Jeff Smith has a vision.
Of course, that’s his job: as CIO with financial services giant Suncorp, having and executing visions is crucial to his everyday activities. But in this case, his vision represents a potentially significant disruptor for IT managers: Smith wants to shift Suncorp from its traditional, top-down, dogmatic approach to desktop computing.
Instead, he wants to provide an IT infrastructure that’s flexible enough to accommodate any type of computer that employees prefer to work on – and allow them to bring their own desktops, laptops, and smartphones from home and just get on with the business of working.
The strategy came out of the desire “to create an environment that’s as easy to use and as productive as the ones employees have at home,” Smith recently explained while outlining his company’s significant successes embracing an ‘Agile’ project approach (‘Agile’ development favours short, sharp bursts of innovation as opposed to long, monolithic project cycles).
“I had guys asking me questions” and complaining about the performance of the company’s desktop SOE, Smith explains of the company’s changing strategy.
“My strategy was to distract them from asking me detailed questions I didn't have answers to. But I said to our technical guys that we shouldn’t care; people should be able to bring any PC they have into work, and run any OS and any set of tools. Someone should be able to go to Harvey Norman, bring [a new laptop] in, load it up, authenticate themselves, and away they go.”
That’s heresy to some IT managers, who have spent the past decade trying to weed out desktop and operating system diversity in the name of minimising ongoing configuration and management costs. Yet as users get smarter about computers and buy ever-better systems and smartphones for themselves, such ambitions are quietly fuelling a revolutionary idea in desktop management: just give the users what they want.
Initially driven by complaints from users keen to use their own Mac laptops as work computers, so-called bring-your-own computing (BYOC) strategies have slowly crept onto the radars of IT managers that have found comfort – and governance kudos – by enforcing use of standard operating environments (SOEs) on a limited selection of approved corporate devices.
However, the popularity of iPhones (which currently account for 80 per cent of Suncorp mobiles) and other smartphones – as well as the iPad and a new breed of tablet computers – has finally pushed Smith and other IT strategists to adopt a less dogmatic approach that recognises users struggle the hassle of switching between separate work and home computing environments.
A 2009 Gartner survey found that BYOC models were gaining mindshare amongst US, Germany and UK-based IT managers, with around 10 per cent to 12 per cent of users already using their own technology. US companies expected 60 per cent growth in the number of employee-owned PCs through the end of this year, and UK firms anticipated a 15 per cent increase.
Companies pursuing BYOC models often do so because they see value in shifting device costs to users, making themselves more attractive to younger and more technologically demanding employees, and improving overall perceptions of the corporate computing environment. Yet benefits have also come from places that even surprised Citrix Systems, which last year pioneered a BYOC model with its 150 local employees.
Citrix is in a unique position because it sells virtualisation technology that can project a user’s desktop onto nearly any computing device from desktops down to smartphones – yet the project was far more than a case of a vendor eating its own dog food.
“For us, it was all around providing employees with a way of differentiating themselves,” says Stuart Driver, Pacific regional director of IT, noting that initial expectations of a 5 per cent takeup have been far exceeded by an adoption rate that recently reached 15 per cent.
“We in IT have nothing to do with those systems, and where we were aiming at a 15 per cent reduction in the three-year cost of running a laptop, we’ve seen more than that – and had other intangible benefits we hadn’t counted on.”
Foremost amongst those surprising intangibles include a lower rate of lost and stolen laptops: employees take better care of their computers, it seems, when they are personally owned and managed. Citrix keeps generic spares in a closet for the inevitable failures, but breakdowns are managed through the three-year warranties that employees are required to have as part of the BYOC program.
Taking the risk has paid bottom-line benefits, says Driver: “Getting out of the game of managing end-user devices lets you look at innovating in the business,” he explains. “As long as there’s savings, that can be put into other things that are strategic for the organisation.”
Weighing the risks
Yet BYOC programs aren’t all fun and games: as many IT managers know, proliferation of devices can cause serious problems including the compromising of security requirements, problems maintaining SOE integrity, and massive support burdens as techs struggle to work around the idiosyncrasies of individual computing platforms.
This last point was a very real issue for logistics specialist Dematic, where users expected that IT staff help them configure a growing range of smartphones.
“It’s very difficult from an operational perspective to manage them,” says IT operations manager James McNaughton.
“A year ago I would have one of my guys on the phone for two hours trying to configure a phone, which is a massive waste of resources – and for what value? However, we’ve overcome a lot of those issues, and configuring the phones has become a lot easier” both because of increasing staff skills and better smartphone technologies.
Dematic recently introduced a BYOC model, but found it to be largely a non-event.
I said to our technical guys that we shouldn’t care; people should be able to bring any PC they have into work, and run any OS and any set of tools.
“We have one [Mac] user in particular that loves it, but nobody else has invested too much time or effort into it,” McNaughton explains. “The motivation for many individuals would be that they’re not satisfied with the performance of company machines – but we offer fairly good equipment. BYOC really isn’t about getting more work out of your people or anything like that; it’s just about keeping your employees happy and letting them use what they want to use.”
Yet even happy employees can create unexpected risks for organisations that deploy BYOC models without carefully considering their implications. It may be hard enough for IT staff to restore a desktop image that has been haphazardly reconfigured by an employee’s eight-year-old son during weekend playtime, but there are very serious consequences if improper use and security protections lead to the installation of malware, keyboard loggers, or other security risks.
The potential for these sorts of breaches means companies implementing BYOC need to be particularly careful about setting – and enforcing – explicit requirements around security, authentication, protection of company intellectual property and customer data, updating applications and operating systems, and so on. A safe bet, Gartner advises, is to assume the machine is hostile until proven otherwise.
Meeting this burden of proof will require different levels of assurance depending on the individual company circumstances. Citrix Systems, for example, requires employees to have antivirus protection installed on any systems they bring into the company, while Dematic mandates minimum specifications for employee-owned systems.
These standards not only ensured a certain level of functionality, but made it easier to extend desktop management policies to the new devices. “The method of imaging the machine was the most difficult hurdle we had to get over,” McNaughton explains.
Imaging, after all, requires replacing data and can potentially see users’ own data compromised if not handled correctly. There are also issues around licensing arrangements, limiting the scope of IT support teams’ responsibilities, and more (see sidebar). For this reason, Gartner recommends that companies focus on ensuring availability of critical applications and prevention of unwanted data leakage as the primary issues when assessing BYOC models.
Despite the potential security concerns, there is a strong belief they can be overcome; this is evident in the support for BYOC by no less than Department of Defence CIO Greg Farr, who recently told a business luncheon audience of his desire to bring the model to fruition. BYOC is seen as an alternative to an environment where staff struggle with network crashes and outdated computers – often, multiple systems for accessing information of different security levels – and instead use an “anywhere, any time, any mobile” approach. “If we can do that securely, that has to be an aspiration for us,” Farr said.