Feeds

Your PC, our problem

What can users buy?

Combat fraud and increase customer satisfaction

You can tell the difference between business laptops and consumer laptops pretty easily. Not by the specifications, or the price - as USB 3 and hard drive protection become common, often the only visible difference is whether it comes with a fingerprint scanner.

What really sets them apart is the design; consumer laptops come in a range of colours and look like something you’d want to own rather than an interchangeable black slab indistinguishable from the black slabs we were using five years ago.

With so many more employees mobile or working from home, letting them have the PC they want in exchange for taking the procurement work off your hands sounds like a win-win. This is what the consumerisation of IT is about.

Despite all the worries about productivity lost to Facebook and online shopping from the office, for every hour of personal use at the office we spend another three hours working at home, according to Jeffrey Cole, director of the Center for the Digital Future.

If you’re going to set up your systems so you can stream applications and make data available securely for the computers they use to do that, why spend the time and money managing a second work PC for them as well?

Getting the job done

You’re probably already supporting users who want to connect their smartphone to the company systems, at least for email - and if you're not doing it officially, check whether users aren’t just forwarding messages to webmail they can read on their phones – which is a whole different security and compliance headache.

This works best if you already have, or plan to create, the infrastructure to manage machines remotely and to stream applications virtually; you can’t say ‘your PC, your problem’ if you want employees to be able to get their job done.

Citrix offers employees $2,100 to buy their own laptop, but it obviously has the expertise to virtualise applications and stream data securely; it also insists that employees buy a three-year full service warranty that gets them on-site support and a replacement machine from the manufacturer, because the IT team will only offer basic support.

You’ll also want to set a minimum specification for PCs, especially if you want to run a virtualised environment for security and management. You want processors with hardware virtualisation support - which is rarely enabled by default in the BIOS on consumer laptops, by the way - as well as enough speed to run business apps. Providing an approved list of PCs or manufacturers makes more work for you, but avoids unrealistic expectations.

Going spare

Be prepared to audit purchases and warranties, enforce the no-support policy and answer difficult questions about how much money you’re really saving if that means some crucial work doesn’t get done. Realistically, you’ll have to have some spare systems for real emergencies. You won’t be able to keep spare parts like batteries and docking bases in stock, although memory, hard drives and USB docking systems will work with most laptops.

Streaming virtualised applications gets around the issue of how to revoke expensive software licences when employees leave. Kraft for example mixes that approach with insisting users buy their own copy of Microsoft Office, which also avoids licence issues, but this won’t work for more specialised software.

There are other financial implications, so check with your accountant whether the notebook will count as a taxable employee benefit, and make sure your policies on who qualifies for any company funding don’t count as discrimination.

Consumer and small business PCs come with pre-installed software, a lot of which starts up automatically and can reduce PC performance. Additionally, you end up with different anti-virus software on every PC, all of them updating and scanning and running out of the annual subscription at different times.

Your enterprise anti-virus software might be able to replace some of those automatically, but it tends to be the enterprise versions of security software that can be removed. So Forefront can replace Symantec, MacAfee and Trend - but not the versions that come on consumer notebooks.

Use responsibly

You could secure a virtual environment on BYO PCs but, if the underlying version of Windows is compromised, the user isn’t going to be very productive and duelling anti-virus software can really slow a PC down, so you may need to budget for hands-on time with every machine. And you’ll definitely want to be in charge of managing updates.

Don’t forget to have users sign the policy that says they’re responsible for backing up their personal files, that they understand the files might be visible to the IT team if they ask for remote support, and that they must not put inappropriate files on there. You'll need also to set exclusions for media files if you’re redirecting user document folders, so your server doesn't fill up with large files of unknown origin.

With that many drawbacks - and advantages that accrue mainly to more companies with sophisticated IT setups - it’s not surprising that, despite some high-profile examples, only two per cent of enterprises in Forrester’s recent hardware survey will support employees who bring their own PC to work.

Make sure that BYOPC would really help you - for example by attracting young employees with high expectations of what technology they’ll get to use - or concentrate on making sure you can stay secure and let employees be productive with the smartphones and tablets they’re already bringing to work. ®

3 Big data security analytics techniques

More from The Register

next story
OpenBSD founder wants to bin buggy OpenSSL library, launches fork
One Heartbleed vuln was too many for Theo de Raadt
Got Windows 8.1 Update yet? Get ready for YET ANOTHER ONE – rumor
Leaker claims big release due this fall as Microsoft herds us into the CLOUD
This time it's 'Personal': new Office 365 sub covers just two devices
Redmond also brings Office into Google's back yard
Ubuntu 14.04 LTS: Great changes, but sssh don't mention the...
Why HELLO Amazon! You weren't here last time
Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
Plus: iThings and desktops at risk of NEW SSL attack flaw
Next Windows obsolescence panic is 450 days from … NOW!
The clock is ticking louder for Windows Server 2003 R2 users
Batten down the hatches, Ubuntu 14.04 LTS due in TWO DAYS
Admins dab straining server brows in advance of Trusty Tahr's long-term support landing
Red Hat to ship RHEL 7 release candidate with a taste of container tech
Grab 'near-final' version of next Enterprise Linux next week
Apple inaugurates free OS X beta program for world+dog
Prerelease software now open to anyone, not just developers – as long as you keep quiet
prev story

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.