During the mid-90’s Statoil explored and experimented with various projects dealing with new ways of working. “Office of the future” (OF) was one of these projects, and it aimed to develop flexible office solutions. OF also wanted to explore working from home.

In June 1997 there were about 17000 permanently employed people in Statoil. All of these, with the exception of gas-station attendants and employees of Statoil Energy in USA, were offered to participate in the IT-step. Those recruited in 1998 also received the offer. About 15000 people decided to participate and they all received a well-equipped PC delivered to their front door. The goal of the IT-step was to increase it-skills among the employees.

As consequence of this there was a demand for access to the Statoil network in order to read e-mail and work from home.

Reluctance…

The human relations (HR) department was afraid that introducing home office might be perceived as a conscious decision by Statoil to penetrate into the leisure time of the employees. In spite of the reluctance of the HR-department the IT-department started exploring technical solutions for working from home.

WinFrame

The IT-department decided that WinFrame met their needs as a technical solution for working from home. WinFrame is a client/server system software that enables the clients to get access to Windows applications from any network connection and Statoil used WinFrame to connect home PC’s to a NT-network. The IT-department preferred WinFrame because there’s no need to distribute the applications to the home PC. All that is needed on the home PC is a WinFrame client, Internet access and TCP/IP. The WinFrame solution is also cheaper than the other possible solutions.

Testing the system

Phase I

The IT-department launched a pilot project they called Phase I to test the WinFrame technology with 20 users for 1 ½ month. By now 13000 employees had received their home PC, but they had no access to the Statoil network. 20 volunteers were selected from the IT- and the document service department.

After conducting the project the experiences from the project were evaluated. The volunteers thought the home office gave them greater flexibility and efficiency because interruptions and stress related to the office was avoided. They were also much happier! The drawback of home office was that it became more difficult to separate between work and private life.

OF thought the results where too good to be true and the IT-department decided to test system more systematically. Phase II would include 500 employees and run for 3 months.

Phase II

The participants felt that the co-workers the managers and their families had a positive attitude towards home-office, and felt they had better contact and co-operation with managers, co-workers and external contacts (e.g. suppliers, customers) when they worked from home. They felt the workload was the same as at the office, but they could plan their workday better and work more efficient. On the other hand home-office made it more difficult to draw the line between work and private life. In some cases the nature of the work made it difficult to work from home, because the organisation of the work itself was based on face to face communication with the co-workers. The participants also felt they that the lack of social interactions made them avoid working at home.

For some participants increased accessibility by e-mail created a serious stress-factor. The need to help others with their problems via e-mail and net-addiction became a problem.

The value of homeoffice

  • Much publicity for Statoil. They went from being a sedate governmentally controlled enterprise to be viewed upon as an innovative enterprise.
  • HomePC with Internet and ISDN-line increased the flexibility and gives the opportunity for further education for all. This will make the employees understand better the possibilities of the information society for the society, Statoil and the individual. Further, the employee would have improved insight into Statoil's business and challenges and receive tutoring in their computer tools. This will lead to workers having better competence and they will stay updated in their field of work and have more knowledge of the enterprise. Better visibility leads to greater motivation, stronger engagement, more creativity and more openness to changes.
  • More competent workforce
  • An investment in humans, not machines
  • Better qualifications
  • Sharing of knowledge
  • Cost efficient communication, learning over the net, flexible work arrangements and home office.
  • Reduced office costs
  • Better flow of information, improved contact with colleges via e-mail. The employee can get updates by logging on to the system.
  • Staff skills improved by computers and software
  • Better and simpler work processes, software that not only supports work, but relieves work as well.
  • Possibilities to work at home when you have children that are ill, you have an active sick leave or an injury.
  • Higher competence can be the key to better international upholds by offering higher competence than the major competitors.

Selling the WinFrame solution

When both the tests where conducted the IT-department decided to sell the solution to interested departments of Statoil. De various departments decided who should have a home-office. Some of them didn't want a home-office, and not everyone could have one. The employee's work had to benefit from a home-office.

How is the Information System strategic?

When an Information System (IS) gives a competitive advantage it is called a Strategic Information System (SIS).

