Your PC, our problem
What can users buy?
You can tell the difference between business laptops and consumer laptops pretty easily. Not by the specifications, or the price - as USB 3 and hard drive protection become common, often the only visible difference is whether it comes with a fingerprint scanner.
What really sets them apart is the design; consumer laptops come in a range of colours and look like something you’d want to own rather than an interchangeable black slab indistinguishable from the black slabs we were using five years ago.
With so many more employees mobile or working from home, letting them have the PC they want in exchange for taking the procurement work off your hands sounds like a win-win. This is what the consumerisation of IT is about.
Despite all the worries about productivity lost to Facebook and online shopping from the office, for every hour of personal use at the office we spend another three hours working at home, according to Jeffrey Cole, director of the Center for the Digital Future.
If you’re going to set up your systems so you can stream applications and make data available securely for the computers they use to do that, why spend the time and money managing a second work PC for them as well?
Getting the job done
You’re probably already supporting users who want to connect their smartphone to the company systems, at least for email - and if you're not doing it officially, check whether users aren’t just forwarding messages to webmail they can read on their phones – which is a whole different security and compliance headache.
This works best if you already have, or plan to create, the infrastructure to manage machines remotely and to stream applications virtually; you can’t say ‘your PC, your problem’ if you want employees to be able to get their job done.
Citrix offers employees $2,100 to buy their own laptop, but it obviously has the expertise to virtualise applications and stream data securely; it also insists that employees buy a three-year full service warranty that gets them on-site support and a replacement machine from the manufacturer, because the IT team will only offer basic support.
You’ll also want to set a minimum specification for PCs, especially if you want to run a virtualised environment for security and management. You want processors with hardware virtualisation support - which is rarely enabled by default in the BIOS on consumer laptops, by the way - as well as enough speed to run business apps. Providing an approved list of PCs or manufacturers makes more work for you, but avoids unrealistic expectations.
Be prepared to audit purchases and warranties, enforce the no-support policy and answer difficult questions about how much money you’re really saving if that means some crucial work doesn’t get done. Realistically, you’ll have to have some spare systems for real emergencies. You won’t be able to keep spare parts like batteries and docking bases in stock, although memory, hard drives and USB docking systems will work with most laptops.
Streaming virtualised applications gets around the issue of how to revoke expensive software licences when employees leave. Kraft for example mixes that approach with insisting users buy their own copy of Microsoft Office, which also avoids licence issues, but this won’t work for more specialised software.
There are other financial implications, so check with your accountant whether the notebook will count as a taxable employee benefit, and make sure your policies on who qualifies for any company funding don’t count as discrimination.
Consumer and small business PCs come with pre-installed software, a lot of which starts up automatically and can reduce PC performance. Additionally, you end up with different anti-virus software on every PC, all of them updating and scanning and running out of the annual subscription at different times.
Your enterprise anti-virus software might be able to replace some of those automatically, but it tends to be the enterprise versions of security software that can be removed. So Forefront can replace Symantec, MacAfee and Trend - but not the versions that come on consumer notebooks.
You could secure a virtual environment on BYO PCs but, if the underlying version of Windows is compromised, the user isn’t going to be very productive and duelling anti-virus software can really slow a PC down, so you may need to budget for hands-on time with every machine. And you’ll definitely want to be in charge of managing updates.
Don’t forget to have users sign the policy that says they’re responsible for backing up their personal files, that they understand the files might be visible to the IT team if they ask for remote support, and that they must not put inappropriate files on there. You'll need also to set exclusions for media files if you’re redirecting user document folders, so your server doesn't fill up with large files of unknown origin.
With that many drawbacks - and advantages that accrue mainly to more companies with sophisticated IT setups - it’s not surprising that, despite some high-profile examples, only two per cent of enterprises in Forrester’s recent hardware survey will support employees who bring their own PC to work.
Make sure that BYOPC would really help you - for example by attracting young employees with high expectations of what technology they’ll get to use - or concentrate on making sure you can stay secure and let employees be productive with the smartphones and tablets they’re already bringing to work. ®
Sponsored: Network DDoS protection