The COVID-19 pandemic has been the ultimate accelerant in changing business practices in sub-Sahara, forcing a mass move to remote work. As a result, there is more pressure than ever before on tech leaders in business to establish mobile device management (MDM) and bring-your-own-device (BYOD) policies.
During the pandemic, shifts in workplace culture that normally unfold over years happened in the space of a few weeks. Remote, asynchronous work quickly became the norm in Africa and around the world out of sheer necessity — and now, an increasing number of companies are announcing that this change is permanent and that their workforce will no longer need to come in to the office every day.
In fact, many companies are letting the lease expire on their physical offices, and embracing a new remote way of working. This means that management needs to establish BYOD and MDM policies.
No one remote device policy works for all
For small, agile organizations accustomed to change, the transition to remote or hybrid work has been relatively seamless. But more traditional, office-bound organizations like CCI were forced to scramble and adapt to the new normal. CCI is one of the largest business process outsourcing (BPO) operations in Africa. The company employs 10,000 agents who either work remotely from home, or from one of nine buildings in three cities to service local South African and international clients in Australia, Kenya, the UK and US.
Mervyn Pretorius joined CCI as CTO in November 2019. He was still learning the job when COVID struck. The company had just three weeks to roll out work-from-home solutions for 30% of its workforce.
The company decided against a BYOD strategy and instead supplied mobile devices to its remote workers. “By supplying our own endpoints to our agents we not only alleviate the cost burden for them to begin earning money if they did not have their own devices but simplified support and management since we have a controlled variety of devices out in the field,” Pretorius says. “Uniformity of end points was therefore a better strategy than BYOD to ensure maximum efficiency and security.”
To do this, CCI partnered with local companies to deliver equipment and perform screening measures. “For every agent who would work remotely, a home inspection was completed, followed by an initial setup. With success, we ramped up the pace, bringing us to a peak of 150-200 additional agents online per day. To manage specific work from home issues, a helpdesk was introduced and video guides were made available in multiple languages to assist agents,” Pretorius says.
CCI chose to deploy a private APN (access point name) network with two local mobile operators instead of a VPN, and used end-to-end encryption between remote agents and the company’s core infrastructure. Private APN networks allow users to connect to a particular wireless provider’s network, while VPNs protect information being sent over a public network.
The company also increased the level of monitoring and frequency of penetration testing across its networks and devices to ensure that the rapid rate of change did not result in unintended vulnerability, Pretorius says.
Staff training is key to remote-work security
CCI also moved to ensure that remote workers understood best practices for security. “In the interest of informed security policy, we not only set as a prerequisite for our remote agents that they familiarise themselves with additional learning modules on our internal LMS [learning management system], but also took a hard-line approach in protecting our clients’ data, which for us is paramount,” Pretorius says.
The boundaries between work and leisure, and home and office, have become so blurred that it’s almost inevitable that employees will use their personal devices for work and their work devices for personal purposes.
“The biggest risks with BYOD have always been, and remain, data theft and security,” according to Stuart Thomas, lead content strategist at Irvine Partners, a Cape Town-based marketing company. “It can also be difficult to ensure former employees no longer have mobile access to company applications once they leave. Employee education remains a far more potent weapon than simply issuing company-owned devices, which can be mitigated by periodically taking inventory of every employee device accessing your network.”
Technology strategy for remote workers depends to a large degree on the industry and the role that employees fulfill in a company. For example, journalists out in the field invariably use their own phones to record audio and take photos, while an accounting person is likely to use a company computer to perform tasks using sensitive business data.
Uber combines BYOD with MDM software
Ride-hailing giant Uber relies on their drivers to provide mobile devices, but the Uber driver’s app uses MDM technology. “If we detect a new device accessing a driver’s account, the app may require additional steps before a driver can login. This occurs with a one-time verification code in addition to the driver’s password will be required every time a driver signs into their Uber account,” according to Uber documentation.
As an added layer of security, a real-time ID feature requires the use of selfies for security by prompting drivers to take photos to help verify the right driver is behind the wheel on an ongoing basis, Uber says. For Uber, the repercussions of a stolen device from one of their drivers could be disastrous, both in terms of reputation and the physical safety of their passengers.
The picture is different at Arena Holdings, the largest media stable in South Africa. Their flagship weekly newspaper, the Sunday Times, is head-and-shoulders the best-selling newspaper in the country. Even though the company has over 1,000 employees, there are seldom more than 100 in the office at any given time, says Riaan Wolmarans, head of digital media at Arena.
“There will always be physical risks (damage to equipment, or theft) that can be problematic, and theft comes with the additional danger of company information being exposed to third parties,” Wolmarans says. “However, most editorial staff were already taking their equipment with them wherever they went before the pandemic, and there has not been an increase in the number of such incidents.”
The company has invested heavily in a custom-built content management system (CMS) called CosMoS, that allows staff to work remotely. “It’s an easy-to-learn, intuitive system developed with full editorial involvement, and staff can access it with ease remotely, so the pandemic-related changes in our world had no effect on the steady performance of our CMS,” Wolmorans says. “In fact, the sharp rise in digital traffic and new digital subscribers since the start of lockdown in 2020 brought forward some additional enhancements to CosMoS to help us make the most of the influx.”
Understanding pros and cons of BYOD and MDM
For companies in a low-risk environment, one of the biggest advantages of BYOD is that employees are comfortable with their own devices. They know how they work and what they are capable of and how to get the most out of their own devices. BYOD is also a massive cost saving for an organisation to not have to invest in new hardware and software for their employees.
“The pros of providing equipment include better IT control over the status and health of the machines and the licensed software installed on them (including corporate-quality security and anti-virus tools), but a big con is that it is very expensive for the company to continually upgrade staff computers or swap them out for new ones,” Wolmorans says.
By supplying workers with mobile devices, on the other hand, a company is not forced to contend with hundreds of different types of mobile devices. They supply two or three that they know and trust, and that should relieve the burden on the IT department having to manage all manner of devices. “Simply put, we don’t have 500 different brands of laptops, etc., because of BYOD,” CCI’s Pretorius says. “We have 2-3 specs of equipment, because we supplied it ourselves.”
Practical experience of tech leaders shows that it is vitally important that organisations think through BYOD and MDM policies before rolling them out. No one policy works for every organisation. The sooner an organisation knows and understands the pros and cons of different approaches, the sooner it can plan effectively, secure valuable data and create a productive environment that works for everyone.