Slashdot Mirror
Should Employees Buy Their Own Computers?
Local ID10T writes
"Data security vs. productivity. We have all heard the arguments. Most of us use some of our personal equipment for work, but is it a good idea? 'You are at work. Your computer is five years old, runs Windows XP. Your company phone has a tiny screen and doesn't know what the internet is. Idling at home is a snazzy, super-fast laptop, and your own smartphone is barred from accessing work e-mail. There's a reason for that: IT provisioning is an expensive business. Companies can struggle to keep up with the constant rate of technological change. The devices employees have at home and in their pockets are often far more powerful than those provided for them. So what if you let your staff use their own equipment?' Companies such as Microsoft, Intel, Kraft, Citrix, and global law firm SNR Denton seem to think it's a decent idea."
Wouldn't work. The company would always care about its own security.
Having email on your phone, or your computer, gives the company authorization to scan the whole thing including your personal data. That was already ruled in court.
I'd sooner keep my work and life separate, and that includes my gadgets.
"I disapprove of what you say, but I will defend to the death your right to say it." - historian Evelyn Beatrice Hall
Do it and you will be happier. So what if your own stuff is more powerful, it is yours and used for your things. Stop acting like a slave and use your own time and devices for yourself.
"I use a Mac because I'm just better than you are."
That's just what I want, to support 30 or 40 different models, brands, or hell even architectures.
To say nothing of when their own personal laptop that they used to surf horse porn last night brings some nasty viruses to work to test the corporate network.
And finally, what happens when I tell them "Sorry, you're going to need to downgrade your os/office suite/creativity suite/whatever to be compatable with the tools we've already paid thousands of dollars for and aren't going to get a new license just for your special snowflake hardware there".
No thanks. I'm happy with standardized hardware. if you keep facebook and yahoo messenger off it (thank god for corporate virus protection that can prevent unauthorized installers/msi files), it'll run nice and quick.
Seriously, a 5 year old pendium D with 2gb of ram running XP will tear the fuck out of office 2003 or 2007. This is work. Do work.
2: Require them to do so.
3: Don't pay them to do so.
4: Profit!
"Who is the Journal of Quantum Physics going to believe?" --Stephen Hawking
Several of the examples in the article are not talking about owning your own computer, but using your own computer to access a remote desktop on a VM in a server farm somewhere. I fail to see how this makes the computer "your own" or allows you to customize it to your requirements. Quite the opposite, because VDI images are usually the same snapshot of the same VM with your user profile mounted over a network.
Sounds like business promoting an externality to me - they want all the advantages of a locked down computer in a physically secure location, realized they'll have to shell out for the server farm, the network infrastructure AND a bunch of VDI terminals - and then realized they could get silly mugs to pay for their own terminal on the premise they are "owning their own".
This is a world apart from companies that actually allow users to be in charge of their own computer - and that typically is only practical, and only occurs, where there is a high level of tech savvy. Like Google, who will buy you the computer you ask for and let you install what the hell you like on it.
Kraft? I'd be gobsmacked if they fell into the latter group.
Good idea: letting your employees bring in their own computers
Bad idea: making your employees bring in their own computers
And I'm not even saying that it would become official company policy. Once a manager sees the savings, the upgrade cycle becomes even more drawn out and employees have to bring in their own stuff by default, just to get anything done.
But if I could charge my company a rental fee for bringing in my own computer ... that might change things a bit. :)
That's a bit on the ridiculous side, especially for large enterprise. An employer needs to secure their network, and that includes all devices connected to the network. ALL OF THEM. If people own the computers then they can rightfully put whatever programs they want on them and then security goes out the window. You may THINK that if you citrix/whatever in there, but employees will eventually use their personal desktop space for critical and sensitive information instead of leaving it on the "secure" network, and you'd have no way to check or enforce this.
In the land of the blind, the one-eyed man is kinky.
