Ready or not, here comes user PC choice

Some IT executives might have been alarmed when Gartner predicted that by next year 10 percent of companies will require employees to purchase and maintain their own notebooks and other devices. But for Bill Leo, CIO of Oliver Wyman Delta Organization & Leadership, it was confirmation of what he already knew: He is already taking the first steps toward allowing employees to purchase and use their own PCs.

Leo hopes his program will be in full swing by 2010. "This will be an optional program and will evolve over time since investments in hardware are already in place," he said. He's hoping to have a "handful" of newly hired and affiliated consultants participate in the program throughout next year. His company is a 250-person management consultancy in New York.

One benefit, Leo said, will be to "have my staff focus more on strategic IT deliverables vs. tactical tasks." It's a potential cost-saver, too. "If I can grow my business by 30 percent and not add head count to the help desk or desktop infrastructure groups, that's a big payback," he said.

That said, he is taking some precautions to ensure success. "The first thing you have to do is move applications off the desktop and onto the Web," he said, something he has started doing.

Also, Leo has migrated his users from Lotus Notes to Microsoft Outlook in a bid to simplify e-mail setup. Because Outlook already comes preloaded on most laptops, where Notes does not, this "allows for improved application access from any machine," Leo explained. Plus, the use of Outlook "creates greater flexibility for e-mail access from noncompany machines," for example, for any consultants who may be working on a project but who do not work for the firm full time.

In general, Web-based applications allow IT staffers to move from supporting distributed client applications on every desktop to consolidating everything in the data center. They also "allow you to maximize security for the applications and the data they generate." Leo said this is essential when complying with corporate and regulatory mandates. "I put restrictions on what data they can modify and copy over the Web. This lessens the risk of someone being able to steal data," he said.

He also has strict guidelines for acceptable PC configurations, including minimum requirements for operating system versions, antivirus, firewalls and antispyware. To ensure these standards are being met and to make sure infected machines do not get into the company, Leo recommended the enforcement of corporate policies through VPN appliances from Cisco Systems and others that scan devices for compliance before they are permitted on the network. Also, he said, it's imperative that companies consider at minimum two-factor authentication to access data from noncorporate machines.

Leo said to gain employee buy-in for any optional program such as his, companies might have to offer some level of reimbursement. "I think it's something that needs to be considered around connectivity," he said, adding that users will need cable modem or better bandwidth to adequately access network resources.

At Chicago-based law firm Vedder, Price, Kaufman & Kammholz, PC (Vedder Price), CIO Maureen Durack has already started a company program to reimburse attorneys for home Internet access and personal productivity devices.

"Over the last five years, we've seen a trend where attorneys utilize personal technology -- such as smart phones, BlackBerries, cable and DSL, and wireless headsets -- not only to make their lives better, but also to make servicing their clients more timely and convenient," she said.

Durack said while many firms are standardizing on devices and purchasing them for their attorneys, Vedder Price chose a different route. "We know personal devices are not one-size-fits-all and that each person has a unique way they approach their work," she said.

So instead, Vedder Price offers a stipend to employees to spend in a calendar year for personal technology.

Page Break

"They might spend it on a Treo, a desktop or laptop PC, a cellular service plan, wireless keyboards, or a wireless router. They can even use it on software that makes them compatible with the office, such as antivirus tools," she said.

Durack said she works closely with attorneys to help them decide how to spend their stipend. And she also monitors what technology they are buying so she can figure out how to safely support it within the corporate network.

Her team also uses Novell Inc.'s GroupWise Mobile Server and BlackBerry Enterprise Server to support and manage devices that communicate with the corporate e-mail system. "Unless we can have that level of management, we won't support the device," she said. For instance, some users wanted to use their money for the recently released iPhone. She allowed them to do so with the understanding that because it is still an immature product, she would support only access to e-mail via the iPhone's Web browser, as opposed to the more comprehensive enterprise support her IT department provides for the BlackBerry.

