Slashdot Mirror
Should Employees Buy Their Own Computers?
Local ID10T writes
"Data security vs. productivity. We have all heard the arguments. Most of us use some of our personal equipment for work, but is it a good idea? 'You are at work. Your computer is five years old, runs Windows XP. Your company phone has a tiny screen and doesn't know what the internet is. Idling at home is a snazzy, super-fast laptop, and your own smartphone is barred from accessing work e-mail. There's a reason for that: IT provisioning is an expensive business. Companies can struggle to keep up with the constant rate of technological change. The devices employees have at home and in their pockets are often far more powerful than those provided for them. So what if you let your staff use their own equipment?' Companies such as Microsoft, Intel, Kraft, Citrix, and global law firm SNR Denton seem to think it's a decent idea."
Wouldn't work. The company would always care about its own security.
Having email on your phone, or your computer, gives the company authorization to scan the whole thing including your personal data. That was already ruled in court.
I'd sooner keep my work and life separate, and that includes my gadgets.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
So No.
All the projects in your personal computer can be claimed to belong to the company, unless they make agreement in writing. Also, this will create major headache in company's IT and software licensing business.
Do it and you will be happier. So what if your own stuff is more powerful, it is yours and used for your things. Stop acting like a slave and use your own time and devices for yourself.
"I use a Mac because I'm just better than you are."
That's just what I want, to support 30 or 40 different models, brands, or hell even architectures.
To say nothing of when their own personal laptop that they used to surf horse porn last night brings some nasty viruses to work to test the corporate network.
And finally, what happens when I tell them "Sorry, you're going to need to downgrade your os/office suite/creativity suite/whatever to be compatable with the tools we've already paid thousands of dollars for and aren't going to get a new license just for your special snowflake hardware there".
No thanks. I'm happy with standardized hardware. if you keep facebook and yahoo messenger off it (thank god for corporate virus protection that can prevent unauthorized installers/msi files), it'll run nice and quick.
Seriously, a 5 year old pendium D with 2gb of ram running XP will tear the fuck out of office 2003 or 2007. This is work. Do work.
2: Require them to do so.
3: Don't pay them to do so.
4: Profit!
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Several of the examples in the article are not talking about owning your own computer, but using your own computer to access a remote desktop on a VM in a server farm somewhere. I fail to see how this makes the computer "your own" or allows you to customize it to your requirements. Quite the opposite, because VDI images are usually the same snapshot of the same VM with your user profile mounted over a network.
Sounds like business promoting an externality to me - they want all the advantages of a locked down computer in a physically secure location, realized they'll have to shell out for the server farm, the network infrastructure AND a bunch of VDI terminals - and then realized they could get silly mugs to pay for their own terminal on the premise they are "owning their own".
This is a world apart from companies that actually allow users to be in charge of their own computer - and that typically is only practical, and only occurs, where there is a high level of tech savvy. Like Google, who will buy you the computer you ask for and let you install what the hell you like on it.
Kraft? I'd be gobsmacked if they fell into the latter group.
agreed, maintaining any kind of network integrity would be impossible, it's bad enough as it is
"I disapprove of what you say, but I will defend to the death your right to say it." - Evelyn Beatrice Hall, re Voltaire
Good idea: letting your employees bring in their own computers
Bad idea: making your employees bring in their own computers
And I'm not even saying that it would become official company policy. Once a manager sees the savings, the upgrade cycle becomes even more drawn out and employees have to bring in their own stuff by default, just to get anything done.
But if I could charge my company a rental fee for bringing in my own computer ... that might change things a bit. :)
That's a bit on the ridiculous side, especially for large enterprise. An employer needs to secure their network, and that includes all devices connected to the network. ALL OF THEM. If people own the computers then they can rightfully put whatever programs they want on them and then security goes out the window. You may THINK that if you citrix/whatever in there, but employees will eventually use their personal desktop space for critical and sensitive information instead of leaving it on the "secure" network, and you'd have no way to check or enforce this.
In the land of the blind, the one-eyed man is kinky.
Aren't people who use all of their own equipment to do a job called consultants? I'll happily use my equipment but you will pay for the privilege.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
I would use a company computer, but my cell phone is always mine so I can turn the thing off.
