By 2008, your boss might ask you to buy your own laptop. Or you might be among the IT managers trying to determine how much of a PC stipend you should issue your employees. According to Gartner Inc., companies will require employees to purchase and maintain their own laptops.
Employees would then use the laptops for personal and business use. The idea is to save businesses money, time -- and headaches. By offloading basic maintenance and purchase responsibilities to end users, companies could free up administrators to tackle business-critical initiatives, according to Gartner.
"As users get more and more devices, managing them becomes harder and harder," said Leslie Fiering, a Gartner research vice president, who coauthored a recent report on 2006 trends.
"Companies are looking for ways to ensure secure, sustainable [mobile] systems without increasing IT's administrative burden." The idea particularly appeals to smaller firms with limited IT staffs, she added. "We're already seeing a trend among SMBs toward making a notebook a requirement for employment."
However, turning PC ownership over to employees can create more headaches than it eliminates, if not managed correctly, industry sources agree. "If you don't own an employee's notebook, you cannot manage it the way you manage your in-house devices," the Gartner report states. "Security and policy will need to evolve to ensure that allowing work from unmanageable devices does not result in unmanageable risk."
AXA Financial can attest to that.
For some time now, employees have either owned their laptops or leased them from the company, said Thomas Pfeiffer, a technical consultant at the New York City-based financial services firm. The arrangement has lightened IT's administrative load somewhat: "When an employee has hardware problems, if he drops a machine or cracks a screen, he goes to the vendor's support organization rather than our help desk," Pfeiffer said.
But employee-installed software has caused more problems than anticipated, he said. Employee-installed software has "collided" with, and then damaged authorized, work-related notebook applications. End users have changed network settings, causing mobile devices to drop out of AXA's Active Domain network. They've reconfigured the operating system, causing it to crash. Web downloads have spread spam and malware across the corporate network.
If the laptops were used entirely for corporate applications, IT could install standardized software images and lock the devices down, so users couldn't change the settings or install unauthorized code. But employees are accustomed to getting full access, and it's hard to make limits stick when in many cases, they pay for their own machines, Pfeiffer pointed out.
One potential way around this quandary, which AXA is now pilot testing, is to equip each notebook with a virtual machine: a computer within a computer that runs only corporate applications, and is secured and locked down so that only authorized IT technicians could add software or change settings.
This means IT administrators are responsible only for maintaining what resides on the virtual machine. The rest of the laptop, outside the VM, is allocated to the employee's personal use. So employees can go shopping online, download music files, and install personal software -- with the proviso that they are responsible for maintaining that portion. This saves IT administrators from the problems that result from threatening or incompatible applications that some employees might download.
So far, the solution has worked well, Pfeiffer said. Employees can download whatever they like on their section of the laptop, without endangering applications or data on the corporate VM, or compromising security.Indeed, vendors like Microsoft and VMware provide software-based VM products. However, such products can be difficult to configure, according to Fiering, and they aren't a guarantee against determined end users.
And additional issues remain, Anderson said. While younger employees may be technically savvy enough to maintain their own laptops, older employees are likely to have difficulties. As a result, a lot of companies will end up signing up for third-party hardware and software support. Fiering envisions a group support plan, similar to group health insurance, in which costs are shared by the company and employees.
If an employee, through carelessness or ignorance, permanently trashes a computer, it may not be so simple for IT department to say, "Go fix it, that's your responsibility," Anderson pointed out. "A notebook is a crucial work tool." In a recent Gartner survey, 60 of 200 respondents reported that at least 30% of their employees access company-owned resources with non-company-owned devices.
Employee-owned notebook programs will become truly viable when chip-based VM becomes generally available, said Clain Anderson, director of security for Lenovo's ThinkPad and ThinkCenter product lines. The technology, still a couple of years away from general availability, will enable companies to set up "a totally isolated, virus-proof, Trojan horse-proof environment that's tied to an onboard security chip with a cryptographic engine," he added.