Indications that the system gives competitive advantages are:

  • Increased marked share
  • Increased sales
  • New customers
  • Increased customer loyalty
  • Decrease in production costs
  • Decrease in operations (service) costs
  • Improved reputation in the market

Statoil was the first in its trade to explore and take use of the home-office. The system was innovative, unique and original and gave them lots of positive press. The positive press has given them an improved reputation in the market and we can therefore say that this system is a strategic information system.

Risk

Definition: The chance that a risk occurs * the consequence of its occurrence

Estimates the potential frequency of a problem and the potential damage if it occurs. Used to determine cost against the advantage of a risk-control

Different forms of risk:

Hacking

A person gaining access to a machine/network for profit, criminal intent, vandalism or personal pleasure.

Virus

Virus is malicious software bits that are hard to discover. The virus spreads rapidly in the system, destroying data or distributes process or memorysystems.

IT-personnel

The company's IT-personnel can initiate errors or contribute to errors. This makes the system vulnerable. An example of this can be unauthorised personnel gains access to files they are not supposed to have access to.

Authorised user-abuse

Makes the system vulnerable for unauthorised access. Authorised personnel can abuse the systems resources, even with limited privileges and even though they don't intend to do harm.

Various security breaches

Security breaches are results of one or more of the previous threats/risks.

  • Interruptions: When system resources (hardware, software, data) is lost, becomes inaccessible or useless.
  • Interception: When unauthorised parties (persons, programs, and systems) have gained access to a resource. For example pirate-copying or tapping of data-transmission.
  • Modification: Authorised parties gains access to resources and tampers with it.
  • Production: If unauthorised parties make counterfeit objects for an IT system.
  • Destruction: Program and data is removed. This is usually easier to detect than other security breaches.

Security in the system is maintained by the uphold of three factors:

  • Secrecy
  • Integrity
  • Accessibility

In Statoil's case some threats are eliminated by the use of WinFrame. These are:

  • Internal user list (username and password)
  • Data encryption
  • Call-back
  • Limited number of logon attempts
  • Limited connection-time
  • Automatic logout at inactivity.
  • Limitation on number of days of connection.
  • A list of those that should have access. No one else can get access.
  • Groups with different access levels
  • Server / drive access restrictions
  • Windows NT domain services

We have been in contact with Statoil, but have not received any relevant answers as to what security measures they use. This is also a sensitive area, and it's understandable if they don't want to comment on this. We have made our own assessments regarding security and security measurements (as the project requirements tell us to do).

This is what we think Statoil uses:

  1. Training and follow-up
  2. Username and password
  3. Firewall
  4. encryption
  5. Virus defence software
  1. Training and follow-up

Statoil's employees committed to completing a training-program when they accepted the home PC. This will most likely help the number of errors introduced by the employees.

  1. Username and password

Is used to get through the firewall.

  1. Firewall

Is used to identify names, IP addresses, application server and other traffic to the private network. Balance between security and access is important. To make a good firewall you need personnel to write and uphold the internal rules that identify persons, applications or addresses that are legitimate or rejected. Firewalls can help, but not completely prevent network penetration and should be viewed as an element in a security plan.

4. Encryption

Many organisations rely on encryption to protect sensitive information sent over the net. Encryption is coding and decoding of messages to avoid or protect against unauthorised access or that unauthorised parties can read the data transmitted.

  1. Virus detection software

Most organisations install virus detection software and screening measures to reduce the chance of infection. Virus detection software is software made to check computer systems and discs for the presence of virus. Often the software can eliminate the virus from the source of infection. In any case, the virus detection software is only effective against virus that is known when the software is produced. To continue to be protective the software has to be updated frequently.

Encryption, username and password and firewall are all implemented in WinFrame.

Reference:

  • Laudon, Kenneth C. and Jane P. Laudon, "Management Information Systems" Sixth Edition.
  • Statoil's website at:
  • Citrix website (WinFrame) at:
  • Class notes by Judith M. Danielsen
  • Is it working? Working from home at Statoil, Norway
    European Management Journal; London; Oct 1999; Venkatraman, N; Tanriverdi, Huseyin; Stokke, Per;