Durack enlists the help of computer retailer CDW to help the firm's 240 attorneys make informed decisions such as which laptops and personal devices fall under the acceptable use guidelines.

To gain support from top management, Durack showed that offering a stipend would be 15 percent less expensive, over five years, as compared to refreshing technology such as handhelds every 18 to 24 months. "And if we didn't keep that pace, we'd have disgruntled employees," she said.

While she admitted her help desk does have a wider variety of devices to support than if they were standardized on a single option, she said it has worked out fine. "Our users and staff are better at adapting to new technology; they're not afraid of it," Durack said.

Gartner analyst John Pescatore has found that help desk costs and security are the two biggest possible gotchas when figuring out hardware choice programs. "You may get out of the capex [capital expenditure] cost of hardware, software licenses, etc., but [in exchange] you might get a user with a home PC that's riddled with spyware and viruses or some outdated PC that needs support. Then you have to add back in help desk costs and security to keep your data from flying out the door," he said.

But he said choice programs are a "when" and not an "if" decision in a lot of organizations and that IT has to evolve to court a younger generation of workers. "College kids that are graduating now and entering the workforce expect to have a certain level of freedom. They have their own Web sites, they want to check their personal e-mail and text messages, and they don't want too many restrictions," he said.

This has certainly been the case at the University of Connecticut's School of Business. "Students, faculty and staff all want to have choice and control over their computer systems," said Michael Vertefeuille, director of IT. "And we can't expect an employee or student machine to only be used for work purposes. Technology isn't just about business alone anymore," he said.

Vertefeuille and his team are evaluating ways they can move away from the current system of leasing preconfigured laptops to the 1,200 students enrolled in his school. "Today, we provide close to perfect service to the students in terms of hardware support, software support, loaners for broken or stolen laptops, and insurance," he said. Also, with the university-owned, locked-down standardized laptop, Vertefeuille can guarantee that students won't bring viruses or other harmful code onto the network.

However, the standardized approach has drawbacks. "Buying and supporting these laptops adds huge overhead for us and the students. With PC choice, you can take a sizable capital expenditure off your books on a yearly basis and turn that into discretionary spending," he said. Also, he pointed out that many students and faculty already have laptops they are comfortable with and many resent having to use the university's equipment.

"Standardization has a tendency to inhibit entrepreneurial thinking, so having them buy their own equipment can lead to creative solutions you never thought of," he said.

Page Break

To achieve the best of both worlds -- hardware choice and security -- Vertefeuille is considering two approaches: a virtualized desktop and a token-based desktop.

With the virtualized desktop, students would connect to the school's server via a secure tunnel. During that session they could access all their applications and data. However, once the session concluded, they would be disconnected from those applications and information. "All the processing and data storage would be done on the server," said Vertefeuille, who is testing VMware's ACE Enterprise Edition to learn more about this approach.

He's also test-driving MojoPac from RingCube Technologies, which allows all the computing for the virtual desktop to be done at the PC level and thus takes a load off the data center. "It makes the concept of virtualized desktops more palatable from a corporate perspective because you don't have all the overhead on the servers," he said.

The MojoPac software allows organizations to provide a standard set of applications to users via a portable storage drive such as an iPod or USB thumb drive. "Your desktop image and applications are stored on a personal device that is accessible when you create a secure tunnel with the server. When you finish, the session information and data are cleaned up on that machine," he said.

Although both approaches are hardware-independent, Vertefeuille said organizations must create a standard image for applications as well as baseline requirements for PCs. "You don't want 192 different makes and models of laptops and operating systems running in different languages on your network," he said.

Gartner's Pescatore applauded IT executives who are pioneering hardware choice programs. He said the continued blurring of employees' work and personal lives will make it impossible for IT to control what PCs they're using. Instead, he said, "IT should worry about two things: making users more productive and securing data."

Gittlen is a freelance writer based in greater Boston and the author of Computerworld's "Networking Know-How" column. She can be reached at sgittlen@charter.net.