October 5, 2009
I recently presented at Forrester’s Security Forum (Twitter: #FSF09) and Forrester’s Infrastructure & Operations and Security & Risk Leadership Board meetings on how companies can make BYOPC a reality. Overall, the feedback was great! Yes, there were absolutely skeptics in the room (especially the security pros), but slowly I was able to alleviate most of their concerns. It really goes back to what I have said in the past, BYOPC is really just an advanced form of remote access. And Google, Citrix, and Cisco agreed — each had their CSO/CIO up on stage with me talking about their own respective BYOPC and consumerization programs.
Overall, here were my talking points about the necessary components to make BYOPC work:
- Device: Self-explanatory – let the user choose the device he/she wants to use
- Desktop and application virtualization: This is how you deliver applications and desktops environments to unmanaged devices. When possible, using hosted desktop and application virtualization will deliver best results as you can just have users access their desktops/apps over any network connection. For users that are mobile and can’t be guaranteed a network connection, local desktop and application virtualization will do the trick.
- VPN: First and foremost, with BYOPC, all users should be considered un-trusted. This means that they should never connect directly to the LAN. With that said, a VPN is how you give secure access from the user’s PC to the datacenter hosted desktops and apps – it will also make sure that all connecting PCs abide by your security policies, such as up-to-date AV. VPNs are not new to any of you as these technologies have been used for years to give remote workers, contractors, etc. access to corporate resources. Now, we will just use the technology more broadly. My recommendation is an SSL-VPN to prevent the required install of a client.
- DLP: Data leak prevention tools should be used to protect the data where it lives. So, this means putting rules in place on the data in your employees’ VMs (either hosted or locally installed) about what the user can do with it. For example, making sure that confidential information can never be removed from the VM and brought down to the user device.
- Client management and security: Using your standard client management and security tools, you can make sure that all VMs look identical to your managed machines. So, companies will need to use client management to configure, patch, etc. the VMs (both hosted and locally installed) that the users work on, and client security will remain in place to secure those VMs. The only thing to keep in mind is that client security now needs to be in two places – the VM and the BYOPC.
Using these five components will make BYOPC possible – and most attendees, after some initial hesitation, agreed. The best quote from an attendee from a financial services company was this: “If BYOPC is a competitive advantage today [because it has been known to help with recruiting and employee satisfaction], it will be a requirement tomorrow.” I couldn’t have said it better myself.
August 18, 2009
CNET recently reported that Apple’s upcoming Snow Leopard OS will support Microsoft Exchange Server 2007. Why is this important for BYOPC? Because until this release, BYOPC presumed some amount of virtualization (in most cases desktop virtualization) to support the killer app — email. According to the CNET article, “Improved Exchange support will be integrated into Mail, iCal and Address Book in Snow Leopard, which means email, calendar appointments, to-do lists and contacts from Outlook will be viewable on your personal calendar, mail and address books. It also allows things like dragging and dropping contacts into iCal to schedule meetings, and your Mac will be able to discover time conflicts between personal and work calendars and change the meeting time and location.”
So, with virtualization no longer needed to support the killer app on a Mac, organizations will need to rethink how they will support users that want to use Mac’s in their native state for corporate activities. However, this is a huge step forward for employees wanting to use Mac’s in the corporate environment…IT can no longer hang their hat on email not being supported.
This opens a few questions for me:
- will IT shops have the proficiency to support the Mac?
- will email work well on a Mac and live up to expectations?
- will this follow a similar trajectory as the iPhone with execs just demanding it?
- what is the fate of VMware Fusion and Parallels?
Regardless, my advice is this: Walk down to your local Apple store and offer the Genius behind the counter a job!
July 8, 2009
Yes, I know Citrix is a vendor with a solution to sell. But, they are also a business — one with the same challenges of managing the PC environment as anyone else. So, when I talked with their CIO about their BYOPC initiative, I learned a lot about the hoops he had to jump through to get this project off the ground. In the end, Citrix now allows employees (with manager approval) to take a $2100 stipend, buy a machine of their choice (an accompanying 3-year service contract), and use this device as their corporate/personal machine. Using technologies such as VPNs, application virtualization, and desktop virtualization, Citrix is able to deliver a full experience to their workers independent of the device.