For every benefit you receive a tax is levied. - Ralph Waldo Emerson
If someone wants to steal something, and you are trying to prevent it, short of a body cavity search everyday, you've already lost the game. You can steal a code base and drawings for virtually any product by simply copying it onto a USB flash drive, and walking out. Often your cell phone will suffice.
If you are trying to prevent viruses and stuff, the same techniques apply for company owned laptops versus employee owned. If they can take it home, it can get infected. You might ameliorate things by having a forced virus checker installation, but a voluntary one will generally work just as well.
In the end, the only thing you are can't do is take the machine away, but this is such a rare event that it's almost not worth considering.
All the technology in the world won't hide your lack of vision, talent, or understanding.
My machines belong to me. The stuff on them is mine, not the company's. And I don't want any confusion about that. I have VPN access from home to the corporate LAN. We also have a Windows "work at home" server which is accessible via MS's mstsc. I use that, not the VPN/LAN. I use Linux at home and rdesktop to access that server. Once on that server, I use mstsc to access my work desktop. Why? it makes my home machine safer. My home machine is more of a "dumb terminal" which cannot be infected by or infect anything at work. Or at least it is significantly less likely. I'm not aware of any virus which can spread over an mstsc link. Which means little, given my ignorance. My home system is behind a firewall/router, so hopefully it is too much trouble to crack. I don't need "impossible", just need "harder than average" to discourage most. Running Linux and no Windows also helps.
You know the office storage basement? ....Well, there's a computer already setup there, and it would be a shame if we had to occupy that computer, because of course, it's running Windows ME and it doesn't even have solitaire or access to HSI. In fact, it's connected to a phone jack. You don't HAVE to use your computer, BUT I'm sure you can see where I'm getting at here Milton.
You're right that there is no way to guarantee security without extreme measures (see, the DOD) Instead, it's about support volume (and the related costs). If you get one or two incidents a year involving a broken computer (with security implications) with a "closed" system that takes reasonable security measures, it's a lot more cost effective than fighting 1 or 2 incidents a *day* as users find more effective ways to break their own computers. Also, the threat profile (i.e. the likelihood that the breakin resulted in a measurable loss for the company because the attacker was able to make off with valuable material) is a lot smaller.
Sure, attempting 100% security is going to cost 100% of your resources and still not going to be 100% effective. However, once the "cost" slider leaves 100%, how far down do you want it to take the "Effective" slider?
Pretty much all the companies mentioned are using virtual desktops. That is, the physical device is essentially a glorified terminal for the purposes of work. The connection to the "real" corporate machine is an encrypted session to a central server.
So they don't care about viruses because there is nothing directly on the unencrypted network. They don't care about support because anyone with nonstandard hardware is responsible for their own support, and the corporate support only handles the contents of the virtual machine.
So they don't care what you're running in terms of a physical device as long as you can connect to the central server to do the "real work".
Your company needs to seriously rebalance its internal strucutres if the productivity of a >$50k salaray employee is being impacted by the failure to make a yearly $2k investment in hardware. The simple numbers say a 5% increase in employee productivity justifies the expense.
If the problem is staff funding vs IT funding the managers need to escalate it. Save on the staff funding by doing the IT funding. If the company can't do the math and do the rebalancing then it is a bad corporate structure.
Until director-level folks, CEO, CFO, other executives, and board members start demanding to use their iPads for things like e-mail and calendars.
About the only defense IT has is to say, "Fine, to do that we have to do a forklift upgrade of our mail/calendar infrastructure -- $xxx,xxx."
But when the CEO and CFO say, "do it," you do it.
Oh, and don't start on those weirdo creative types in marketing and documentation that bring in their own Macs anyway...
Some businesses, rather than going neurotic about access controls are instead asking, how do we enable employees to use the best tools for their jobs? Yeah, some can get away with XP on a Pentium box. Others want Linux and command lines. Others go for Macs. An iPad can be nearly deal for an exec that lives by e-mail and calendar and doesn't do a lot of content creation.
Figure out how to give people access to the tools that work -- for them
IT shouldn't 'provide support'. If you want a secure network, IT needs TOTAL CONTROL of the machines. They need to be 100% locked down so that ANY software on the thing was specifically put there by IT.
My point was that if this is the employee's computer, the employee would rightfully assume he or she can install whatever the hell he or she wants on it and inevitably you'll get the viruses/trojans and keyloggers that steal passwords. Along with that you'll get people copying what is supposed to be private information to their own desktop because "it's faster" than going through the VPN. Their unencrypted desktop. With the viruses/trojans/keyloggers. It's just a horrible, horrible idea.
