Why Users Should Manage Their Own PCs
DIY IT in the 21st century Few companies have taken the radical step of letting users buy and manage their own PCs. But that may be changing. As noted, Google is already practicing it on a company-wide basis, and BP is piloting the idea.
At Google, workers can choose from about a dozen PCs available in its internal tool dubbed, appropriately enough, Stuff, which includes options running Windows, Mac OS, and Linux.
While 90 percent of hardware acquisitions are conducted through the tool, workers are not necessarily limited to the systems that Stuff presents. "We also have a mechanism for choosing some pretty strange" hardware and software configurations, Merrill said.
Although Google probably pays more per machine than if it went with, and leaned heavily on, a single supplier, Merrill noted that "there's no business downside, and there's the productivity upside ... we're clearly getting a higher productivity out of employees." Merrill also is "able to run a leaner IT shop."
In BP's case, one of its consultants projected that Digital Allowance, the name of the pilot program under which employees choose their own tools and rely on an external help desk service for provisioning support, could save the company up to $200 million a year in IT support costs, a spokesman said. Still, the Digital Allowance pilot program is skewed to a tech-savvy employee subset. These teams are "at the geekier end" of BP's 100,000-strong workforce, he added.
Analyst firm Gartner predicted in a recent report that "by 2010, end-user preferences will decide as much as half of all software, hardware and services acquisitions made by IT." The research firm cited "the ubiquity of the browser interface" as having made computing approachable enough so that "individuals are now making decisions about technology for personal and business use."
Point of fact: Users are already more involved than ever before. "I'm seeing it become more about the freedom to choose what device you want -- which laptop, maybe a Mac, what kind of handheld," said Allan Carey, an analyst at the Institute for Applied Network Security, a research firm. "It's part of the consumerization of IT," he added, and requires IT to focus on standards and policies that user choices must meet, rather than worrying about what model of PC is used.
What IT must still manage Even when companies are willing to let employees manage their PCs, IT still has plenty to manage, including security and data.
"I would expect most companies to implement basic security protocols for employee PCs, including virus scanning, spam filters, and phishing filters," Maine's Angell said. "They might provide software tools or simply implement a system check to make sure that such items are running whenever the employee's laptop is connected to the company environment."
Furthermore, Angell said, "We need to recognize that the company's data belongs to the company. Thus, there are certain data systems that will either need to be controlled as Web applications or that get served up via a platform such as Citrix. Access to both can be controlled by the enterprise without having to touch the worker's PC." In this age of Web apps, that's easy to do, he added.
This Web-based application approach to data management and security is Google's model, Merrill noted. Its employees run Google Apps, no matter what PC they have, and that means that all company data is stored on Google's servers. He also argued that this approach protects Google from the single largest security threat: stolen laptops.
"End-point security never really, honestly works. The number of incidents keeps increasing. If it worked, that wouldn't happen," Merrill said. "So I don't happen to find that argument compelling." Still, Google has a lot of monitors in its infrastructure to notice weird occurrences, both related to security and compliance. It has no choice, Merrill said: The company is subject to heavy regulations including HIPAA, on account of doctors that work on its campus. "Security and regulatory controls run in the background," Merrill said, explaining that they are "hidden from the user in a good way."
Another technology that helps support the user-managed PC model is desktop virtualization, which lets IT provision a standard OS and application configuration while allowing users to run their own apps in a separate layer, preventing infection and corruption. "In this model, users would have access to nonregulation software, personal e-mail, etc., outside of the virtual environment," Resnick said, which is "a reasonable compromise between security requirements, innovation, and employee convenience."