My Recent Presentation On Making BYOPC A Reality

I recently presented at Forrester’s Security Forum (Twitter: #FSF09) and Forrester’s Infrastructure & Operations and Security & Risk Leadership Board meetings on how companies can make BYOPC a reality. Overall, the feedback was great! Yes, there were absolutely skeptics in the room (especially the security pros), but slowly I was able to alleviate most of their concerns. It really goes back to what I have said in the past, BYOPC is really just an advanced form of remote access. And Google, Citrix, and Cisco agreed — each had their CSO/CIO up on stage with me talking about their own respective BYOPC and consumerization programs.

Overall, here were my talking points about the necessary components to make BYOPC work:

1. Device: Self-explanatory – let the user choose the device he/she wants to use
2. Desktop and application virtualization: This is how you deliver applications and desktops environments to unmanaged devices. When possible, using hosted desktop and application virtualization will deliver best results as you can just have users access their desktops/apps over any network connection. For users that are mobile and can’t be guaranteed a network connection, local desktop and application virtualization will do the trick.
3. VPN: First and foremost, with BYOPC, all users should be considered un-trusted. This means that they should never connect directly to the LAN. With that said, a VPN is how you give secure access from the user’s PC to the datacenter hosted desktops and apps – it will also make sure that all connecting PCs abide by your security policies, such as up-to-date AV. VPNs are not new to any of you as these technologies have been used for years to give remote workers, contractors, etc. access to corporate resources. Now, we will just use the technology more broadly. My recommendation is an SSL-VPN to prevent the required install of a client.
4. DLP: Data leak prevention tools should be used to protect the data where it lives. So, this means putting rules in place on the data in your employees’ VMs (either hosted or locally installed) about what the user can do with it. For example, making sure that confidential information can never be removed from the VM and brought down to the user device.
5. Client management and security: Using your standard client management and security tools, you can make sure that all VMs look identical to your managed machines. So, companies will need to use client management to configure, patch, etc. the VMs (both hosted and locally installed) that the users work on, and client security will remain in place to secure those VMs. The only thing to keep in mind is that client security now needs to be in two places – the VM and the BYOPC.

Using these five components will make BYOPC possible – and most attendees, after some initial hesitation, agreed. The best quote from an attendee from a financial services company was this: “If BYOPC is a competitive advantage today [because it has been known to help with recruiting and employee satisfaction], it will be a requirement tomorrow.” I couldn’t have said it better myself.

What VMworld Taught Me About BYOPC

So, yes, I am late on putting my quick thoughts together about walking the showroom floor at VMworld, but better late then never, right? Anyway, VMworld definitely had a BYOPC buzz this year – VMware refers to it as “Employee-owned IT.” While I disagree with the name (because the overall enterprise computing environment will still be owned, managed, and secured by the IT department), VMware — and many of the showcasing vendors — are all talking about a world where IT no longer owns the physical asset that employees use to get their work done.

So how will they do it? VMware promotes local desktop virtualization as a means for giving a non-corporate asset and managed environment – Moka Five boasts similar functionally based on VMware technology. Then there are vendors like Ring Cube that look at BYOPC as a way to virtually turn the non-corporate PC into a managed environment during the work day. Citrix, on the other hand, believes that BYOPC is made possible by a virtualization stack that delivers hosted desktops or apps (apps can be delivered locally as needed).

Regardless, VMworld made it clear that vendors are trying to find where they fit in a BYOPC world, yet the underpinnings of this world will be virtualization.

BYOPC: Remote access for the masses

I was talking with a large enterprise today that has a remote access solution in place so that employees, not in the office, can access their applications from their home machine. So why, I asked, was BYOPC such a foreign concept? Think about it…a home machine is just another “unmanaged” device. This “unmanaged” device is simply requesting access to applications that will enable the employee to get her job done.

