselbeck tracy morgan bebe disturbia cops astrological signs phoenix
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.