IronKey

Mobile Data Security Blog

Home  »  2013

by

Microsoft Interview: Windows To Go, Year One

When Microsoft launched Windows 8 in late October 2012, Windows To Go was immediately identified as a “hot” feature, designed for IT and perfect for BYOD.  The concept is both simple and powerful: your own fully manageable, corporate image installed on a bootable, certified USB drive.

As a key provider of certified drives for Windows To Go with our own IronKey Workspace solutions, we thought this would be the perfect time to ask our friends at Microsoft to reflect on the first year of Windows To Go.  The result: the following interview with Craig Ashley, Senior Product Manager at Microsoft for Windows  To Go.

Ashley_2x3

Microsoft’s Craig Ashley

How has the reaction been to Windows To Go since its introduction last year? Have there been any surprises?

I can honestly say it has been very positive. We developed Windows To Go with this idea that for customers that fall into a range of scenarios, from bring your own device to traveling light on the go, we could fit a full version of Windows on a USB drive and enable customers to have their own full version of a PC on a stick that fits in their pocket. This meant large enterprises with contingent staff or companies that had shared PCs or highly mobile staff could have a seamless PC experience regardless of the device they were on.

We have actually been surprised by how many customers are coming out with new and innovative scenarios. One of those was during the 2012 London Olympics.  Like most businesses last summer, the Imperial College Healthcare NHS Trust faced significant potential challenges to its ability to provide high quality care and services due to the Olympics pressure on transport networks in the city, which could prohibit staff from making it to work.  They originally thought the only solution was to provide staff new laptops.  However, Windows To Go provided a far more cost-effective and seamless solution that not only allowed their staff to successfully work remotely, but was simple to roll out.

Which vertical markets have really expressed an interest in Windows To Go?

We see interest across quite a few vertical markets. For example in healthcare and the public sector, Imperial College Health Care NHS Trust (which I previously mentioned) and the IT staff in Fairfax County, Va. see a good fit for teleworkers or remote workers who can boot Windows To Go on their own devices, as it allows them to use their device of choice and saving the companies the additional costs associated with managing a BYOD device. Another example is in manufacturing, where Boeing is currently piloting Windows To Go drives to sourced employees or contactors instead of a PC. One last example I’d like to share is in the airline industry, where Emirates, an international airline, distributed Windows To Go to use on their Windows 7 tablets for testing a new app at home before deploying the final version of the app on a Windows 8 tablet.

Other than government and regulated industries, are there any surprise industries that are testing Windows To Go?

We have seen interest across a wide range of industries. While the interest in Windows To Go is broad, the reasons for testing, piloting and deploying are similar: Windows To Go is just Windows 8.1, but on-the-go. By that I mean enterprises can manage it, deploy it, load applications on it, track it, and secure it just like they would their other Windows devices. For example, if customers use Windows To Go for contractors or remote workers, they can deploy using their existing processes.

Are you finding that most Windows To Go testers were already on the path to Windows 8 or are you finding that Windows To Go is a catalyst for Windows 8 adopters?

With Windows 8, we helped our business customers enable new scenarios for achieving everything from business efficiency to new forms of customer engagement. Some were already interested in great manageable Windows tablets. Some customers were excited by the security capabilities that Windows 8 offers. And some businesses are really seeing the value of Windows 8 through Windows To Go enabled scenarios.

With the launch of Windows 8.1, are more businesses familiar with the benefits and features of Windows To Go?

Absolutely. With any new feature or product there is always a learning curve associated with it. Windows To Go was first released last year with Windows 8, and since that time we have been continuously talking to customers, listening to feedback, and creating documentation necessary to educate users across a wide range of Windows To Go topics. One example and one that I am sure the IronKey team is very knowledgeable on is the fact that Microsoft only supports drives certified for Windows To Go. We have written blogposts and online documentation to be sure that customers understand this and many other Windows To Go requirements.

How long are prospects testing Windows To Go before they commit and what’s the size of the commitment (are they rolling it out slowly, just certain employees or across the board)?

Customer test plans and timelines vary by use case, industry, and the size of the Windows To Go deployment under consideration. Because Windows To Go is just Windows 8.1, customers are able to test and evaluate Windows To Go alongside their broader Windows 8.1 deployments.

Is Microsoft encouraging employees to adopt Windows To Go? What has your experience been like?

