It's been a rough time of late for global business travelers who need to stay in touch.
Earthquakes, tsunamis, volcanoes, floods and wildfires have disrupted communications across large geographic regions, while political turmoil -- and government responses to that unrest -- have thrown normal communications routines into disarray.
What's notable is how quickly and unexpectedly events can unfold. One day, a country can be wired and connected. But the next day, cellphone service is out and Internet connections are down. Travelers without a backup plan can be left stranded and scrambling.
It doesn't have to be that way. Well-prepared employees who have been outfitted and updated before heading abroad have a much better chance of staying connected and safe during a disruption, says Jerry Luftman, executive director and distinguished professor at the School of Technology Management at the Stevens Institute of Technology in Hoboken, N.J.
In troubled times like these, IT departments should adopt holistic "we've got you ready to go" policies, rather than leaving traveling workers to figure out ways to stay connected on their own, says Phil Cox, director of security and compliance at SystemExperts Corp., a network security consultancy in Sudbury, Mass.
Security experts agree with Luftman's and Cox's observations. With companies of all sizes doing business in remote or volatile regions of the world these days, the time is right for organizations to develop plans that take into account workers' destinations and what they're likely to encounter there.
But "not enough" employers are doing that, says Greg Bell, principal and global services leader for information protection at business advisory firm KPMG. "There are a larger number of firms today that are thinking through this than there were a few months ago," he says, "but mostly these are larger multinational companies that have learned from what's happened around them."
And don't miss...
Encrypted Data Doesn't Always Travel Well
"The bigger risk is to the smaller and midsize firms who are starting their global expansion but don't have enough people looking at risk or aren't asking questions at all," says Bell.
Road warriors in tough conditions
Tech managers at Edgewater started asking questions a long time ago. Employees of the Wakefield, Mass.-based IT consultancy have a history of enduring tough conditions on the road. In the mid-1990s, for example, some Edgewater workers were in Sri Lanka when the country was in the midst of a brutal civil war.
Telephone wires there were often stolen for their copper, and other key components of the telecommunications infrastructure often had been blown up or were just plain nonexistent in rough jungle terrain. So the company outfitted its employees with cellphones, a technology that was just beginning to gain wide use.
The firm continues to send people all over the world -- to remote areas of the United States and parts of Africa, Europe and Asia, says Dave Clancey, the company's CTO.
Clancey says Edgewater, with its global reach, has always recognized the need to deliver reliable tools to its traveling workforce -- to keep people connected so they can do their jobs, but also to keep them in touch with support personnel back at the U.S. offices.
And that can be a moving target, since mobile technology changes almost as fast as the geological, meteorological and political conditions worldwide. "You have to stay on top of it, stay up to date," he says. "The last thing you want is people not being able to contact you or you not being able to contact them."
Of VPNs and VoIP
As the world becomes more connected, it might be hard to imagine not being able to contact others no matter where you happen to be, but the reality is there are still large swaths of the globe where avenues of communication are limited -- where clouds are just clouds, Wi-Fi isn't available, even for a fee, and access to basic voice and data lines is a luxury.
Moreover, recent events have shown that, even in developed regions, seemingly robust communications and technology infrastructures can be incapacitated in the wake of natural disasters and political upheaval.
As the former director of IT at Boston-based Vantage Deluxe World Travel, Peter Groustra knows what it takes to equip workers to handle unexpected situations.
To support Vantage's employees, whose jobs include leading overseas tours in places like Egypt, Groustra deployed a Cisco Unified Communications platform, a VoIP system and a virtual private network (VPN) that allows workers to use their laptops to place secure calls into the main office using the same number from any Internet connection -- either hardwired or wireless -- regardless of their location. He says workers use their smartphones, too -- the travel company generally signs up for service with local providers in the regions where it offers tours.
With all of those options, says Groustra, now assistant director of Boston University's Information Services and Technology Project Management Office, he felt confident that Vantage's workers the connectivity they needed.
That was until the uprising in Egypt this past spring, when the government shutdown of Internet connections left Vantage's tour guides unable to use their regular methods of communication.
The tour guides managed to make it to Vantage's offices in Cairo, where they used old-school landlines to call the home office, which then arranged for a chartered plane out of the country. Groustra says the experience made the company rethink a proposal to cancel landlines in its Cairo office and go all-cellular.
Smooth travel starts at home
While the IT department should be at the forefront of deciding what gear and software is best for which employees, protecting mobile workers is not a job for IT alone. HR executives, legal experts and physical security specialists should all be part of the discussion with IT leaders, says Luftman.
"Much of this goes beyond IT, though much of it can be enabled with IT," Luftman says.
