The Use of Personal Devices in the Workplace

jgaudin · ‎08-15-2011

I've had this thought in the back of mind around the use of personal devices in the workplace. Most common is the smartphone in which people don't want to carry two phones (personal and professional), but they want/need access to the corporate network for things like e-mail, intranet, directory and other services. It started a few months back when I was talking with a CIO who had a vision that in 5-10 years his employees would have a single laptop that they'd purchase and use personally and professionally. The CIO would simply enable them to have access to the corporate network and applications, so they could bring in their device of choice and use it. I was talking about this vision with a colleague of mine and we came up with a few thoughts:

Hardware requirements: the requirements for desktop hardware can vary greatly from personal to professional use. Those who only do e-mail and surf the Internet at home require a less powerful machine then one that's expected to open and run several business applications that may be resource intensive.
Software requirements: certain applications that are required for business use may not be necessary for personal use. To put the onus on an individual to purchase and maintain these applications will result in additional cost to the employee. There could be an opportunity to subsidize these costs for employees, but will they be willing to still take on the costs. My gut tells me that some will and some will not.
Software licensing: if an employee leaves, their license is attached to their personal device and the company will have to license or subsidize licensing of another instance for the replacement. The enterprise-wide pool of licenses go away. If the enterprise decides to purchase and own a pool of licenses that are issued to employees while in service, it may be a violation of terms for them to use that software outside of the business.
Security requirements: there are many security requirements implemented by a business that are beyond what the typical person may employ that may include password requirements, anti-virus software, locking the screen, not allowing access to other individuals- things that would be difficult to enforce outside of the corporate network that could present genuine risk to the business.
Privacy: enterprises have a certain amount of visibility into the actions and usage of corporate owned assets. Files can be scanned, e-mails recorded, browser history viewed as methods of protecting corporate liability and enforcing corporate policies for usage. Delineating between personal and profession use becomes challenging as those lines continue to blur with employee owned assets in the workplace.

As my colleague and I discussed this we thought about virtual machines (VM) as a solution. An employee could bring in their personal device and have a VM image and licensed software installed by IT. Then using the VM they can connect into the corporate network and have access to enterprise data. As we talked about it, we realized there could still be some challenges. A VM instance requires allocated disk space and memory, which will affect the hardware requirements and costs the employee would incur. Security requirements are also a consideration. If the employee doesn't properly secure their primary system a virus could affect it and the virtual machine with it. As a virtual machine, all files and applications are stored locally meaning any complications potentially result in lost data and a total rebuild of the VM.

Then I got to thinking about desktop virtualization and how that would enable users to access corporate applications and data, as well as, address many of the concerns discussed previously. With the application processing occurring at the data center, the load on the local device is minimized to presentation. Also important, is that the data center stores all the enterprise information and applications. If the user device fails or becomes affected it doesn't compromise the enterprise data. And SecOps can still enforce password, time-outs, file access, etc. requirements through the virtual desktop environment. The enterprise need only license the desktop client for the user, now there may be a need for more clients, one for each user device that has the ability to run the virtual desktop, but it's a manageable number. This means the user can work from any device at any location, including personal devices from home and on the road. The one challenge is in being connected, as options such as public access and 4G continue to grow access becomes more prevalent.

What are your thoughts on personal devices in the workplace? Would you allow users to bring in and use their own devices? What are the concerns you have with that approach and what are you doing to overcome those challenges? Is virtual desktops a viable solution?

elroper · ‎10-04-2011

I know this post is a bit old, but is an important one. I don't think personal devices should be used during regular business hours. It just goes to show what a phone-addicted society we have become. By allowing personal devices to enter into the workplace, we marginalize the amount of focus we give an organization and our dedication to it. After all, we are only - well most of us - at our jobs for 1/3 of the day and if we can't communicate with people in the remaining 2/3's of the time in a 24 hours period, something is seriously wrong. Not only should personal handheld devices not be used, but threatens the security of Cisco's clients and their information in an age when any piece of information can be captured in a split second through a text message. There is a reason we call breakrooms ... breakrooms, so that we can use that space for personal business on our cell phones, not while on the clock. This is just my thought.

janetv · ‎10-04-2011

Whether we like it or not the invasion is happening. It isn't about accessing your personal information at work. Individuals are becoming so accustomed to their "device of choice" that they want to use the same tools in the workplace. As a product sales specialist I hear it all the time with my customers. The challenge is how do organizations, especially IT, maintain a sense of control and stay within corporate compliance? In some cases I agree that VDI is a strong solution. The other way is to offer choices. Why do you think our Collaboration portfolio is so large? Just checking my voicemail alone I have at least 5 different ways to do so.

elroper · ‎10-04-2011

I totally agree that the invasion is happening and nothing is going to slow it down. That is just the nature of the beast: technology just doesn't slow down! (ie, iPhone 5's release) Just curious, what is VDI? I am an old timer and resort to Skype and a home line so I don't have a problem with mobile devices. And who is in place to monitor corporate compliance anyway? Do organizations have people sitting at the end of halls watching over the cubicles and the activities being done in them? That is kind of creepy and big brother-like.

jgaudin · ‎10-05-2011

Thanks for the comments and it is an interesting shift that many CIOs are looking at wrt "Bring Your Own Device" (BYOD). Nobody wants to have to carry 2 mobile phones and as we become more and more of remote workspace participants, the devices and applications people employ to do work increases. The point Elliott makes about security is a chief concern among customers who are considering opening up and allowing users to bring their own device for professional purposes- whether it be a laptop, tablet, or smartphone. That's one of the reasons I see VDI as a strong option. Cisco VDI is essentially desktop virtualization that allows a person to view and work on their desktop from the client regardless of the device it's installed on.

Mpassa6219 · ‎11-09-2011

I totally agree with you all and I say thank you !