A small, fast-growing medical staffing company in Irving, Texas, has been learning as it goes about how to create and enforce secure computing for its traveling account managers.

Moving cautiously, Martin, Fletcher & Associates, has extended features of the corporate security architecture to mobile laptops, coupled with deploying a range of products to protect the data on about 60 laptops and their access to the corporate net.

The company limits the data on the laptops, enforces security policies on them, creates a range of tailored access permissions via Windows Active Directory and Group Policies, and uses a VPN for remote connections.

“The security we were able to put in place allowed us to move into a mobile workforce,” says Fabi Gower, vice president of information systems for Martin, Fletcher. “We wouldn’t even consider it until then.”

Founded in 1999, Martin, Fletcher contracts with hospitals and other healthcare clients to fill a range of staffing needs. The firm has grown from five to 150 employees. About 60 of them are account managers who are constantly on the road meeting with customers. But it was only two years ago that Martin, Fletcher felt it had the pieces in place to give those managers laptops and network access.

In the corporate LAN, Microsoft Windows Server 2003, with Active Directory, provides the backbone for username/password management, group security policies and permissions. The latest operating system features let the IS staff assign specific groups permissions (read, write, delete, add and so on) for specific folders or even documents. A firewall with VPN from WatchGuard Technologies rounds out the basic net architecture.

About four years ago, the top executives decided they wanted to control data transfers and unauthorized software programs. “Today [with USB devices] that covers a very broad category of things,” Gower says. “Even some printers nowadays can be considered storage devices.”

Eventually, Gower found Sanctuary Device Control, a software program from SecureWave. The client/server software installs securely on desktop and laptop PCs. With it, the IS staff has highly detailed control over the PCs’ interfaces and peripherals. “We have complete control over any device that’s plugged into our network,” she says.