IT heresy revisited: Let users manage their own PCs

Large companies such as BP and Google are rethinking the idea of IT controlling users' computers and sharing their lessons from the frontlines

Resnick argued that empowering workers will not only make them more productive but help them contribute to the organization in other ways. "It sends a clear message that management views its knowledge workers as partners, not as adversaries or, at best, necessary evils," he said. "I believe that this would go far in motivating employees to work harder and to align their goals with those of their organizations. I think this would be huge."

Google CIO Douglas Merrill concurred. "Companies should allow workers to choose their own hardware," Merrill said. "Choice-not-control makes employees feel they're part of the solution, part of what needs to happen."

And the ability for users to self-manage their PCs is only getting easier as hardware vendors are working toward essentially standardized PCs, no matter whose label is on the box.

"Bottom line: The technology exists," Resnick said, "[But] IT has no interest in it because their management approach is skewed heavily toward mitigation of perceived risks rather than toward helping their organizations move forward."

DIY IT in the 21st century

Few companies have taken the radical step of letting users buy and manage their own PCs. But that may be changing. As noted, Google is already practicing it on a company-wide basis, and BP is piloting the idea.

At Google, workers can choose from about a dozen PCs available in its internal tool dubbed, appropriately enough, Stuff, which includes options running Windows, Mac OS, and Linux.

While 90 per cent of hardware acquisitions are conducted through the tool, workers are not necessarily limited to the systems that Stuff presents. "We also have a mechanism for choosing some pretty strange" hardware and software configurations, Merrill said.

Although Google probably pays more per machine than if it went with, and leaned heavily on, a single supplier, Merrill noted that "there's no business downside, and there's the productivity upside ... we're clearly getting a higher productivity out of employees." Merrill also is "able to run a leaner IT shop."

In BP's case, one of its consultants projected that Digital Allowance, the name of the pilot program under which employees choose their own tools and rely on an external help desk service for provisioning support, could save the company up to US$200 million a year in IT support costs, a spokesman said. Still, the Digital Allowance pilot program is skewed to a tech-savvy employee subset. These teams are "at the geekier end" of BP's 100,000-strong workforce, he added.

Analyst firm Gartner predicted in a recent report that "by 2010, end-user preferences will decide as much as half of all software, hardware and services acquisitions made by IT." The research firm cited "the ubiquity of the browser interface" as having made computing approachable enough so that "individuals are now making decisions about technology for personal and business use."

Point of fact: Users are already more involved than ever before. "I'm seeing it become more about the freedom to choose what device you want -- which laptop, maybe a Mac, what kind of handheld," said Allan Carey, an analyst at the Institute for Applied Network Security, a research firm. "It's part of the consumerization of IT," he added, and requires IT to focus on standards and policies that user choices must meet, rather than worrying about what model of PC is used.

What IT must still manage

Even when companies are willing to let employees manage their PCs, IT still has plenty to manage, including security and data.

"I would expect most companies to implement basic security protocols for employee PCs, including virus scanning, spam filters, and phishing filters," Maine's Angell said. "They might provide software tools or simply implement a system check to make sure that such items are running whenever the employee's laptop is connected to the company environment."

Furthermore, Angell said, "We need to recognize that the company's data belongs to the company. Thus, there are certain data systems that will either need to be controlled as Web applications or that get served up via a platform such as Citrix. Access to both can be controlled by the enterprise without having to touch the worker's PC." In this age of Web apps, that's easy to do, he added.

This Web-based application approach to data management and security is Google's approach, Merrill noted. Its employees run Google Apps, no matter what PC they have, and that means that all company data is stored on Google's servers. He also argued that this approach protects Google from the single largest security threat: stolen laptops.

"End-point security never really, honestly works. The number of incidents keeps increasing. If it worked, that wouldn't happen," Merrill said. "So I don't happen to find that argument compelling." Still, Google has a lot of monitors in its infrastructure to notice weird occurrences, both related to security and compliance. It has no choice, Merrill said: The company is subject to heavy regulations including HIPAA, on account of doctors that work on its campus. "Security and regulatory controls run in the background," Merrill said, explaining that they are "hidden from the user in a good way."

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about AppleCitrix Systems Asia PacificForrester ResearchGartnerGoogleLeaderLeaderLinuxOffice of Information TechnologyProvisionProvisionStandard ComputersVIA

Show Comments
[]