Why procure when you can BYO PC?

As the economy sours and end-users demand a more personal computing experience at work, "bring your own PC" policies are fast finding favor in the enterprise

With CFOs on the prowl for ways to cut back, "BYO PC" may become standard practice for new enterprise hires, even current employees. IT departments that refuse to acknowledge and deal with this new trend do so at their own peril.

Larry Guevel, vice president of strategic business planning for outsourcing and infrastructure services at Unisys, told me that a number of Unisys clients are now encouraging employees to use their own equipment as long as the equipment fits company standards and security requirements.

[ For more IT BYO heresies, see "Let users manage their own PCs," "Invite those unsanctioned applications in," Why businesses are embracing Macs, and "Guerrilla IT: How to stop worrying and learn to love your superusers" ]

"Companies are saying, 'Why should we buy another PC as long as we can figure out how to fit an employees personal device into the infrastructure and IT architecture,'" Guevel says.

In fact, Unisys itself is now deploying what it calls Stealth Solutions for Networks, which secures personal devices once they enter the Unisys corporate network. It is part of a concept he calls "micro-perimiterization," which builds a secure fence around these personal assets.

Technologies such as virtualization are also enabling companies to offer employees "digital allowances" to purchase their own equipment. The allowance sets a reimbursable limit; anything above that amount is paid out of pocket by the employee.

"It eliminates some procurement costs," Guevel says.

Eric Openshaw, vice chairman and U.S. technology leader at Deloitte, told me his company is facing similar issues. Deloitte has what it calls the standard offering. If you are a new hire, when you show up at the IT window on Day One, you get a notebook and are told which PDA IT supports.

"Now we hear new hires saying, 'If you won't give me an iPhone, at least tell me how to connect it to the network.' Or they say, 'Where's my Mac?'" he reports.

The issue is becoming so huge at Deloitte that the company "will morph to the appropriate subsidy to address it," Openshaw says.

BYO PC feasibility

Of course, the single biggest issue around any such policy involving personal devices, cell phones, notebooks, netbooks, or desktops is security.

I spoke to John Pescatore, senior security analyst at Gartner, about this. Pescatore laid out two broad categories of concern and three strategies for companies considering a BYO PC policy.

Concern No. 1: Data loss or leakage

If an employee is doing work on his or her own PC or iPhone, what happens when they decide to move on to a new device? There's a good chance the old equipment will end up on eBay containing 10,000 customer records.

On the legal side, the current e-discovery requirements dictates that anything that was done for the business must be accessible. What do you tell the judge when the plaintiff's lawyers say they want access to another employee's PC and it turns out they sold it?

Concern No. 2: Dirty PCs

Pescatore also says the numbers Microsoft has been collecting from its auto-update technology, which runs a "malicious software removal tool" every time it performs an automatic update, indicate that 30 to 35 percent of consumer PCs have botnets on them that might be used to steal bank account numbers or provide a spam relay point. If that same PC is connected to the corporate network, it might also be passing on log-in passwords.

To mitigate these concerns, Gartner offers three security-related strategies to help you enable a BYO PC policy.

Strategy No. 1: Portable personality

These are typically a USB thumb drive that must be plugged in to the personal device before it can connect to the network. This device keeps all the personal stuff on the user's PC segregated from the network.

Strategy No. 2: Virtual machines

Users download a VM before they use the PC for work-related tasks. This creates a virtual environment that keeps the network safe from the bad stuff on the home PC.

The problem with these two strategies, says Pescatore, is that although IT may like how these approaches allow IT to dictate the applications users can use, the users themselves may not like it.

The fact is, many employees like to use their own productivity applications even when they are doing company business.

"They may want to use Photoshop, for example, to add a picture to a proposal," Pescatore says.

Strategy No. 3: Network access control

A third way of facilitating a BYO PC policy would be to leverage network access control. NAC is a security technique that requires devices connected to the network to download something -- say, an ActiveX control -- that monitors activity between the network and the client device.

Enter Phoenix HyperSpace. Launched at CES this month, Phoenix HyperSpace creates its own dedicated environment, providing a power-saving browser that remembers how you are connected, wired or wirelessly, to the Internet so that you can reconnect immediately when moving from one architecture to another, or when turning a device back on.

There'll be no more carrying an open notebook down the hall on the way to a meeting so you don't have to start it up again, as Phoneix HyperSpace gives PCs, especially notebooks and netbooks, instant on.

More about HyperSpace can be found by perusing this PDF.

HyperSpace will also provide an SDK to allow third parties to create new applications for the environment.

As a dedicated environment, HyperSpace creates a clear separation between it and the Windows OS, thereby opening up a swath of possibilities for special-purpose functions that could be used to create a wall around corporate activities, says Richard Heitmann, vice president of marketing at Phoenix.

According to Heitmann, because HyperSpace is a dedicated environment, it is far more difficult to infect with viruses, rootkits, and spyware than are operating systems such as Windows. Applications are digitally signed and stored in a secure memory store that is locked after execution. Updates and additions to HyperSpace will only be made via a site approved and owned or audited by Phoenix.

BYO PC takeaway

What I have not got around to covering in this rather lengthy edition of Reality Check is how much a BYO PC policy might save in dollars. That will be the topic of another blog very soon.

But if you are to take anything from this particular blog, it is that a don't-ask-don't-tell policy surrounding personal devices can be dangerous to your corporate health.

Built into the DNA of the PC is the fact that it is personal. From those few first PCs to today's plethora of devices more than 30 years later, end-user fascination with technology has proved insatiable. In other words, these devices are coming into your business environment, whether you want them there or not.

Of course, that might not be such a bad thing. After all, fascination with the latest in end-user technology is what has fueled the success of many businesses, large and small.

Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies