The Apple Mac is an appropriate candidate for the ‘I want one of those because he’s got one’ poster child. However, the creep of consumerism and its impact on the range of computing devices which find themselves inside organisations goes beyond mere executive envy. The consumerisation phenomenon is a little tricky to pin down, …
choices aren't that simple
The choice to support/not support 'consumery' devices and services isn't that simple. Some of the issues IT departments face which might drive them to ban such things are:
* management attitude (They don't need that. They are here to work, not fool around on the internet.)
* Repair issues. (If you're using a work laptop and it breaks, we just hand you another and send yours off under our less-than-a-week warranty agreement. But if you're using your device and it breaks...it is up to you. Or is it?)
* Security issues. I can't tell you how often we've had an exec come back from vacation with a virus on his work laptop, because he was connected to hotel wifi, but never connected to our system to get his AV pattern updates. I can only imagine what that would be like with people's home laptops not loaded with our AV.
* Liability issues. (You installed that corporate software on my personal laptop, and now my itunes doesn't work. - Even if they have nothing to do with each other, the user will blame the IT department for 'breaking' their machine.
About the only way using home kit makes sense is if you let them use their own air card and come in over your VPN or Nfuse. Then you are not installing anything on their machine, and they are not running their stuff on your network.
Those who blame their legacy are prone to become paret of someone else's legacy
In the short term it may become a moot point.
The old approaches to locking down client machines on the network either don't allow for - or don't need to allow for - the fact that many users now carry telephones which offer a superior Web browsing experience to that of the machines you've locked down. People don't want computers, they want what computers can do - and these days you can do so many of the things, a computer can do, without having to use a computer.
If your aim, in locking down the company network, is to secure it, then the fact that your users carry a superior network in their pocket or bag, is irrelevant (if your aim is to lock-down user behaviour, of course, you may have more of a problem).
In the longer term, I think the simple approach of partying like it's still 1999 will mean that you end up waiting for someone faster and more agile to eat your business (they may even promise not to be evil, while they do it). But if your users can already get done, the things they want to get done, with far less computer, than your company bought for them, then perhaps you bought them too much computer, to get done, the things you want them to do?
In the 1970s, everyone worked in an office with an IN tray, an OUT tray, and an ash tray: some may miss the ash trays, but I don't think there are many who pine for a return of the other two. Similarly, my first computer programs either came back to me, from execution, on reams of fan-fold paper, or with their syntax errors burried nine-edge-up. We somehow managed without email, back then, too (don't ask me how; I don't have a passport, that will allow me entry, to that particular country).
There's a lot of cloudy talk at the moment, and it's really all about a return to Big Computing, but as someone who has seen big computing in action, I'm more encouraged by the sight of a lot of small computing solutions being deployed in some business that think laterally.
Rather than struggling to get each member of staff in some outlying office into the corporate network - through endless firewalls and proxies - it is often easier to provide them with their own small area network, using utiliy servers (often literally flash-ROM devices) and then treat those as gateways to the main network.
In some offices I can think of, the server infrastructure cost around half the price, of any of the PCs it caters for - and yet does as much, for the members of staff in that office, as a bank of whirring air-conditioned boxes, back in central (for far less expense, in terms of maintenance, or power consumption).
Now, many will argue that there will still be the need for some big steamy mainfranme, in a concrete room, somewhere to store all your backups - after all, if you're in the buseness of keeping eggs, why not just buy one really huge basket? But it has habitually been the way of 'edge' servers to seep inwards, toward the centre of the businesses they serve - and how much traction they gain, is often determined by how much of the edge, they originally grab, rather than how suited they may initially be, to their eventual destination (the rate of seepage is largely controlled by the rate of redundancy and retirement, amongst those with a vested interest in last decade's metal, of course).
This is as much a threat to your old-world 'big computing' solutions (your Exchange servers, and so on) as the 'cloud' might prove to be; maybe more so, because - although your servers are often so small you can pick them up with one hand, the approach they use, is really a utilitised version of the old big computing solution they replaced, or obviated. They have few moving parts, require little power or cooling, and may cost less than £200, and yet they are running software that was once written for... well... for a maiframe.
Liability questions abound.
An interesting question, especially considering the points raised in the first post. The issues of liability go both ways. Apart from the issues already raised, what about the issue of letting “personal use” (or as I refer to them “uncontrolled”) devices inside your network? What if that person has a peer-to-peer application that is seeding torrents for copyrighted materiel? A virus or three? What if that person decided that the copy of office the company installed for them was grand, but they really wanted Visio. Work wouldn’t provide it for them, so they pirate it? When it’s a “personal use” (or “uncontrolled”) device then IT is in deep ka ka poo poo.
To this end our latest and greatest network upgrade is actually going to be running parallel networks. Thanks to all the above issues, as well as the need (*sigh*) to provide internet connectivity to our clients we are setting up blanket wifi access here. This wifi access will actually have its own subnet, physically wired separately from the rest of the network and by necessity it’s own external IP. We’ll do best effort to log traffic on/off that network however it is mostly an exercise in legal ass covering. We can point to this network and say “all individuals who use this network agreed to be liable for the traffic of their own systems, blah blah blah. We are merely providing connectivity; everything you do is logged, and these logs will be turned over to the relevant authorities if requested.”
If a corporate user wants to use an iPhad, personal laptop or any other device not officially sanctioned and network nazied by the IT department they will have to do it via Wifi. They will also be taking full responsibility for their own systems; if caught doing Bad Things the will get their collars felt. Being an executive, manager or prole will make no difference; IT in this company simply refuses to be liable for the obstinacy and stupidity of others.
D*mned if you do, Scr*wed if you don't
Many large corporates have the typical enterprise wide license agreement from Microsoft that lets Windows be installed ONLY on company-owned desktops that arrive WITH an OEM license. Let alone all the other cruft from third parties that you need like a supported AV/AS system, etc.
Does IT turn a blind eye to legal compliance (those personal Macbooks really aren't allowed to run that corporate Windows SOE you know, not even virtualized) or turn a blind eye to operational safety (letting those %^*& execs run that infrequently patched Windows petri dish) or put their jobs at risk by insisting said high flying users of personal devices go out and personally purchase the bits license compliance and good security practice would demand ?
- Apple stuns world with rare SEVEN-way split: What does that mean?
- Patch iOS, OS X now: PDFs, JPEGs, URLs, web pages can pwn your kit
- RIP net neutrality? FCC boss mulls 'two-speed internet'
- Special report Reg probe bombshell: How we HACKED mobile voicemail without a PIN
- Sony Xperia Z2: 4K vid, great audio, waterproof ... Oh, and you can make a phone call