When a care provider supplied laptops to its roving employees, it added a security solution to enable efficient collaboration. Greg Masters reports.
There's no arguing with the fact that new technology has enabled workers on the go to perform many of their tasks with efficiency and convenience. However, while most likely are little concerned that their communications are at risk of being intercepted, those charged with protecting enterprise information certainly are. In the health care field, owing to federal laws regulating the exchange of personal information, this is of particular concern.
Comfort Care Services (CCS) provides supported housing and rehabilitation services for vulnerable adults with enduring mental illness, learning disabilities, substance/alcohol misuse and other complex needs. Headquartered in Slough, England, the firm distributes services to more than 55 sites across the U.K. It also works with over 19 local and regional authorities.
Due to the organization's disparate geographical locations, the majority of its employees are remote workers and make multiple visits to clients each week. In order to streamline the process of creating, editing and sharing the documents its staff creates during these house visits, the specialist care organization issued laptops to about 250 of its mobile staff.
The laptops were configured with virtual desktops that didn't permit document interchange outside of CCS's virtual desktop infrastructure (VDI) environment. Interchange was limited to a few select staff who acted as a security filter and gatekeeper for data.
However, while this security worked well for documents produced and shared within the company network and using company-supplied devices, CCS management was concerned about the potential risks associated with case documents being produced outside the company network using standalone and personal devices.
CCS has 350 employees. There are two core IT staff who are supported by an outsourced partner. “We take the view that our core competence and focus is to deliver first-class social care, and as such we should partner with companies whose core competence and focus lays in IT,” says Gee Bafhtiar, operations director at Comfort Care Services.
Indeed, following deployment of the company-supplied laptops, management started getting feedback from employees that they found them cumbersome, intrusive and intimidating for use with service users. It was reported that partners often found them to be a distraction when its employees were taking case notes or entering data about care plans. In addition, employees found that having a blanket policy that prevented data interchange with parties outside its VDI network, unless through select employees, frustrating which lead to a dip in productivity. As a result, 30 percent of the laptops deployed were under-utilized. When management investigated the problem, it became clear that employees preferred using familiar hardware, and in particular their own devices, with document-specific security settings that enabled cross-network collaboration, all within a secure environment.
The challenge became finding a way to promote the use of IT-sanctioned applications to ensure uniformly secure data at a document level while enabling staff productivity and cross-network collaboration through device familiarity – without a significant reinvestment in hardware and security software technology.
CCS also needed it to support a rapidly growing environment. “Our biggest challenge was to preemptively take control of information exchange, while accommodating staff's preferences for mobile collaboration,” he says. “We knew we needed to deploy a secure, file-sharing alternative that was easy to use but gave us full auditability over who accessed files and what changes had been made to different versions of documents.”
Addressing CCS's existing collaboration structure was essential in order to help geographically dispersed teams work together more effectively, he says. Most staff members said they would be more comfortable using their own devices for work and Bafhtiar realized that, without formally allowing BYOD, the company as a whole would inadvertently promote work-arounds and wouldn't achieve productivity gains.
Yet, allowing BYOD and permitting the use of consumer-grade file-sharing services didn't allow for secure, real-time collaboration. Additionally, as is typical with all organizations in the health care sector, CCS needed to ensure that confidential information was kept secure. “The files that our employees develop, collaborate on and share are care plans and case notes and they often need to share them with external parties,” says Bafhtiar. “For instance, there are times when staff must share data and reports with government authorities and other health care professionals outside of the company. We needed to ensure that these records were secure both inside and outside the firewall.”