latoga labs

Alliances & Partnership Advising

© 2006–2025 · Log in

Employee Owned IT – Security Holds it Back

Leave a Comment

Yesterday was the VMware Community Roundtable discussion on View which featured VMware’s own John Dodge.  If you haven’t participated or listened into one of the roundtables, this is a great one for those who are doing or thinking about virtual desktops.

At one point the discussion turned to Employee Owned IT (EOIT) and offline desktops within View.  It was great to hear all the different individuals whose companies are thinking or implementing EOIT in some form or fashion.  One aspect of EOIT which I have touched on in the past, is security.  Security has come up with multiple of my clients when discussion desktop virtualization and EOIT; I was a bit shocked that the topic didn’t come up yesterday during the roundtable.

When you start letting employees bring in their own computers, connect to the corporate network, and then run a corporate supplied desktop VM locally (or connect to a corporate supplied virtual desktop remotely) to do their work there are still some security risks to keep in mind.  Namely, the uncontrolled operating system attached to your corporate network.

Corporate IT may have locked down the VM the employee is using, but more times than not there are not adequate security mechanisms in place to protect the network from the EOIT OS that is running on that EOIT laptop.  What sites were the employee’s children looking at last night?  What malware might be lurking on the EOIT laptop?  And that employee just plugged their laptop into your corporate network.

Walk into most large enterprises (and many smaller ones too), plug your computer to the physical network and you probably are now behind the firewall.  Many companies don’t have any security in place to prevent outside computers from getting an IP address and instant network access–I know this because I’ve had this discussion with my clients when discussing EOIT and I’ve done it myself in the past.  Most companies setup their wireless network to require authentication, and if it doesn’t require authentication it only gives you guest access to the Internet only.  But this is not the case for the physical networks because the assumption is that those inside the building should have full access.

For EOIT to really take off in enterprises, this existing security mindset needs to be addressed.  Either at the physical network level or at the local computer level.  Since the entire idea of EOIT is to not need to manage the computer, it puts us in a tough spot.  Most large enterprises would take years of time and lots of money to update the security on their network to a level that would enable EOIT for wide spread use.  Many smaller companies would do it much faster and cheaper where the cost savings of EOIT far out ways the security measures needed to be installed.

But how do you solve this problem for the large enterprise?

Can Employee Owned IT Overcome the Hurdles?

2 Comments

For the better part of the past two weeks I have been living the life of Employee Owned IT and dealing with the worst case scenarios.  For those who are unfamiliar with the concept, this is essentially where the employee owns their laptop and uses it for work.  The ultimate version of this concept is the employer providing a yearly stipend for purchasing any laptop or computer that the employee wants (usually meeting a minimum performance requirement) and then providing the employee a virtual desktop for all their corporate work.  The theory is that the employee is happy because they get the laptop they want, can (officially) use it for personal work, and they keep the laptop when they leave the company.  The employer is happy because they have shifted money on their books away from owning depreciating assets, saved money overall on the management of their physical client computers, and have a more secure and controlled corporate client computing environment that is compartmentalized using virtualization and primarily contained within their data center.

I have been living this life as a self-driven experiment.  Working on my personal MacBook Pro–which has all my personal software and utilities I use daily for both work and extra curricular activities (photography)–and running a corporate VM with all my official corporate software installed and VPN connectivity.  Everything has been working wonderfully…until the SuperDrive in my MacBook Pro suddenly decided it didn’t want to burn CDs/DVDs anymore. I had purchased the Apple Care protection plan with my laptop, so all I needed to do was take the MBP into the nearest Apple store, have them run a test to verify that the SuperDrive was kaput, and have them replace it.

All went according to plan up till the replace it part.  I needed to leave my computer there for 1-3 days.

1 to 3 days?  This is my production machine!  The Genius helping me at the Genius bar didn’t seem to understand what that meant.  I needed this computer to do my daily work.  Not just that, but could I trust them to have my personal computer, personal information, web browser passwords, and all for 1 to 3 days?

Welcome to the reality of EOIT.  A few of the hurdles that it faces:

  • Hardware Failure & Repair:  The risks and abuses of some private IT repair shops are well documented by news investigations. So how does an employer embarking on EOIT protect themselves and their employees in these hardware failure situations?  Do they require that computers be purchased from only national distribution channels?  Are these the hardware manufacturers with retail stores so the employee can always physically take their computer to some expert for help or repairs?  How does the employer know the quality of the help or repairs?  Do they even care once they have pushed the expense of this off on the employee?
    • There is a bigger change in the dynamics of the computer sales model here as well.  If the retail store outlet is a requirement, now any retailer without store fronts is at a disadvantage.  The companies that have technology centric store fronts now become lucrative partners (i.e., RadioShack, Cell Phone companies).  Then the battle moves into the classic consumer product sales challenges of shelf placement, kiosks, and the like.  If this type of change were to occur, say goodbye to the enterprise client hardware sales person…I already know that the most forward looking of these sales people think they are seeing the end of their career runway because of the previously describe scenario.
  • Information Security: In the EOIT scenario, the employer’s data should be secure because it is living in a protected VM.  A VM that is most likely living only in the data center and access remotely by the employee.  Or, for select power or mobile employees, living on their laptop but encrypted and password protected and could easily be moved to a an external hard drive before taking the computer in for repairs.  But what about the employees personal information?  Should the employer even care?  Ideally, wouldn’t it be great if the employee could have the same protections and ease of migration for their personal computing environment as they have for their corporate computing environment?  This is the goal of bare metal client hypervisors, like the announced VMware CVP.  One could copy their personal VM off to the same USB hard drive and copy a VM containing a fresh install of an OS to their laptop hard drive.  Now if the IT repair technician starts snooping around the computer, there is nothing there for them to find.