Aren't people who use all of their own equipment to do a job called consultants? I'll happily use my equipment but you will pay for the privilege.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
My machines belong to me. The stuff on them is mine, not the company's. And I don't want any confusion about that. I have VPN access from home to the corporate LAN. We also have a Windows "work at home" server which is accessible via MS's mstsc. I use that, not the VPN/LAN. I use Linux at home and rdesktop to access that server. Once on that server, I use mstsc to access my work desktop. Why? it makes my home machine safer. My home machine is more of a "dumb terminal" which cannot be infected by or infect anything at work. Or at least it is significantly less likely. I'm not aware of any virus which can spread over an mstsc link. Which means little, given my ignorance. My home system is behind a firewall/router, so hopefully it is too much trouble to crack. I don't need "impossible", just need "harder than average" to discourage most. Running Linux and no Windows also helps.
You're right that there is no way to guarantee security without extreme measures (see, the DOD) Instead, it's about support volume (and the related costs). If you get one or two incidents a year involving a broken computer (with security implications) with a "closed" system that takes reasonable security measures, it's a lot more cost effective than fighting 1 or 2 incidents a *day* as users find more effective ways to break their own computers. Also, the threat profile (i.e. the likelihood that the breakin resulted in a measurable loss for the company because the attacker was able to make off with valuable material) is a lot smaller.
Sure, attempting 100% security is going to cost 100% of your resources and still not going to be 100% effective. However, once the "cost" slider leaves 100%, how far down do you want it to take the "Effective" slider?
Pretty much all the companies mentioned are using virtual desktops. That is, the physical device is essentially a glorified terminal for the purposes of work. The connection to the "real" corporate machine is an encrypted session to a central server.
So they don't care about viruses because there is nothing directly on the unencrypted network. They don't care about support because anyone with nonstandard hardware is responsible for their own support, and the corporate support only handles the contents of the virtual machine.
So they don't care what you're running in terms of a physical device as long as you can connect to the central server to do the "real work".
Your company needs to seriously rebalance its internal strucutres if the productivity of a >$50k salaray employee is being impacted by the failure to make a yearly $2k investment in hardware. The simple numbers say a 5% increase in employee productivity justifies the expense.
If the problem is staff funding vs IT funding the managers need to escalate it. Save on the staff funding by doing the IT funding. If the company can't do the math and do the rebalancing then it is a bad corporate structure.
Until director-level folks, CEO, CFO, other executives, and board members start demanding to use their iPads for things like e-mail and calendars.
About the only defense IT has is to say, "Fine, to do that we have to do a forklift upgrade of our mail/calendar infrastructure -- $xxx,xxx."
But when the CEO and CFO say, "do it," you do it.
Oh, and don't start on those weirdo creative types in marketing and documentation that bring in their own Macs anyway...
Some businesses, rather than going neurotic about access controls are instead asking, how do we enable employees to use the best tools for their jobs? Yeah, some can get away with XP on a Pentium box. Others want Linux and command lines. Others go for Macs. An iPad can be nearly deal for an exec that lives by e-mail and calendar and doesn't do a lot of content creation.
Figure out how to give people access to the tools that work -- for them
My home computer runs Linux, and many of us run Linux or OSX, particularly in technology companies. Our computers aren't malware and virus infected. Using them is not going to hurt "your network". The fact that you call it "your network" alone should give us pause.
Corporate asset managers like you are the very reason why large companies are painful to be an innovative developer at. You are the reason why startups with 10 developers often have an advantage over gigantic companies with thousands of developers. You think that your safety blanket of Windows XP with a mountain of scanner software churning cycles, a ten year old IE 6 browser, and policies that neuter the OS significantly to disallow the computer to be used by anyone for anything, is the ONLY WAY. Running an alternative desktop that starts out secure is unacceptable because you read a CIO Mag article 5 years ago that told you the TCO is higher.
Sorry to go on a tirade, but it's just very frustrating.
...not because it's just a bad idea to provide cutting edge equipment to do the job. It's a bad idea because of one thing...legal liability.
Right now, companies all over the world, are battling governments, civil rights unions, employee unions, activist organizations and so one over the idea of personal privacy. Personal privacy doesn't really exist but we like to make up the illusion that it does by saying something is mine and you can't have it or tell me what to do with it. It's mine, mine, mine, all mine, keep your grubby hands off it you evil, faceless corporation!
