Blogger: Eric Maiwald
If your employer offered you the opportunity to bring your own computer to work would you do it? What if your employer offered you a stipend to buy a new computer to use at work – would you do it then? For those of you who are security folks – would you want all of your fellow employees to do it?
Well, the opportunity may come. Last Wednesday I listened to Michael McKiernan from Citrix talk about the BYOC program at his company. According to Mr. McKiernan, the program at Citrix has about 10% of the employees participating. Citrix is seeing a cost savings because of the program so it is also attractive to the company’s management.
If a program like this is interesting for management, it might be a good idea for the security teams to think about managing risk in this type of environment. In the Citrix program, there were certain requirements around security software that must be installed before the employee’s computer can be used for work. You might want to think about the requirements you would want to place on any employee-owned computers.
Right after the Citrix talk, Burton Group Principal Analyst Dan Blum presented a talk titled “Endpoint Virtualization: How to Protect Data When You Don’t Control the Desktop.” The timing of that talk was very good as it showed how an enterprise can use virtualization technology to manage risk if employees are allowed to bring their own computers to work.
Keep an eye on technologies like desktop virtualization. Even though it is not a security technology, it will be very useful in managing enterprise risk if employees are allowed to bring their own computers to work.