You bet. At Microsoft we always “dogfood” our own products. From the initial stages of launching Windows 8, Microsoft employees have had access to create Windows To Go drives. Our internal IT teams have created documentation that outlines the steps and processes for us to create and employees can use Windows To Go for a variety of reasons. I have two drives that I use on an ongoing basis, one for demoing Windows To Go and one for my day job. Many nights when I pack up to go home I simply grab my Windows To Go drive, my keys and head for the door. If I need to do work at home, I use the drive on my home office desktop, so there is no longer a need to carry my laptop and bag with me every time I leave now.

 

by

Remote Working: Embracing Benefits and Overcoming Challenges

Remote working is here to stay. KPMG’s 2013 Global Assignment Policies and Practices (GAPP) survey reveals that organizations around the world “continue to invest in global mobility programs despite increasing regulatory and compliance challenges.” Whether or not your business opts for “use your own device” or “use our device,” it’s clear that any organization large or small must have the technology necessary to support a remote workforce.

The benefits mobility brings to organizations are many: the ability to tap a broader talent pool no longer contingent on geography, productivity gains as employees can work anytime and anywhere, and the cost savings associated with “hot-desking” and “hoteling.”

For employees, flexibility is paramount. Whether it’s to avoid a nightmarish commute, the need for unconventional hours, or the requirement to be on the road, the ability to work like you’re in the office can tip the productivity scale.

On the flipside, the challenge is to provide employees with technology that helps them be as productive as they would be on their office desktop. They need to feel part of the organization even when they are offsite. And it’s vital that all sensitive corporate information be protected, at all times, and that any work is done in complete compliance with corporate IT security policies.

Gartner’s most recent research, “Bring Your Own Device: The Facts and the Future,” predicts that by 2017, half of employers will require employees to supply their own devices. While employee-owned cell phones and tablets are fast becoming the norm, the jury is out as to whether or not PCs and laptops will become a part of the mix. Connecting the family PC to the organization’s network could be a disaster waiting to happen.

Win-Win: the secure portable workspace

Windows To Go, a feature of Windows 8 Enterprise, enables “PCs on a stick,” offering a new approach to mainstream enterprise and government organizations. Employers provide a secure, IT-managed USB drive that contains a fully functional corporate Windows desktop, bootable from pretty much any PC. Employees insert the Microsoft certified USB drives into their home computers, hot desks, or tablets that feature USB ports, and they receive a secure desktop and secure access to all applications they use in an office setting.

Unlike a virtualized or online remote access solution, the portable workspace offers full host computer isolation—documents cannot be saved to the host machine but are saved to the USB drive. At the same time, all of the hardware resources of the host computer are available to the user. Employees have access to the host machine’s network connection, sound, microphone, and camera. They experience graphics performance of the native machines. Employees will be able to use applications at full resolution, including the ability to view two documents at once instead of just one. Finally, the employee never has to worry about the speed or reliability of a network connection.

Among the handful of Windows To Go certified devices, the IronKey Workspace W500 is the device that meets all of an employee’s needs and IT’s security challenges. The IronKey Workspace W500 is designed to be rugged, dust and water resistant. It’s gone through Microsoft’s certification and Imation’s own rigorous read/write testing for use as a Windows To Go workspace. Users get sequential read performance of up to 400 MB/second and sequential write speeds of up to 316 MB/second. The W500’s 256-bit AES hardware encryption combines with strong, built-in password protection capabilities. IronKey devices can be managed by the IronKey Enterprise Server, so that the IT team can track and control the devices to effectively protect data, manage device inventory, lifecycle and maintenance. The management system offers full remote policy management, device tracking and, should the need ever arise, the ability to revoke users’ credentials. Just because the device is out of the office does not mean it is out of IT control.

With Windows To Go, organizations can implement a bring your own device strategy that provides an ideal work environment for the employee while providing the optimal level security for IT, no workarounds necessary.

by

IronKey Workspace for Windows To Go Review

Now that it has been certified by Microsoft, I was very excited to get my hot little hands on the IronKey Workspace W500 — the new platform from Imation for Windows To Go — and try it out for myself.