I think most organizations are over-thinking BYOPC. Yes, it may mean making more applications available to employees over Citrix XenApp (formally Presentation Server, formally Metaframe) or Microsoft Terminal Services, but it is not an entirely new architecture like people think. Most companies already have these types of solutions in place today for remote access and complex applications, so why not expand this implementation? Alternatively, many organizations are already looking at hosted desktop virtualization (also known as VDI) for contractors, offshore employees, call centers, etc., why not expand the implementation to provide a managed desktop environment to an employee-owned unmanaged device? I mean, isn’t this exactly what a contractor or an offshore employee has?

I know I am over-simplifying he technology underpinnings of (and the costs associated with) BYOPC, but the concept is not new. Yes, BYOPC will require you rethink the capacity of your remote access solution, but you don’t have to rethink the architecture. Honestly, my interest would be if Microsoft Direct Access can solve the capacity issues…what do you think?

Dilbert wants his own computer

Even Dilbert believes in BYOPC

Will advances in the Mac OS tip the scales for BYOPC?

CNET recently reported that Apple’s upcoming Snow Leopard OS will support Microsoft Exchange Server 2007. Why is this important for BYOPC? Because until this release, BYOPC presumed some amount of virtualization (in most cases desktop virtualization) to support the killer app — email. According to the CNET article, “Improved Exchange support will be integrated into Mail, iCal and Address Book in Snow Leopard, which means email, calendar appointments, to-do lists and contacts from Outlook will be viewable on your personal calendar, mail and address books. It also allows things like dragging and dropping contacts into iCal to schedule meetings, and your Mac will be able to discover time conflicts between personal and work calendars and change the meeting time and location.”

So, with virtualization no longer needed to support the killer app on a Mac, organizations will need to rethink how they will support users that want to use Mac’s in their native state for corporate activities. However, this is a huge step forward for employees wanting to use Mac’s in the corporate environment…IT can no longer hang their hat on email not being supported.

This opens a few questions for me:

• will IT shops have the proficiency to support the Mac?
• will email work well on a Mac and live up to expectations?
• will this follow a similar trajectory as the iPhone with execs just demanding it?
• what is the fate of VMware Fusion and Parallels?

Regardless, my advice is this: Walk down to your local Apple store and offer the Genius behind the counter a job!

Travel company interested in BYOPC

Last week I was speaking with a large travel company — one of their major IT initiatives over the next 6 months is to understand and implement BYOPC. Why? Because they believe that being the fun company to work for is a competitive differentiator as well as a recruiting benefit. This has been a key message from their HR departments for years.

In addition, they have a very demanding employee population that is embracing consumerization with or without IT. Key employee groups are already bringing in their own laptops and smartphones and using them for company activities. IT has decided that fighting this at a corporate level was not worth the risk to their internal brand with their employees.

Moving forward, this company believe that BYOPC will be part of their DNA for all employees.

BYOPC Case Study: Citrix Systems

Yes, I know Citrix is a vendor with a solution to sell. But, they are also a business — one with the same challenges of managing the PC environment as anyone else. So, when I talked with their CIO about their BYOPC initiative, I learned a lot about the hoops he had to jump through to get this project off the ground. In the end, Citrix now allows employees (with manager approval) to take a $2100 stipend, buy a machine of their choice (an accompanying 3-year service contract), and use this device as their corporate/personal machine. Using technologies such as VPNs, application virtualization, and desktop virtualization, Citrix is able to deliver a full experience to their workers independent of the device.

In the end, Citrix found that “happy employees are productive employees. The majority of the employees who participated in the program believe that their productivity increased as a result. Why? Because using the machine and operating system of their choice fostered a pride in ownership. In fact, Citrix found that users more often than not chipped in their own money to get an even better machine. As a result, users: 1) simply used the device more often; 2) increased their willingness to finish up that one last task or log a few extra hours on the weekend; and 3) took better care of the device since they had invested their own money.” (Bring Your Own PC Reinvents The Corporate PC: A Citrix Systems Case Study)

Here is the executive summary of my report that has just published on forrester.com:

Bring your own PC (BYOPC) programs are becoming increasingly popular for today’s businesses. Why? Because they allow individuals to work from the device of their choice, which not only increases employee satisfaction but also lowers IT costs. Getting started with a BYOPC initiative can be overwhelming for organizations because many new issues must be taken into account, such as device security, application delivery, and hardware support. Citrix has developed an extensive BYOPC program that not only allows employees the freedom to choose but also takes into consideration all of the important security measures needed to do it right. Centered on 10 BYOPC rules, the Citrix program serves as a great example to others looking to bring BYOPC into the workplace in a secure and cost-effective way.

