How To Keep Control Of Employee-Owned PCs

Consumerisation and mobilisation in computing are fueling a trend of employees using personal PCs in their jobs. Some enterprises are pushing this as a path to saving money, but IT administrators are struggling to find ways to secure corporate data while keeping employees productive. eWEEK Labs looks at some solutions, including application whitelisting, widening administrative rights, and desktop virtualisation from such companies as Microsoft, Citrix and VMware.

IT departments are charged with ensuring the security and availability of company applications and data. Delivering on this mandate can be difficult enough on closely managed, company-owned machines under the direct control of IT.

However, administrators are now facing, with increasing frequency, the additional wrinkle of supporting PCs over which ultimate control lies outside of the company. A growing number of employees are looking to use their own personal PCs in their jobs as well.

Two key factors that are playing into this loss of control by IT departments are trends toward consumerisation and mobilisation in computing. The range of computing product options marketed to individual users has expanded, and the ease with which these systems can move between home and work has increased. As a result, IT departments are faced with supporting or tolerating systems that their users have brought in from home.

What’s more, some companies actively pursue employee-owned notebook schemes as a means of boosting productivity and reducing support costs among workers who are technology-savvy enough to shape and maintain their own desktop environments.

Companies always have the option of banning the use of company data or applications on systems brought from home (with the inevitable exception of users with enough clout to bend the rules), but there are plenty of situations in which the line between authorised and forbidden systems can’t be so clear. For instance, companies work in many cases with contractors or partners who own their own machines, or telecommuting workers who live outside the range of IT support staff.

Employee-owned or -controlled notebook schemes aren’t appropriate for every company, industry or employee. However, regardless of your company’s policy toward user-controlled systems, it makes sense to develop a set of strategies for ensuring sufficient levels of data security and application accessibility for user systems that fall outside of a strict system management regime.

It’s not an easy problem to tackle, most importantly because the administrative rights over a system with a user-controlled desktop or notebook scheme are such that users have the right to install arbitrary applications and drivers on their machines, some of which could be malicious or harmful in purpose or practice.