ZIFFPAGE TITLEFinger Off the PanicBy Beth Mcfadden | Posted 2006-05-15 Email Print
Modernizing Authentication — What It Takes to Transform Secure Access
Giving handhelds to 1,000 executives around the globe wasn't easybut it let Unilever establish its wireless policy from the ground up.Button">
Finger Off the Panic Button
Farah and the nine members of the Unilever team didn't panic; they knew they had an opportunity to determine the company's policy on mobile devices. Their first step was to decide that from a security perspective, a mobile handheld device would be treated no differently from a laptop. "We used our laptop policy as a base," Farah notes. "Our laptops have password time-outs, so we decided that any device we selected would have the same protection." In addition, Unilever has a general policy that no e-mail can leave the company's network without being encrypted.
The team married these premises with several business requirements for the device itself: the ability to use voice and data capabilities on the same device; roaming capabilities so the device works internationally; the ability to view attachments, such as Word files; and a battery life of more than 4 hours. The team then consulted the company's telecommunications outsourcing partner, British Telecom, which has a seven-year contract that began in November 2002 to provide Unilever's wireless area network, local area network and wireless services.
The next step was to roll out a pilot program in June 2004 at Unilever headquarters in London. Only 20 senior executives took part in the program. The small size of the user group allowed the technologists to better control the rollout of the pilot and to test the devices at the same time as the executives.
Farah and the team decided that the pilot would exclusively use the BlackBerry 7200 handheld from Research in Motion (RIM). The team based its decision on recommendations from researcher Gartner that ranked RIM as the leader in its category, according to frequency of product upgrades and new releases; support for heterogeneous e-mail servers and architectures; synchronization mechanisms for e-mail; the number of wireless networks supportedfor example, General Packet Radio Service (GPRS), Code Division Multiple Access (CDMA) and Wi-Fiand security features like encryption and data control.
Unilever's pilot program spent approximately $2.5 million for the BlackBerry 7200s and BlackBerry Enterprise Servers. During the testing phase, Farah's team collected feedback from the executives on the BlackBerry's screen size and keyboard. The majority of executives said that both were satisfactory. Additional questions focused on the BlackBerry's functionality, such as whether the executives had been able to download attachments and view them, and if the Internet's browser's viewing capability was acceptable. The majority of executives gave the BlackBerry a thumbs-up based on these functional criteria as well.
A final set of questions focused on the security of the device itself. An overwhelming majority of the executives agreed that the security procedures for the BlackBerry were reasonable, and that it was practical for them to cradle their device every 30 days to create a new security key.
In September 2005, the pilot moved into production for a larger group of executives. Prior to this rollout, the team analyzed all of the hardware devices RIM offered and selected three, the 7100, 7290 and 8700, as the standards. They were chosen because they were the models that best met the original business requirements. Unilever also requires that employees procure their BlackBerrys through British Telecom. A key factor in the deployment, according to Farah, was requiring every employee to use the company-specified device. "No one can deviate from these standards, and if they do, they won't get support," he says.
John Pescatore, vice president of Internet security at Gartner, applauds this best practice. He notes that 90% of firms can't dictate their employees' mobile hardware use: "Choice of devices is driven by user preference, which makes it very hard to standardize."