The full report can be found at:

Virtual workforce — great use of BYOPC

Cisco’s recent announcement of a $277 million productivity savings by moving to a virtual workforce has me thinking…these virtual workers would be a great use case for BYOPC. While the article doesn’t state what type of PCs are being used for this workforce (I know that Cisco does have some internal BYOPC initiatives going on), imagine the benefits of allowing these workers to compute from the device of their choosing.

I have spoken to many organizations that are already using BYOPC for their home-workers. Why? Because it is easier (and less costly) to have their workers use or go buy their own machine than have a corporate PC shipped to them. While some of the folks that I have spoken with actually require home workers to use their own machines, others give users a stipend for a device (and an associated support contract) — thus no longer being responsible for any of the hardware support. This works for both parties as these remote workers will more likely be closer to a third party support, such as the Apple Genius Bar or the Geek Squad, than to their corporate IT staff. This means faster and less expensive support.

In terms of how these organizations support this model, most are using a combination of application and desktop virtualization technologies to provide access to the corporate desktop and applications — just like being in the office!

Very interested in your thoughts around BYOPC for the virtual workforce.

Green IT: Does Hosted Desktop Virtualization Help?

Hosted desktop virtualization is one of the major technology enablers of BYOPC. So, in that vein, I must digress. My question: does hosted desktop virtualization lead to less power used in the organization? My answer: No.

Think about it. Yes, we are moving from a full blown PC (or laptop) to a thin client. However, a monitor is kept in both PC and thin client scenarios. But, I will agree that we have just cut the PC power from roughly 100 kw/hour to 10 kw/hour. But how about all of the servers in the datacenter (we are talking 30-50 users/server)? How about all of the storage — and the BC/DR storage? The networks (that were there before but may need to beefed up)? How about HVAC and all of the environmentals?

I speak to our clients about this everyday — I have hosted many panels on this topic as well. Universally, the folks that i have spoken to who have moved to hosted desktop virtualization are not seeing less power used — they are seeing much more. They are just seeing a transference of power so that it is not in the building facilitates budget but in the datacenter.

Finally, in the majority of implementations that I am seeing today, companies are not even moving to thin clients immediately. Why? To save costs. They figure (and I agree) that they can double the length of their PCs. So, again, if i am not going to move to thin clients for another 3+ years, moving to hosted desktop virtualization will be anything BUT a green IT story.

VERY interested in your thoughts! Please comment here and lets get a dialog going.

If it’s good enough for the Government…

“We are having a problem delivering new PCs to all of our users — we need to get out of this refresh cycle. Help me think outside the box.” — CIO large government agency

That’s how a recent conversation started with the CIO of a large government agency. I had recently sat down with him to talk about his challenge with providing new PCs to his users on a 3-4 year basis. It was costly and he just didn’t have the IT staff to get these new PCs to all of his workers in remote locations. His request was simple: challenge him and help him think outside the box for a new desktop delivery model.

This led us down the path of BYOPC initiatives that many companies are beginning to embrace — at first, he was skeptical to say the least. But I talked about how he could give his employees either a lump sum of $2000, and let them purchase the PC of their choice OR just let his home workers use their home PC. Using one of the various flavors of desktop and application virtualization, he could allow all of these “unmanaged” or “untrusted” devices to have secure access to all of the applications and data that the managed PCs had before. In addition, his users would get to use the PC of their choice (which was a big deal for him as his organization was trying to recruit younger workers) and furthermore, he could offload all hardware support to the Geek Squads of the world.

After 40 minutes of conversation, he was sold! To be honest, I picked on this one example because I typically think of the Government as less sophisticated (maybe “risky” is better). But even stodgy government agencies are looking to BYOPC to cut costs and appease a new generation of workers. If it’s good enough for them, it’s good enough for everyone, right?