That's all well and good until it comes time to clean up a mess like a data spill or a hostile attack on a system. See, corporations have a much easier time enforcing computing policies when they provide the equipment, network and other computing equipment for their employees. When they own the equipment, there is no longer a question of "civil rights" because of the idea of private property. Just like you, at home, reserve the right to limit public access to your home and all the things you have in and around it in any way you see fit, so do the corporations. Democracy stops at the front door in the interests of the more bureaucratic but often more efficient hierarchy of a private, tiered dictatorship.
When the company owns the equipment, if they allow you any level of personal use or personal privacy beyond the minimal amounts that most labor laws require, it's by courtesy only. They can tell you what you can and can't do with their private equipment. That extends to whatever security, anti-virus, anti-malware and proxy level they choose to instantiate in their systems to protect company assets and property. Sure you can lobby against it and whine like a petulant child but in reality, you don't have much of a foot to stand on.
If you allow workers to use their own machines, you open a gigantic security hole as well a massive logistical problem in maintaining and securing your networks and shared resources. How do you ensure that users are keeping their systems up to date with patches and updates? How do you ensure they are using a compatible version of an OS? How do you even ensure they are using a LEGAL copy and not a pirated version rife with back doors and other little nasties? What do you do about limiting network access? You could use a VPN system with something like RSA's SecureID system but then you are talking massive amounts of system overhead with poor network performance.
There is a host of problems associated with the idea that I could list for hours. Those are all technical. They do not even address the human factor. Even as it is now, when one employee gets a system upgrade while another languishes away in obsolete-system-land, it starts petulant in-fighting and envious behavior until the other employees are satiated. That only lasts until the next round of upgrades. What happens when Joe is still stuck with, say, a Dell C600 'cause that's all he can afford after paying Little Joey's college tuition and Ned comes in with a brand new MacBook Air? The jealousy will still be there. It will probably foster dissent about Ned's level of compensation vs. his perceived contribution as well. That bring a whole new mess of problems for HR. You're no longer managing people as much as you are babysitting them.
Maybe there is a bottom line benefit to the idea. However, people have an amazing affect on a bottom line in ways that most management seems to have an inability to comprehend. I'll leave it all at that because I could easily go on for pages about this. Especially since I'm one of those system security weenies that would have to deal with the aftermath of implementing such an idea. The words nuclear holocaust come to mind to describe what the networks would look like afterwords.
If I can afford better gear than my employer I need to get a better employer.
I haven't tried American 'jelly' but I presume it's some form of jam or marmalade
In American, jelly, jam, and marmalade all refer to different fruit-based things that are spread on toast. Jelly is completely smooth, jam contains seeds, marmalade contains peel.
I am TheRaven on Soylent News
Do you know why IT folks hate personal devices? It is because it isn't IT's. We cannot make rules over what you can or cannot do with your equipment. We can't tell you not to download spyware. We can't tell you not to let your teenage daughter install cute cursor packs. We can't make you buy decent (or any!) anti-virus or security software or force you to stay up-to-date with patches.
And what plusses are brought by personal equipment? Well, we are now on the hook to support your own weird applications, like some graphics package that was downloaded off a Russian server and is entirely in Korean(*). We are now on the hook for keeping your eight-year old second hand clone (built by your son's super intelligent friend) running(*). We have to get the company VPN solution working with your weird combination of hardware and software(*). We are now encouraged to install "field evaluation copies" of corporate software(*) so you can do your job when your not-entirely-compatible open source package(*) causes hilarity.
And, when you ignore all this and corporate security is compromised and thousands of pieces of private data are "accidentally circulated more widely than initially intended", it is OUR ass on the line.(**) Frankly, if I'm the one getting canned when it doesn't work, it's MY F***ING network.
You bringing your equipment in may save you time, but it doesn't save the company any money.
(*) = actually happened to me.
(**) == happened to someone I know.
you should read everything on the internet as if it had "but I'm probably talking out of my ass" appended to it.
Well I think Jelly is made of fruit juice but no actual fruit bits. If you put fruit bits in it (mashed up and whatnot), then it's jam. Marmalade is specifically jam of a citrus fruit, which generally includes the peel but I'm not sure it has to.