In the end, Citrix found that “happy employees are productive employees. The majority of the employees who participated in the program believe that their productivity increased as a result. Why? Because using the machine and operating system of their choice fostered a pride in ownership. In fact, Citrix found that users more often than not chipped in their own money to get an even better machine. As a result, users: 1) simply used the device more often; 2) increased their willingness to finish up that one last task or log a few extra hours on the weekend; and 3) took better care of the device since they had invested their own money.” (Bring Your Own PC Reinvents The Corporate PC: A Citrix Systems Case Study)
Here is the executive summary of my report that has just published on forrester.com:
Bring your own PC (BYOPC) programs are becoming increasingly popular for today’s businesses. Why? Because they allow individuals to work from the device of their choice, which not only increases employee satisfaction but also lowers IT costs. Getting started with a BYOPC initiative can be overwhelming for organizations because many new issues must be taken into account, such as device security, application delivery, and hardware support. Citrix has developed an extensive BYOPC program that not only allows employees the freedom to choose but also takes into consideration all of the important security measures needed to do it right. Centered on 10 BYOPC rules, the Citrix program serves as a great example to others looking to bring BYOPC into the workplace in a secure and cost-effective way.
The full report can be found at:
June 26, 2009
Cisco’s recent announcement of a $277 million productivity savings by moving to a virtual workforce has me thinking…these virtual workers would be a great use case for BYOPC. While the article doesn’t state what type of PCs are being used for this workforce (I know that Cisco does have some internal BYOPC initiatives going on), imagine the benefits of allowing these workers to compute from the device of their choosing.
I have spoken to many organizations that are already using BYOPC for their home-workers. Why? Because it is easier (and less costly) to have their workers use or go buy their own machine than have a corporate PC shipped to them. While some of the folks that I have spoken with actually require home workers to use their own machines, others give users a stipend for a device (and an associated support contract) — thus no longer being responsible for any of the hardware support. This works for both parties as these remote workers will more likely be closer to a third party support, such as the Apple Genius Bar or the Geek Squad, than to their corporate IT staff. This means faster and less expensive support.
In terms of how these organizations support this model, most are using a combination of application and desktop virtualization technologies to provide access to the corporate desktop and applications — just like being in the office!
Very interested in your thoughts around BYOPC for the virtual workforce.
June 25, 2009
Hosted desktop virtualization is one of the major technology enablers of BYOPC. So, in that vein, I must digress. My question: does hosted desktop virtualization lead to less power used in the organization? My answer: No.
Think about it. Yes, we are moving from a full blown PC (or laptop) to a thin client. However, a monitor is kept in both PC and thin client scenarios. But, I will agree that we have just cut the PC power from roughly 100 kw/hour to 10 kw/hour. But how about all of the servers in the datacenter (we are talking 30-50 users/server)? How about all of the storage — and the BC/DR storage? The networks (that were there before but may need to beefed up)? How about HVAC and all of the environmentals?
I speak to our clients about this everyday — I have hosted many panels on this topic as well. Universally, the folks that i have spoken to who have moved to hosted desktop virtualization are not seeing less power used — they are seeing much more. They are just seeing a transference of power so that it is not in the building facilitates budget but in the datacenter.
Finally, in the majority of implementations that I am seeing today, companies are not even moving to thin clients immediately. Why? To save costs. They figure (and I agree) that they can double the length of their PCs. So, again, if i am not going to move to thin clients for another 3+ years, moving to hosted desktop virtualization will be anything BUT a green IT story.
VERY interested in your thoughts! Please comment here and lets get a dialog going.
June 18, 2009
Recently, Time Magazine published a set of reports on the Future Of Work. In these reports, Time talk about how the next generation of workers have completely different expectations of what work is — this is specifically true of technology. Over and over I hear from IT organizations that they are being forced to support the latest technologies in order to just get the new worker in the door. For many reasons, it is things like what is mentioned in these reports that drive BYOPC.
I highly recommend you check out all of the articles in this edition.