In the land of the blind, the one-eyed man is kinky.
My home computer runs Linux, and many of us run Linux or OSX, particularly in technology companies. Our computers aren't malware and virus infected. Using them is not going to hurt "your network". The fact that you call it "your network" alone should give us pause.
Corporate asset managers like you are the very reason why large companies are painful to be an innovative developer at. You are the reason why startups with 10 developers often have an advantage over gigantic companies with thousands of developers. You think that your safety blanket of Windows XP with a mountain of scanner software churning cycles, a ten year old IE 6 browser, and policies that neuter the OS significantly to disallow the computer to be used by anyone for anything, is the ONLY WAY. Running an alternative desktop that starts out secure is unacceptable because you read a CIO Mag article 5 years ago that told you the TCO is higher.
Sorry to go on a tirade, but it's just very frustrating.
...not because it's just a bad idea to provide cutting edge equipment to do the job. It's a bad idea because of one thing...legal liability.
Right now, companies all over the world, are battling governments, civil rights unions, employee unions, activist organizations and so one over the idea of personal privacy. Personal privacy doesn't really exist but we like to make up the illusion that it does by saying something is mine and you can't have it or tell me what to do with it. It's mine, mine, mine, all mine, keep your grubby hands off it you evil, faceless corporation!
That's all well and good until it comes time to clean up a mess like a data spill or a hostile attack on a system. See, corporations have a much easier time enforcing computing policies when they provide the equipment, network and other computing equipment for their employees. When they own the equipment, there is no longer a question of "civil rights" because of the idea of private property. Just like you, at home, reserve the right to limit public access to your home and all the things you have in and around it in any way you see fit, so do the corporations. Democracy stops at the front door in the interests of the more bureaucratic but often more efficient hierarchy of a private, tiered dictatorship.
When the company owns the equipment, if they allow you any level of personal use or personal privacy beyond the minimal amounts that most labor laws require, it's by courtesy only. They can tell you what you can and can't do with their private equipment. That extends to whatever security, anti-virus, anti-malware and proxy level they choose to instantiate in their systems to protect company assets and property. Sure you can lobby against it and whine like a petulant child but in reality, you don't have much of a foot to stand on.
If you allow workers to use their own machines, you open a gigantic security hole as well a massive logistical problem in maintaining and securing your networks and shared resources. How do you ensure that users are keeping their systems up to date with patches and updates? How do you ensure they are using a compatible version of an OS? How do you even ensure they are using a LEGAL copy and not a pirated version rife with back doors and other little nasties? What do you do about limiting network access? You could use a VPN system with something like RSA's SecureID system but then you are talking massive amounts of system overhead with poor network performance.
There is a host of problems associated with the idea that I could list for hours. Those are all technical. They do not even address the human factor. Even as it is now, when one employee gets a system upgrade while another languishes away in obsolete-system-land, it starts petulant in-fighting and envious behavior until the other employees are satiated. That only lasts until the next round of upgrades. What happens when Joe is still stuck with, say, a Dell C600 'cause that's all he can afford after paying Little Joey's college tuition and Ned comes in with a brand new MacBook Air? The jealousy will still be there. It will probably foster dissent about Ned's level of compensation vs. his perceived contribution as well. That bring a whole new mess of problems for HR. You're no longer managing people as much as you are babysitting them.
Maybe there is a bottom line benefit to the idea. However, people have an amazing affect on a bottom line in ways that most management seems to have an inability to comprehend. I'll leave it all at that because I could easily go on for pages about this. Especially since I'm one of those system security weenies that would have to deal with the aftermath of implementing such an idea. The words nuclear holocaust come to mind to describe what the networks would look like afterwords.
But can you block people from installing whatever they want if it's THEIR computer? SHOULD you be able to? This is my point, I don't think you have any control of these things if it's not your computer. If your employee paid for it, your employee can do whatever he or she wants with it. If you're somehow forbidding them from installing outside apps, that means they've given you control. Which I don't think would happen with their personal property.
In the land of the blind, the one-eyed man is kinky.
If I can afford better gear than my employer I need to get a better employer.
