Best Practice No. 2: Security

 
 
By Purnima Padmanabhan  |  Posted 2011-01-25
 
 
 

How to Safely Implement Bring Your Own Computer Programs


The growing popularity of Macs among consumers is beginning to spill into the enterprise and younger workers, in particular, are demanding hardware flexibility in the workplace. Companies with IT policies that are too strict are finding it difficult to hire and retain Millennials. Some image-conscious executives see a laptop as an accessory (similar to a smartphone) and want to be seen carrying the latest sleek device, instead of a clunky, outdated one.

As a result of this shift, more companies are beginning to offer Bring Your Own Computer (BYOC) programs. Employees enjoy the flexibility of choosing the machine best suited to their needs, while companies benefit from happier employees, reduced IT costs and reduced hardware investment. Most companies also see their number of help desk calls drop dramatically because employees are more invested in their machines. They tend to take better care of them and make more effort to troubleshoot before calling IT.

Once a company has decided to pursue BYOC, how should they approach implementation? After working with various customers on BYOC programs, I have learned that there are seven essential best practices to follow. Let's start with delivery model.

Best Practice No. 1: Delivery Model


Best Practice No. 1: Delivery model

When implementing BYOC, the first hurdle you need to tackle is how to deliver services. There are four different options, each with its own advantages and disadvantages:

1. Port everything to the Web

With this model, you provide all essential services via Web applications. The advantage is that any device with an Internet connection can access these applications. The disadvantages are that it takes a long time and can be expensive to rewrite all your corporate applications for the Web. Also, there is no offline access so mobile workers without a network connection are unable to access the environment.

2. Provide a remote desktop session

By using virtual desktop infrastructure (VDI) or Terminal Services (TS), you can host employees' desktops in the cloud. The upside is that the virtual machines can be accessed from many devices. However, this approach requires major server infrastructure that can cost as much as four to 10 times as much as your current system. Also, VDI and TS cannot run offline and they offer poor interactive performance on some rich applications.

3. Provide virtualized applications that run locally

The advantages here are that the applications run locally (so the performance is good) and the applications are still managed centrally (which makes the IT person's job easier). However, this approach is not cross-platform so you have to limit the types of machines that your employees can buy (which negates the purpose of BYOC). In addition, there are some serious security issues.

4. Provide a managed corporate VM to run locally

An alternative to VDI, client-based VMs are the best solution to BYOC. Under this model, IT retains the ability to centrally manage the desktop images. Plus, thanks to local execution, users enjoy better performance of rich local applications, as well as the ability to work offline. This approach supports a wide variety of platforms and devices.

Best Practice No. 2: Security


Best Practice No. 2: Security

The second major hurdle to BYOC programs is security. Because IT has less control over the physical machine, it must be treated as an untrusted device. Instead of controlling the hardware, IT should focus on securing the data. For the virtual desktop, there are seven security measures to look for in a solution: host checker, VM encapsulation, VM encryption, tamper resistance of code and policies, Active Directory authentication, Secure Sockets Layer (SSL) and centralized control of security policies.

Best Practice No. 3: Network configuration

In order to safeguard the network, the system should be configured so that only the VM has access to the corporate network and not the physical machine itself. The network team can implement segregation policies to ensure this separation.

Best Practice No. 4: BYOC program policies

Before rolling out the program, it is important to have the rules decided in advance. How will the machines be acquired (by the employee or the company)? Is there a stipend? If so, how much? Which employees are eligible? Who owns the machine? What are the minimum hardware specifications for a machine? Any recommended or prohibited devices? Will corporate IT be responsible for hardware support or should the employee add a support package (such as AppleCare) when buying the device? All of these specifics should be clearly communicated to employees.

Best Practice No. 5: Legal Issues


Best Practice No. 5: Legal issues

Companies should seek the advice of corporate counsel when planning for BYOC. Some potential legal issues include: Who owns the hardware? Who owns the data in the VM? In case of an audit or lawsuit, will the company have complete access to the data on the machine?

Best Practice No. 6: Tax implications

BYOC can affect the company's and the employee's tax responsibilities. Companies should consult their tax advisor.

Best Practice No. 7: Software licensing

When using virtual desktops, the company may be required to pay for two software licenses: one for the physical desktop and one for the VM. For example, if the user is running a Windows virtual environment on top of a Windows machine, two licenses are required.

Conclusion

By following these seven best practices, companies will be prepared to avoid the potential landmines of BYOC and reap the benefits of BYOC. These benefits include increased productivity, happier employees and reduced IT costs.

Purnima Padmanabhan is Vice President of Products at MokaFive. Purnima brings extensive experience in building teams that can define and deliver products based on a keen understanding of market dynamics and customer needs. Purnima is responsible for marketing, product management and user experience functions. Most recently, Purnima served as the director of product management for BMC's Service Automation business where she drove business strategy, M&A and product definition. Prior to BMC, Purnima held various marketing roles at Marimba and at Loudcloud. Purnima has a Master's degree in Business Administration from the Graduate School of Business, Stanford and a Master's degree in Computer Engineering from the University of Southern California. She can be reached at ppadmanabhan@mokafive.com.

Rocket Fuel