Imation's IronKey Workspace

Windows To Go is an enterprise feature of Windows 8. The implementation on the IronKey drive essentially lets you create an IT provisioned and managed PC on a Stick(tm) for work. You can use it securely on the work PC, then lock it down, unplug it, and then use it securely at home. The cool part is that when you’re using Windows To Go on an IronKey Workspace drive, everything from a data stand point is happening on the IronKey Workspace — the hard drive in the host computer is locked away from your workspace-on-a-stick.

As you can see, the IronKey Workspace looks great… a slick, simple, iconic design. The hard metal case is designed to resist damage and water, and to prevent unwanted tampering. Inside, AES 256 hardware encryption makes the data unreadable without a password, and the IronKey Cryptochip makes the encryption keys unreachable by even sophisticated bad guys.

But enough about the specs.  How does this thing work? Let’s get started.

The IronKey Workspace W500 is based on the iconic IronKey design.

In your typical enterprise, IT would use Windows To Go to either provision the drive for users, or to allow individuals to make their own Windows To Go devices on certified drives. The result is a corporate OS image on each IronKey Workspace. For this review, the IronKey Workspace had already been provisioned with a trial copy of Windows 8.0.

To get started, I plugged the drive into the USB port and pressed the power button. We immediately see something new — a Windows 8 symbol on my laptop PC — which normally runs Windows 7. If my PC hadn’t already been configured to boot from USB, I would have needed to make a quick adjustment to the Boot Options by hitting F12 during the initial boot up process.

Booting up Windows To Go

The drive opened up a preboot environment and asked for an admin password.

Entering the IronKey Workspace's preboot environment.

The IronKey unlocker explained that the drive needs to reboot. This is a security feature for the hardware encrypted drive. It ensures that no one can get near Windows or the data on the drive until they have proved who they are to the Cryptochip.  The preboot process also ensures that the IronKey Workspace connects to and accounts for the hardware configuration on the host PC — network connection, camera, sound, and more.

The IronKey Workspace reboots for extra security in Windows To Go.

And, after about 2 minutes, it was up and running on Windows 8. I spent a minute or so in the Windows 8 control panel to align the PC screen and the monitor, and I was ready to go! By the way, the next time I booted up the IronKey Workspace, because the device had already profiled the hardware on this machine, the boot process took about half the time.

Windows To Go runs the OS from the IronKey USB stick, but it let's you take advantage of the PC's hardware.

Another first time process — Windows 8 noted necessary updates to the anti-spyware and anti-virus programs. These were handled seamlessly. It also asked for a product key; as a trial copy, we didn’t need to do this.

A quick Windows 8 software update.

Now let’s put this PC on a Stick through its paces. The camera worked….

Windows To Go working seamlessly.

…as did the speakers, and the network connection. Tip: If you’re in an office don’t forget to turn down the volume before clicking on the latest from Macklemore & Lewis!

That's "Can't Hold Us" by Macklemore & Lewis on Windows To Go.

One point to note: The Windows Store is not available on Windows To Go workspaces in Windows 8.0. The Store will be available on Windows To Go workspaces made with Windows 8.1 when it ships in a month or so.

Windows Store comes to Windows To Go in Windows 8.1.

Web conferencing was seamless.

Discussing our next trade show via web conference.

We don’t have Office on the Windows 8 trial, so I downloaded and installed Evernote for Windows onto the IronKey Workspace to write this review. Installation was as quick and easy as it would have been on the hard drive. In fact everything I did was fast.  Even though I was running off of the external IronKey Workspace drive, the PC performed every bit as well (and maybe even a little better) as it would if it had been running off the internal hard drive.

Working on Evernote for Windows on the IronKey Workspace for Windows To Go.

In Evernote, I was able to type at top speed with zero latency. This ability to work productively offline is a key advantage of Windows To Go over online-only solutions like VDI.

Conclusion:

Overall, as I wrote this review, checked email, participated in a web conference, listened to music and took pictures, it was easy to forget that I was running the OS and applications on a USB drive instead of the hard drive.

And for Windows To Go and the IronKey Workspace, that’s exactly what you want.

by

3 Tips For Enabling Data Security and Mobility at Government Agencies

October marks the end of the US federal government’s fiscal year, and Imation’s mobile security experts are very busy discussing the benefit of our solutions with IT staffs at various agencies. We typically see an increase in interest near the end of the fiscal year, but there are a couple of reasons why our IronKey secure USB solutions are more top-of mind this year than in the past.