And fucking prima dona's like yourself are the nightmare of a well run network. (waaah, I can't get samba to authenticate against AD) Get over it. Life does not revolve around you just because you're `special` and run linux. The computer is just a tool. Your personal preference for the fancy or non-standard tool doesn't make sense if the standard industrial one does the job just fine.
In a corporate environment there are large issues to worry about than just you. Corporate security is important simply because one good screw up can cost the company more profits than you'll ever be able to generate. Small startups usually are the target of corporate espionage or have as many disgruntled employees to worry about.
More specifically, Virus doesn't make a lot of sense to pluralize as Latin since it's not a noun representing a single discreet thing.
Surely you mean "discrete."
http://www.redhat.com/virtualization/rhev/desktop/spice/
http://www.spicespace.org/
it's pretty aggressive. just found out about it a couple months ago. QEMU based. they're doing some cool stuff with virtual devices; qxl is their accelerated graphics driver for Linux & Windows, and is probably gonna end up taking over for NX client now that they're closed source. and yes, i am aware there is a difference between a remote desktop and vm.
interested to see how RHEL manufacture disk images for the individual clients; needing a dedicated disk image for each OS is pretty bogus, but fairly common practice.
Comment removed based on user account deletion
I haven't tried American 'jelly' but I presume it's some form of jam or marmalade
In American, jelly, jam, and marmalade all refer to different fruit-based things that are spread on toast. Jelly is completely smooth, jam contains seeds, marmalade contains peel.
I am TheRaven on Soylent News
Being a network admin, I can see both sides of this argument. I've had the secretary who absolutely had to have a Mac because she didn't like Windows. Getting her a Mac increased my workload because I couldn't easily manage it as part of the general network. It also created more work for everyone else who had to deal with incompatible file formats. Lots of minor network changes required walking over to her computer to make sure it still worked (like change the GPO for proxy setting). The best option here in the big picture was to teach her that MS Office on an XP box was just as simple to use, but she was related to a high-level manager so she got her way. Having a homogeneous, centrally managed network is far easier and cheaper from an IT perspective.
I've also had the tech-saavy engineer who like the bsd/linux flavor of the week and wasted way too much of his time with Gentoo when his technical requirements were met just fine with the RHEL we used everywhere else. I guess the primadonna title would fit that guy. He's also the asshole that setup an unauthorized dialup modem so he could get into the network from home. Forcing him to stay with RHEL would have made him more productive and made my life easier.
A non-homogeneous environment simply costs more to maintain. Your IT guys need more experience and they get sidetracked on problems affecting only the outliers. When it's just a few oddball workstations you generally don't develop the tools to centrally manage them and have to manage them individually.
I should also point out that I run a mixed network of mostly Windows and RHEL with a smattering of small embedded linux, bsd,etc. I freely admin that I spend more of my time taking care of Windows issues than Linux issues. A wholesale move to Linux would reduce our productivity enough, even if it's just a little while, so don't even suggest that.
A bit of advice though. Don't make enemies of the IT guys. Keep them good terms with them. Treating them worse than the janitor is a surefire way to get treated like an asshole. If the IT guys know what you're doing and like you, they generally will try not to break things for you. Samba is a good example. Last year when we needed to enforce NTLMv2 only on the Windows domain, I made sure the Linux admins knew because it would break samba unless they had updated. The asshole who told me to fuck off when I asked why he needed a Gentoo box to author webpages got zero help when he couldn't figure out how to update samba.
"I refuse to work for a company that has lower-grade technology than I have in my mother's basement."
FTFY
LK
"Hi. This is my friend, Jack Shit, and you don't know him." - Lord Kano
Do you know why IT folks hate personal devices? It is because it isn't IT's. We cannot make rules over what you can or cannot do with your equipment. We can't tell you not to download spyware. We can't tell you not to let your teenage daughter install cute cursor packs. We can't make you buy decent (or any!) anti-virus or security software or force you to stay up-to-date with patches.
And what plusses are brought by personal equipment? Well, we are now on the hook to support your own weird applications, like some graphics package that was downloaded off a Russian server and is entirely in Korean(*). We are now on the hook for keeping your eight-year old second hand clone (built by your son's super intelligent friend) running(*). We have to get the company VPN solution working with your weird combination of hardware and software(*). We are now encouraged to install "field evaluation copies" of corporate software(*) so you can do your job when your not-entirely-compatible open source package(*) causes hilarity.
