Great discussions these days around allowing employees bring their personal devices to work, and use them on the enterprise network. It brings with it some great questions, like data ownership, repair or replace expectations, virus control, an so forth. So is this really a good idea? What benefits the organization from allowing this?
If you recall, there was a time, not so long ago, when a major challenge for IT departments was making sure that users didn't take corporate software home in violation of license agreements. That gave way to the challenge of making sure that employees didn't bring software from home into work and install it on their desktop PCs. Better yet, install it on multiple machines.
Today, users' technical sophistication is such that they often have better technology at home than they have in the office. That situation has led some businesses to allow users to bring their personal laptops to work. Some have gone beyond that concept by letting users buy their own PCs for work, with some corporate subsidy. This also means you have many models, versions, and yes, the MAC shows up. Right?
One advantage of what is often referred to as BYOPC, or bring your own PC , is that it frees IT from carrying the capital expense of a lot of resources. It also neutralizes the problem of trying to make one size fit all in a way that's appealing to users. Users appreciate being given a choice, and there's plenty of choice in the marketplace to assure that every user can find the machine that best fits his needs. But are consumer based devices ok for the corporate enterprise? What are the user expectations around device support now?
Naturally, a lot of IT departments are going to think BYOPC sounds like an expensive proposition that leads to a proliferation of varied devices to support. But any corporate purchase programs should include guidelines, as well as recommended vendors and systems, that aim to avoid unruly proliferation while still giving users an ample number of choices. As long as IT manages the standard software loads and enforces security policy, the cost of allowing far more diversity in machines, and even platforms, becomes relatively minor over time. And by setting a cap on expenditures and reimbursements, IT can keep costs under control. A good rule of thumb is to allow for a new device every 12 to 18 months, depending on how the asset depreciates. Then again, in this scenario you are putting corporate software on employee owned device.
A well-organized BYOPC program can help IT make users happy, no small thing for a department in constant danger of reorganization and outsourcing . Properly done, it can be an easy way to make friends and win internal support. BYOPC programs generally subsidize laptops, with the policy being that users can also make personal use of the machine (which only makes sense, since we all know that users already commingle their business and personal information on their devices). If a lot of your users are now restricted to desktop machines, the change could provide a boost in productivity, since laptop users are more likely to work beyond business hours.
So how does this really benefit the organization, and maintain IT controls? Do the users really care what the laptop is? Do I, as an employee want to spend my own money on buying a computer to do my job? What about those employees who can't buy their own computer, are they now at a disadvantage? Does BYOC change the playing field at work for employee equality? If I leave the company, am I going to delete that software and data on my device? Allow the company IT department to wipe my device?
I propose to you that BYOC type programs are a benefit to the few and not the many. Not every employee is going to want to participate or have the means to particpate. I also think it is mistake to load corporate software and allow corporate data on personal own devices. I recommend a virtual desktop environment utilizing a Citrix XenDesktop type solution and employee owned devices access this solution to have applications presented to them. Data, software and access remains in this virtual environment and not allowed on the local employee owned device. Therefore, ownership of data, applications and the access all remains internal. I would also force all the machines connecting to the enterpise network through a clean access checkpoint to ensure compliance with security controls.
I am still old school I guess, where the employer provides the tools necessary for me to do my job.
Scott Arnett
scott.arnett@charter.net
About Me
- Scott Arnett
- Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.
It is my opinion that employee owned devices are never a good idea in the enterprise. I would go so far as saying consumer devices are not right for the enterprise - like the iPhone. The substantial growth in support, problems, issues adds to cost. There is no cost savings in any BYOC program. I also don't buy into the remarks of next generation employees will demand their own devices. Tell the pot smoking babies coming out of college to grow up, get professional and time to stop the fits. This is some of the dumb stuff going on in IT these days.
ReplyDelete