There is an increased focus from government agencies on enabling computer mobility. Like many other sectors, government agencies understand that mobile devices make employees more productive, a fact which was backed up as recently as May in an 1105 Government Information Group report. IronKey secure USB data storage devices and IronKey Workspace Windows To Go solutions enable end user mobility, as government employees can take their data and desktop environments with them wherever they go securely.

Microsoft Windows 8 spotlights how USB devices can serve as a secure, mobile computing alternative for BYOD. Microsoft cites Windows To Go, which enables a fully functioning Windows desktop to be booted from a USB device, as a key enterprise feature of Windows 8. Government agencies are taking notice.

At the same time, government IT staffs are justifiably concerned about security. The same 1105 Government Information Group report cited earlier notes that agencies are providing their employees with agency-issued devices, primarily because they are worried about the lack of control. A government mobility policy in these situations shifts away from BYOD, since employees cannot bring their own devices.

Any solution involving mobile devices (whether through employee devices or agency-provided devices) must include policies and technology to protect against data leakage or misused data.

In general, we offer these tips as part of such policies:

1) Access control: Agencies must establish and enforce strict methods for granting device access.

2) Auditing: IT departments should schedule frequent audits to make sure that devices are in the right hands and are being used appropriately.

3) Remote kill: Government agencies should deploy mobile solutions that enable remote kill capabilities, so that devices can be erased or destroyed if they fall into the wrong hands.

by

Enabling BYOD with a Secure Windows To Go IronKey Workspace

We have now announced Microsoft certification and general availability of our IronKey Workspace W500. Microsoft’s certification process is a rigorous one, so we are extremely pleased to put this stamp of approval on our latest Windows To Go solution. And we’re excited to bring our secure PC on a Stick platform to the Windows To Go solution set.

According to Intel’s IT Manager survey on the current state of BYOD, one of the two largest barriers to BYOD adoption is that the devices used by employees cannot support security, encryption or remote wipe.  The IronKey Workspace W500 solves IT managers’ security concerns with its hardware based encryption, ability to issue ‘silver bullet’ commands to remote wipe the device, and centralized management.  The IronKey Workspace W500 is truly an IT provisioned, IT managed and IT secured device that fits into your network.

intel barriers snap

Source: Intel

Gartner predicts that half of companies will require BYOD in 2017, and as this trend spreads from mobile phones and smartphones to the PC, our Windows To Go workspace offerings position us strongly in this space. Strong market interest in our solutions backs up this trend – for example, we have initiated pilots large organizations that are interested in deploying thousands of devices. Use cases we are seeing include:

  • Executive travelers are seeking to bring a secure device to insecure countries, instead of a laptop.
  • Government agency looking to provide a way for employees to telework securely, using the workspace device on their home PCs.
  • A hospital is looking at providing secure workspaces to medical residents instead of providing PCs –a 10X cost savings.
  • Top universities are testing IronKey Workspaces for their students to use in computer labs, and then to allow them to bring their computing environment home.

Our new IronKey Workspace W500 represents a powerful, secure PC on a Stick offering for enterprise customers. This is a high-performance, ruggedized, high-security platform for organizations who see opportunity in using Windows To Go to support their BYOD initiatives.

You can learn more about the IronKey Workspace solutions at http://www.ironkey.com/en-US/secure-workspace/index.html.

by

California Cracks Down: Companies Must Encrypt Personal Data

The California Attorney General has issued a major data breach report, finding that more than 2.5 million people were affected by 131 reported data breaches within the state, with 56% of the breaches including disclosure of Social Security numbers.

California Attorney General Kamala Harris is calling for wider use of encryption and increased training for employees and contractors on handling personal information. InfoWorld reports that, “her office “will make it an enforcement priority to investigate breaches involving unencrypted personal information” and will “encourage … law-enforcement agencies to similarly prioritize these investigations.”  She also recommends employee and contractor training on how to handle personal information.

Imation did its own review of U.S. data breach laws in 2012, and created the “heat map” graphic below, based on the strictness of those laws. California was a forerunner in data breach laws; while most state laws are similar, requirements and penalties vary widely.

As we’ve noted before, encryption is the foundation for protecting personal data. 

Having data encrypted at the time of the breach means, under most (but not all) of these laws, (because the data is unreadable) that loss or theft of a USB device or laptop doesn’t require reporting. Also, as the California report notes, keep security awareness campaigns active so workers stay alert to the risks.