And, when you ignore all this and corporate security is compromised and thousands of pieces of private data are "accidentally circulated more widely than initially intended", it is OUR ass on the line.(**) Frankly, if I'm the one getting canned when it doesn't work, it's MY F***ING network.
You bringing your equipment in may save you time, but it doesn't save the company any money.
(*) = actually happened to me.
(**) == happened to someone I know.
you should read everything on the internet as if it had "but I'm probably talking out of my ass" appended to it.
Well I think Jelly is made of fruit juice but no actual fruit bits. If you put fruit bits in it (mashed up and whatnot), then it's jam. Marmalade is specifically jam of a citrus fruit, which generally includes the peel but I'm not sure it has to.
Do you know why IT folks hate personal devices? It is because it isn't IT's. We cannot make rules over what you can or cannot do with your equipment. We can't tell you not to download spyware. We can't tell you not to let your teenage daughter install cute cursor packs. We can't make you buy decent (or any!) anti-virus or security software or force you to stay up-to-date with patches.
I agree that this is the problem. In short, we end up responsible for fixing it all no matter what.
You can say, "No, no! The employee will take responsibility for his own system!" But what happens when it's infected by a virus or somehow hacked because of improper precautions? Who's going to be responsible for fixing the problem? If the user can't save files anymore because every byte of their system is taken up with MP3s, who's going to have to clear off the hard drive? If a user getting paid $200/hour is not able to work for want of a $300 desktop computer, whose job will it be to resolve the issue?
Do you want the user to fix these problems? Good luck.
Or do you want me to fix all these problems? Then either let me control the situation, or else give me a huge staff to deal with the chaos that will ensue. The huge staff will cost you more than the money you'll save from not buying computers.
Another time, years ago, I was stuck with a 486sx PC. I had a Sun Sparcstation at home. I brought in the Sparcstation and was much, much, much more productive for two weeks, until the beancounters spied it and asked WTF? I copped to it being my personal machine, whereupon they directed me to take it home at the end of the day because it ran afoul of their insurance requirements that all in-house equipment be owned by the company. It was only months later that I realized they leased a crapload of machines from GE Leasing, and that I could have suggested, "Why don't you lease it from me for $1/month?", as a way around that if the problem REALLY was the insurance issue they described.
Still another time, I worked for a large tech company. Whilst they were a bit skittish about people's personal laptops being connected to the domain, as long as you went through the setup process to put all of their security software on your machine (and were willing to accept someone else's closed-source security software whose full functionality you could not predict), they tended to tolerate it. Eventually, they got more generous in handing out laptops.
At the same company, they have a policy of allowing personal phones to connect to the Exchange server for email and calendaring purposes. Not everyone gets a company cell phone, but since it's a company full of geeks, most employees have one of their own. Being able to catch up on your email in the morning whilst on the bus to work, and being reminded while you're out at lunch that a super-important meeting is beginning in 15 minutes and you better get yourself back to the office, are valuable things that contribute to productivity. Sure, the company may lose a bit in security by "opening up" their email server to personal devices, but multiple large and small companies I know have concluded that the tradeoff is worth it. Funny thing was, they didn't like iphone, and I THINK they might even have had an official policy against allowing iphones on their network, but since at least 20% of the technical staff at the company (a couple years ago) seemed to use iphones, I'm not sure it was enforced.
At my present employer, only high level managers and up have access to smartphone based email. Some other employees have company phones, but they're not net-access-capable. However, many employees seem to have Apple, HTC, Sony, etc. devices with smartphone functionality -- and many of them could benefit from being able to send "oops, I'll be a bit late, stuck in traffic" to the office, or check their email while out in the field, etc. So I'm currently playing change agent and talking up the benefits of allowing them access to company email from those devices.
Ah yes, the prima donna developer. I knew you'd be along eventually. You're so much more enlightened than those plebes doing the IT grunt work. You're a beautiful snowflake and everybody else is just getting in your way of creating... wait a sec... which idiot developer that said they NEEDED access to the production environment just dropped the customer table?
cause if the guy you are paying 100k a year to to deal with legal issues spends 8 hours on hold with technical support...
sure, IT costs are down, but you didn't get any work out of the guy that day.
every day http://en.wikipedia.org/wiki/Special:Random