latoga labs

Alliances & Partnership Advising

© 2006–2025 · Log in

Employee Owned IT – Security Holds it Back

Leave a Comment

Yesterday was the VMware Community Roundtable discussion on View which featured VMware’s own John Dodge.  If you haven’t participated or listened into one of the roundtables, this is a great one for those who are doing or thinking about virtual desktops.

At one point the discussion turned to Employee Owned IT (EOIT) and offline desktops within View.  It was great to hear all the different individuals whose companies are thinking or implementing EOIT in some form or fashion.  One aspect of EOIT which I have touched on in the past, is security.  Security has come up with multiple of my clients when discussion desktop virtualization and EOIT; I was a bit shocked that the topic didn’t come up yesterday during the roundtable.

When you start letting employees bring in their own computers, connect to the corporate network, and then run a corporate supplied desktop VM locally (or connect to a corporate supplied virtual desktop remotely) to do their work there are still some security risks to keep in mind.  Namely, the uncontrolled operating system attached to your corporate network.

Corporate IT may have locked down the VM the employee is using, but more times than not there are not adequate security mechanisms in place to protect the network from the EOIT OS that is running on that EOIT laptop.  What sites were the employee’s children looking at last night?  What malware might be lurking on the EOIT laptop?  And that employee just plugged their laptop into your corporate network.

Walk into most large enterprises (and many smaller ones too), plug your computer to the physical network and you probably are now behind the firewall.  Many companies don’t have any security in place to prevent outside computers from getting an IP address and instant network access–I know this because I’ve had this discussion with my clients when discussing EOIT and I’ve done it myself in the past.  Most companies setup their wireless network to require authentication, and if it doesn’t require authentication it only gives you guest access to the Internet only.  But this is not the case for the physical networks because the assumption is that those inside the building should have full access.

For EOIT to really take off in enterprises, this existing security mindset needs to be addressed.  Either at the physical network level or at the local computer level.  Since the entire idea of EOIT is to not need to manage the computer, it puts us in a tough spot.  Most large enterprises would take years of time and lots of money to update the security on their network to a level that would enable EOIT for wide spread use.  Many smaller companies would do it much faster and cheaper where the cost savings of EOIT far out ways the security measures needed to be installed.

But how do you solve this problem for the large enterprise?

Virtualization Kills Corporate Owned Laptop

Leave a Comment

Today I had yet another of my customers indicate that they are trying to figure out how to get rid of the corporate owned laptop.  Last fall I had a similar discussion with a customer about employee owned laptops.  At that time it was a conversation with an IT knowledge worker who would have rather been given the choice of which laptop he could use versus be forced upon a single brand.  This time it was from an IT executive who would rather reduce his corporate desktop support costs by getting ride of the physical computers all together.

By providing a yearly or bi-yearly stipend and a set of minimum system requirements, let the employee buy the laptop of their choice.  The company provides the business desktop as a virtual desktop that runs back in the data center and the employee accesses it from their own computer.  Lower or no hardware support costs, data is secure in the corporate data center, easier centralized backups, and longer refresh cycles as the virtual desktop’s computing power can be dynamically expanded when needed and the servers can run for 4-5 years versus the company paying the expense of the refreshing laptop hardware every 2-3 years.

I think this company could get there eventually.  Though it won’t be for all laptops in the organization, but a larger enough number of them to make the savings turn into real dollars.