By taking a few pragmatic precautions, the majority of risks can be greatly mitigated. So the next time an employee loses a notebook or an encrypted flash drive that held protected data, if it’s been properly encrypted and managed you’ll have may well have endured a non-event.

Compliance Heat Map

Imation Compliance Heat Map. Click to view full-sized image.

by

The Thumb Drive Conundrum: Managed USB and Encrypted Flash Drives Attack the Insider Threat

The revelation that Edward Snowden absconded from NSA with secret files on a thumb drive has generated predictable gnashing of teeth about the use of portable USB drives in secure organizations. At the same time, government and business organizations are successfully implementing secure deployments of portable USB drives so that employees can transport data they need to be productive.

The technology issue is one of competing needs: To be productive, mobile employees need the mobility, offline storage and security afforded by USB drives. To secure data, IT needs control of how employees move information and what information is moved.

The fact is that today, IT can take control without blocking USB ports. We’re not sure what safeguards the NSA had in place, but there are technologies that could prevent or mitigate this kind of insider threat. For example, secure enterprise device management software can offer:

Device Location – with managed USB drives, software can show the locations of every managed device when they connect to the Internet on a map. This allows tracking of a device that has “gone rogue” and could aid in recovery.

The “Silver Bullet” – the ability to either password-disable or perform a remote kill to completely disable the device if it goes missing or someone is suspected of copying data they should not have on the drive.

Geofencing, IP Blocking – It is possible to add rule features so that unless the device meets certain conditions, the data is automatically wiped. For example, IT could enable “geofencing” so that if device is outside the country, the data is wiped – or if it is on an unapproved network, or outside a certain IP range.

Have a Consistent Data Security Policy

It’s really a matter of having a consistent policy for your data at rest.  Many organizations require their PCs and Macs to have full disk encryption enabled.  But that policy is not enforced when it comes to removable media like a USB drive.  By using a manageable and encrypted storage device you can maintain a secure policy for your data no matter where it goes.

If we look at the SANS Top 20 Security Controls, Critical Control #17 – Data Loss Prevention specifically addresses how best to handle sensitive data and prevent it from leaving your organization without permission.  The advice from SANS is to, “deploy approved hard drive encryption software to mobile devices and systems that hold sensitive data,” and that “enterprise software should be used that can configure systems to allow only specific USB devices (based on serial number or other unique property) to be accessed, and that can automatically encrypt all data placed on such devices.”

For workers who travel, teleworkers shifting between work and home, or contractors working with your data, a secure, managed USB thumb drive is more secure than online file sharing, and certainly better than unencrypted and unmanaged notebook computers, USB devices and smartphones. And management adds an extra layer of security against both external and insider threats.  IT can address a number of potential security threats by implementing policies that require uses to use encrypted flash drives.

by

The Security You Need

Organizations have different security needs, and different departments require different levels of security. When we brought together portable USB security leaders MXI Security, IronKey, and Imation’s Defender collection to form the Imation Mobile Security group, our opportunity was to bring together the best of these technology leaders, so we could have a portfolio of products to satisfy all security levels.

Today, we are announcing that we have unified these powerful technologies under the IronKey brand, one of the most trusted and recognized in the security business. Beyond the iconic IronKey secure flash drives, the Imation Defender Collection is now included under the IronKey brand.

The overall result of this rebranding is a simpler, more streamlined product set.  Customers now can turn to the IronKey portfolio for hardware encrypted USB flash and hard disk drives with biometric authentication, manage drives with the IronKey ACCESS on-premise device management system, and find encrypted USB drives compatible with McAfee ePO software. All this in addition to the iconic IronKey 250 drives – called The World’s Most Secure Flash Drive™ — and the new IronKey Workspace family for Windows To Go.

secure-portable-storage-products-large (2)

IronKey Secure Portable Storage Products

Visit www.ironkey.com to view the full portfolio, and find the right solution for your organization.

by

Bring out the heavy hardware to protect passwords

Use strong passwords, un-guessable security codes and hardware encryption to defeat advanced threats

As long as you have a password in place, your data is protected, right? The number and types of breaches we saw in 2012 challenge this notion. From LinkedIn to eHarmony to Twitter, cyber thieves have been on the hunt to break the barriers of thousands of simple passwords. And what is most chilling? it’s not going to stop.

Passwords have been around since the dawn of the digital age, but they are not well understood. Simple, overused passwords can’t protect data from even low-skilled hackers. And people are people, and even when they are outfitted with The World’s Most Secure Flash Drive, need a reminder that making your password “password” is no longer (if ever) considered clever or safe.

With rising attention to data privacy and increasing risk of data breaches, there will be more encryption across all devices and platforms in 2013. Which means that it is never too soon to revisit the password. Here are four best practices organizations should follow to improve password strength their organization:

  1. Passwords must be longer, stronger and un-guessable
    Passwords protected in software are subject to offline brute force attacks, which is why web service hacks can be so devastating. Attackers can go through a database of passwords they have obtained and crack them at their leisure.  It is remarkable the number of individuals who use the password “password” or “123456”. These passwords are often the first ones breached by cyber-thieves, as can be noted in last years LinkedIn and Twitter breaches.

    • Instead, choose a unique password, with character complexity and a combination of both letters and numbers. A strong password should be at least 12 characters long. The rule is that the longer the password, the longer it will protect you. A good hacker can breach an 8-character password in a few days; a 15 character password might take a year.
    • To make the password even stronger, the character complexity should be at random, as complexity alone is not enough to stop a hacker in today’s digital age. Having a strong password makes offline attacks much more difficult for hackers.
  2. Remember Personal Information is Out There
    With today’s heavy social media presence, the names of your dog or your mother’s maiden name are no longer confidential information. The public has access to the information you post on your social media site, and unwittingly offer clues to clever hackers. When choosing security questions for password recovery, be mindful of the information that is public, and create passwords that revolve around something actually “private.”
  3. Use Hardware Encryption to Combat Advanced Software Threads
    Avoiding the threat of brute force attacks on passwords requires heavier hardware – hardware encryption, that is. A password protected in the right kind of hardware makes security simpler, because this kind of brute force attack to decrypt the password is not possible. The hardware will lock up after a low number of attempts (set by policy), and then the attack stops.

And finally, a bonus point: Remember to set strong policies and educate employees. Cyber-thieves are becoming more sophisticated, and strong passwords are the best defense. Organizations must create stricter guidelines for employee password security in order to keep their employee’s personal and the company’s corporate data secure.

by

The 4 Benefits of USB 3.0—Are You Ready For This?

The USB flash drive is back. Often an afterthought in the buzz about BYOD, USB flash drives is once again becoming increasingly indispensable tools for the mobile worker.

What’s driving the resurgence of the USB stick?

  1. Windows To Go – Windows 8 Enterprise features Windows To Go, which lets you create a bootable, full featured Windows 8 desktop that runs securely from a certified USB drive. The solution is ideal for teleworkers and contractors who might want to use their own compatible computer setup but in a secure corporate environment. 
  2. Speed – Compared to the 12 Mbps speed of USB 1.1 and the 450 Mbps of USB 2.0, the “SuperSpeed” interface of USB 3.0 tries to live up to its name with a theoretical 5.0 Gbps (5,120Mbps) of bandwidth.
  3. Power – With a constantly expanding list of accessories and portable devices, bus-powered hardware has been pushing the limits of what USB 2.0 could handle. First, the 3.0 specification allows up to 80% more power consumption for devices running at “SuperSpeed.” Second, USB 3.0 includes an enhanced version of the USB-B connector called Powered-B, which allows USB accessories to draw power from peripheral devices, as well as hosts.
  4. Crossover Connection – In trying to establish a more robust ecosystem of USB devices, new features are implemented in the USB 3.0 to allow for cross-communication between hardware. USB 3.0 includes an established method of host-to-host communication through a crossover USB A to USB A cable. Additionally, USB 3.0 builds on the “USB On-The-Go” principles of allowing portable devices, such as smartphones, to act as either a USB device or a USB host, increasing their feature set and usability with existing USB devices.

It is this speed and power that make USB 3.0 drives the platform for USB drives certified for Windows To Go. Using USB 3.0 drives like our IronKey Workspace deliver a seamless experience booting and running Windows and productivity applications from a USB drive rather than the internal hard drive. This next iteration of the USB is really exciting as increased speeds, power and connection will prove beneficial to the mobile workforce.