I've had this thought in the back of mind around the use of personal devices in the workplace. Most common is the smartphone in which people don't want to carry two phones (personal and professional), but they want/need access to the corporate network for things like e-mail, intranet, directory and other services. It started a few months back when I was talking with a CIO who had a vision that in 5-10 years his employees would have a single laptop that they'd purchase and use personally and professionally. The CIO would simply enable them to have access to the corporate network and applications, so they could bring in their device of choice and use it. I was talking about this vision with a colleague of mine and we came up with a few thoughts:
- Hardware requirements: the requirements for desktop hardware can vary greatly from personal to professional use. Those who only do e-mail and surf the Internet at home require a less powerful machine then one that's expected to open and run several business applications that may be resource intensive.
- Software requirements: certain applications that are required for business use may not be necessary for personal use. To put the onus on an individual to purchase and maintain these applications will result in additional cost to the employee. There could be an opportunity to subsidize these costs for employees, but will they be willing to still take on the costs. My gut tells me that some will and some will not.
- Software licensing: if an employee leaves, their license is attached to their personal device and the company will have to license or subsidize licensing of another instance for the replacement. The enterprise-wide pool of licenses go away. If the enterprise decides to purchase and own a pool of licenses that are issued to employees while in service, it may be a violation of terms for them to use that software outside of the business.
- Security requirements: there are many security requirements implemented by a business that are beyond what the typical person may employ that may include password requirements, anti-virus software, locking the screen, not allowing access to other individuals- things that would be difficult to enforce outside of the corporate network that could present genuine risk to the business.
- Privacy: enterprises have a certain amount of visibility into the actions and usage of corporate owned assets. Files can be scanned, e-mails recorded, browser history viewed as methods of protecting corporate liability and enforcing corporate policies for usage. Delineating between personal and profession use becomes challenging as those lines continue to blur with employee owned assets in the workplace.
As my colleague and I discussed this we thought about virtual machines (VM) as a solution. An employee could bring in their personal device and have a VM image and licensed software installed by IT. Then using the VM they can connect into the corporate network and have access to enterprise data. As we talked about it, we realized there could still be some challenges. A VM instance requires allocated disk space and memory, which will affect the hardware requirements and costs the employee would incur. Security requirements are also a consideration. If the employee doesn't properly secure their primary system a virus could affect it and the virtual machine with it. As a virtual machine, all files and applications are stored locally meaning any complications potentially result in lost data and a total rebuild of the VM.
Then I got to thinking about desktop virtualization and how that would enable users to access corporate applications and data, as well as, address many of the concerns discussed previously. With the application processing occurring at the data center, the load on the local device is minimized to presentation. Also important, is that the data center stores all the enterprise information and applications. If the user device fails or becomes affected it doesn't compromise the enterprise data. And SecOps can still enforce password, time-outs, file access, etc. requirements through the virtual desktop environment. The enterprise need only license the desktop client for the user, now there may be a need for more clients, one for each user device that has the ability to run the virtual desktop, but it's a manageable number. This means the user can work from any device at any location, including personal devices from home and on the road. The one challenge is in being connected, as options such as public access and 4G continue to grow access becomes more prevalent.
What are your thoughts on personal devices in the workplace? Would you allow users to bring in and use their own devices? What are the concerns you have with that approach and what are you doing to overcome those challenges? Is virtual desktops a viable solution?