Two years ago, casino giant Harrah's Entertainment needed to cut costs. One of the first places managers looked was cell phones.
As the company evaluated its business, one of the quickest and least painful ways to reduce its yearly budget by more than $1 million a year was to change its cell phone policy. Specifically, the company started allowing its employees to use their own cell phones for work.
"We looked at the cell phone market penetration, which is close to 100 percent, and we realized that everyone already has their own cell phone," said Mark Cross, senior manager of IT Mobility and Strategy for Harrah's Entertainment. "And then we looked at what we were paying to outfit people with cell phones and realized there was money to be saved."
But asking employees to use their cell phones for work presented tricky privacy issues for employees as well as difficult security issues for Harrah's.
Even though many employees were happy to consolidate devices so that they only had to carry around one phone, there was one main major concern that many employees shared: how much access would the company have to the employee's personal e-mails, applications, text messages, and phone records?
Employees were also worried about the company's ability to wipe their devices of all personal data once they left the company. And what about the company's right to search or confiscate personal phones?
Cross said the company needed to come up with both a technology solution and a plan to revise its policies. Finding the mix of policy and technology to keep the corporate network secure while also ensuring employees' privacy is an increasingly common challenge for companies as the dividing line between the workplace and home blurs.
Harrah's isn't the only company grappling with such issues. Indeed, as the economy continues to struggle, more companies are shifting the cost burden for cell phones and other technologies onto employees. Earlier this year the Aberdeen Group released a survey titled "Enterprise Mobility Strategies 2010: More Mobility, Same Budget," which showed that nearly 73 percent of companies today allow some or all employees to use personal-liable mobile devices for work. These are devices that employees own and pay for. The trend is expected to continue with the Aberdeen Group projecting that 8 percent of the 200 organizations it surveyed will allow all their employees to use personal devices within the next 12 months.
For Harrah's, Cross first went to employees to determine if this was a viable policy. Would employees resist having their cell phone benefits cut or eliminated? Surprisingly, Cross said that more than two-thirds of employees said they preferred to use their own phone for work, even if it meant they had to foot the entire bill.
"Most employees were carrying around two devices anyway," he said. "People had a BlackBerry or Windows Mobile phone for work and an iPhone for fun."
Separating corporate data from personal data
The most fundamental policy that Harrah's dealt with was separating the corporate data from the personal data on the phone. The company also requires all corporate data to be encrypted on the device and each device to be password secure. Harrah's has been using technology from Research In Motion for its BlackBerry users and technology from Good Technology for employees using Apple's iPhone and Google's Android phones to secure the phones and keep personal data and work data separate.
"Businesses don't really want personal data and activities to intermingle with corporate data anyway," said John Herrema, senior vice president of corporate strategy at Good Technology. "And our technology keeps these separate, so then it's a matter of adjusting policies about what is acceptable use for applications or other content at work."
Most companies already have these policies in place dictating what types of content can be accessed or used during work hours. And Herrema said that most employees are aware of what's acceptable at work and what is not.
But Cross said that Harrahs put together a task force within the company to write specific policies to ensure that employees who elected to use their phones to access corporate e-mail and other data on the go, understood what information the company could access and protect and what information was off limits.
In separating corporate data from personal data there is a inherent understanding that if the device is lost or stolen or if an employee leaves the company, only the corporate information on that device will be wiped. Cross said. This also means that only corporate e-mail and other business-related apps and data will be backed up by the company's servers.
If employees want their personal data and apps backed up, the IT department will tell them how to do it, but IT professionals will not do it for them, he said. The company also will not assume responsibility for paying for the service nor maintaining the service. That said, Cross said that employees can get some technical support from IT. They have also put together a cheat sheet for employees for when employees go phone shopping with pertinent questions to ask their wireless provider. And once they have bought the new device, the IT department helps set up employees with access to corporate e-mail and access to other relevant corporate data.
"The company is committed to helping employees as much as we can with supporting their phones," Cross said. "But because the account is under the employee's name, we cannot call their cell phone provider if it's a network issue."
RIM and Good Technology, which provide Harrah's solution, aren't the only companies offering technology to handle security and privacy for employee-owned smartphones. There are others, including MobileIron, which provides similar functionality. While there are differences technologically among the various solutions, the main differences for companies grappling with these issues is in figuring out the policies that need to be established.
For example, Ojas Rege, vice president of products for MobileIron, said some industries like trucking may require employees to keep a tracking service active on their phones, while others would have no use for location-based services.
"Every company will have its own polices for different groups of users," he said. "Some companies don't even want to see what types of applications people have on their phones for personal use, while others will not allow people to put corporate data on their phones if they are running certain applications. It varies widely."
While Harrah's is saving money by transferring the financial responsibility for the cost of the device and service onto employees, the company is also spending money to implement the security and privacy technology policies. The company is also supporting many more devices than it had been previously, since any employee with a corporate e-mail address is able to opt into the program.
Even with the added cost, Cross said that the company is still coming out ahead. What's more, the added connectivity has made some employees more responsive and productive than they had been previously.
"We haven't really studied this yet," he said. "But anecdotally, I think it has helped our employees to be more responsive. We're in the entertainment and hospitality business so if it helps guests get their questions or concerns answered more quickly or if our employees can show off our properties and services on their phones or mobile devices, that's good for us."