These are the two hurdles that I faces personally with my EOIT experience.  There are a few more that employeers face, like:

  • calculating the actual cost savings that a company could achieve through EOIT
  • determining all the possible risk scenarios that a company needs to account for with EOIT and deciding which ones they need to take on and which they are willing to push on to the employee.

My solution to the two hurdles mentioned above was rather unique to my situation.  First, I have a second MBP that I could use while my production system was in the shop.  Second, I was already planning to upgrade the internal hard drive in my laptop and had the new hard drive in hand.  So I was able to clone my personal laptop’s hard drive to the new, larger, hard drive; reformat the internal hard drive; and install a new installation of the OS.  So when I handed my personal laptop over to the Apple Store, there was no personal data on it at all and I could keep working by booting my second MBP off of the cloned hard drive.

Unfortunately for the EOIT vision, this was a very unique situation and I had the technical knowledge to achieve the work around.  For the EOIT vision to become a wide spread reality, these worst case scenarios need to be easily handled by the common employee, with general computer knowledge, through a simple process that includes only a few clicks of the mouse.  I think that technically we are much closer to this reality that most people realize.

However, the biggest hurdle still exists…does Employee Owned IT drive substantial cost savings and will enterprises embrace it?

Closed Source Buys Open Source V2.0

Leave a Comment

In case you didn’t notice from the change of tone in my tweets, I have been on vacation with the family for the past week.  Enjoying the scenic grandeur (and at times solitude) of the Pacific Northwest and taking a ton of photos with my new camera (1388 photos to be exact…and 5 movies…).

Today, I had the joy of the first day back on the job and dealing with the flood of emails, followups, and catching ups that is the price we pay for taking some time off and not reading emails.  Like that wasn’t enough, today VMware (my employer) had to go an announce that we were acquiring SpringSource (and add a few more items to my list to completely dissolve that post-vacation glow! 🙂 ).

After a day dealing with my inbox and urgent items, I had to take some time out of the evening photo processing to read the Steve Herrod and Rod Johnson blog posts on the acquisition.  And provide a bit of a different viewpoint on this acquisition…fresh from vacation and not knowing anything more about this acquisition than what has been publicly stated by others (so safe from saying anything other than my opinion – see disclosures in the About latoga labs in the sidebar).

I’ve Been Through This Before

I’m not talking about my employer acquiring a company.  I’m talking about a closed source Company acquiring essentially an Open Source company.  Before joining VMware I used to work for IONA Technologies (sound familiar….think CORBA…Yes!  That IONA!).  I was there when IONA bought LogicBlaze.  What made this acquisition interesting (especially for me…being part of the enterprise sales team at IONA) was that we went from having 1 closed source product (ESB) to three products (all ESBs) which competed with each other.  And I was only allowed to sell one of them.

Executing a successful merger is not easy even when the companies are very well matched.  But it becomes even more difficult when they have conflicting core values (and revenue models) like closed source code development and open source code development.  In my most recent experience, the Iona/LogicBlaze merger didn’t work as well as it could have because the two sides of the house competed against each other and management turned a blind eye to it while they tried to figure out a revenue strategy post merger.  Funniest thing is that a lot of the core value propositions we were discussing with clients at IONA in that Enterprise sales team that I was part of, still hold true today.  Back then virtualization was a huge hidden value savings that I couldn’t tap into.  Not any more…

Regardless of the synergies that two companies can provide each other technology wise, there is not as much focus traditionally placed on the social aspect of merging two companies.  It is that social aspect (like the social aspect of introducing any new technology in a company) that will drive the speed and revenue value of the acquisition.  Having been through this before in a rather painful way, it is important to mention this fact.

Why VMware + SpringSource Makes Sense

The good news is that this conflicting personality issue shouldn’t be a problem with the VMware/SpringSource merger.  First, there is no competing technologies between the two vendors.  SpringSource allows VMware to access the higher level parts of IT (Applications and App Developers) while also working together to enable the Cloud Vision of vSphere.

Second, based upon what Rod Johnson indicated in his blog post, he will be heading up SpringSource as a separate unit within VMware following the VMware BU organization.  This should mean that SpringSource will get to work as they have been to support their existing community and customers in that classic open source way while working together with the other VMware BUs to add bigger picture value through the combination of SpringSource technologies with VMware’s.

Paul Maritz has indicated in the past the need to move up the value stack of IT and has used the term framework more than once during the vSphere launch.  The ability to leverage the virtualization foundation of vSphere with vApp and abstract away the applications from the operating systems with SpringSource’s various build-run-manage products not only provides a much more open application development environment to compete with Google and Amazon, but also provides an solid migration path for Enterprises to move to the Private Cloud with all their web based Java applications.  Image a world where Java App developers have the ability to integrate via the spring framework right into the virtualization based cloud where their apps will be tested/QA’d/run.  Regardless of weather…er…I mean whether…that cloud is an internal cloud or an external cloud.

I see some very clear and interesting developments on the horizon from this acquisition which I’ll try to disclose my opinion on in the future.  And, as is can be the case when you put a lot of very smart people together with solid management, I’m sure we’ll see some surprises as well.  From the looks of my LinkedIn network, I’ll also be re-united with some old colleagues as well!

Tomorrow will be an interesting day of conversations with my global clients to hear their take on things!