He says IT's role starts at home, with the establishment of a portal, such as an Intranet or wiki, where employees can find travel updates, including safety tips, State Department warnings and other key pieces of information.
IT could create a hotline for travelers to call -- via landline, Internet or satellite phone -- if they run into trouble. And it could set up a means of pushing out information -- via pager or cellphone alerts, for example -- to ensure traveling workers get critical information right away.
(Managers may also want to keep tabs on the burgeoning array of disaster-preparedness smartphone apps to determine which, if any, are right for their employees.)
On the hardware side, IT should ensure that workers are equipped with the basics, such as Skype on their laptops and a cellphone that will actually work overseas. "You have to have these in place and communicate that these are in place," he says.
From there, Luftman says, IT can look at the places where workers will be traveling to determine what additional needs they might have.
At Edgewater, Clancey has the process down. He says he looks at where his workers are going and how long they'll be there. Then he starts to pack up their traveling kits, pulling most of the needed items from the stock he keeps at company headquarters.
One big decision is whether smartphones and laptops are enough, or whether travelers will need satellite phones and solar-powered battery chargers.
"Everybody goes out with a high-end laptop and a smartphone. We make sure they have the proper adapters for power supplies that handle 110-220V automatically," he says. "If someone is going for an extended period, we provide a country-specific unit."
If employees will be overseas for an significant amount of time, he arranges for local cellphone service in addition to their regular U.S. cell service.
And if they're likely to pass through remote areas with no cellular service, including parts of the western United States, he rents them satellite phones for backup (even though placing a call on such a device can cost more than $1 a minute). He might also pack solar-powered battery chargers or hand-cranked chargers, both of which typically have or generate enough juice to power a laptop.
Cost vs. risk
While Clancey says such investments make sense for his workforce, given the risks employees might encounter, security experts advise companies to assess their own needs and balance cost of various technologies against the potential benefits they might yield in certain situations.
Despite the tense situation Vantage workers encountered in Egypt, for example, Groustra says he doesn't think satellite phones would have been worth the cost in that situation. "We found it was expensive and we could generally reach people with cellphones," he explains.
Groustra notes that world phones -- those that support multiple standards -- work best. Although when he worked at Vantage he occasionally gave employees 4G LTE devices for special purposes -- if a traveling employee wanted to create a hotspot so several people could share connectivity, for example.
Of the risk vs. cost debate, Groustra says, "It's a tricky balance. Like any company, we had to watch the bottom line. We didn't want to go with the most expensive option, but we wanted to have multiple options because we didn't want [our guides] to be out of touch."
Encrypted data doesn't always travel well
It's no surprise that more and more companies are turning to encryption to keep data safe when their employees travel overseas. They're using encrypted hard drives to safeguard data on laptops and encryption apps to protect company files and user data stored on smartphones' SD RAM cards.
Phil Cox, director of security and compliance at SystemExperts, says clients have told him stories about foreign customs officers taking possession of their laptops and claiming that they needed to inspect them. Although the clients said there was no evidence that anything was hacked, the experience left questions in their minds.
With such uncertainty in the air, encryption makes sense. But from a legal point of view, encryption can pose problems. Specifically, taking an encrypted device into some countries can violate international laws.
"Some countries have restrictions on what type of information you bring in. There are certain countries where encrypted data isn't allowed. And in some cases, coming in with a laptop with an encrypted hard drive is breaking local laws," says Greg Bell, principal and global services leader for information protection at KPMG.
The laws are complex; even countries that currently prohibit individuals from bringing in encrypted devices or data will allow it under certain circumstances with permits or prior permission from government agencies. (Of course, determining which government agencies can grant that permission can be a complicated task in itself.)
According to IT security experts, the countries that prohibit and/or require special permits for encryption include Belarus, China, Hungary, Israel, Russia and Saudi Arabia. (Travelers may want to check the State Department's list of country-specific information, where restrictions on digital data are sometimes -- but not always -- listed under "Customs Information.")
Richard E. Mackey Jr., vice president of consulting at SystemExperts, says prudent companies shouldn't allow workers to carry around too much sensitive information, encrypted or otherwise.
He recommends that IT departments make it a policy to know what each traveling worker has on his or her computer and other mobile devices and keep only what's absolutely necessary for a particular business trip. And that information should be encrypted.
What do you do if the country your employee is visiting prohibits encryption? Consider the cloud.
Bell says some companies are now storing sensitive data in the cloud rather than on laptop drives and equipping their road warriors with secure VPN connections that allow them to access material when they need it.
— Mary K. Pratt
Pratt is a Computerworld contributing writer in Waltham, Mass. You can contact her at marykpratt@verizon.net.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.