The situation has now changed. Our user base is changing, we now have the Echo/Y generation who grew up with computers, they learn to type at school along with writing. They break and maintain their own home PCs, they regularly download and use the tools they need to get the job done. As these people move into management the old monolithic top down attitude of only using what the IT department give them to do their job will be anathema to them and they will start to demand change. The people who do a job, day in day out, know what tools they need to be productive much better than the IT dept does. If we don’t give them those tools they will resent us for not enabling their work. We need to empower people to be more productive, not take away their motivation, morale and confidence in the organisation.
- The departmental app that works with business data that is formally acknowledges as being important to that department and has it’s own budget and support mechanism, but is for what ever reason not packaged by IT. This notion may not sit well with some people, but anyone who has worked in a large enterprise knows they exist and might privately offer plenty of justifications as to why an app might fall into this bucket.
- The communication app: gotomeeting, webex clients etc that may need to be installed by the user, they may also need other clients to tie into outside companies systems eg they may need to install a citrix web client. Or a propriety Active X plugin for company XYZ’s web app.
- The personal productivity app that fulfills a limited business function, legitimately purchased but not formally acknowledged by IT as a supported app. A copy of MindMapper maybe that’s needed to map up a new business process. It may only be used by a few people across the enterprise but it fills an important role for them.
- The personal non-productivity tool like iTunes that is OK to have in a BYOPC environment, but not the sort of thing you want interfering with the corporate computing environment. Although a case could be made for iTunes U and work oriented podcasts etc.
- The totally unauthorised, no excuse, just down loaded from the internet, malware vector that claimed to be a free ring-tone generator.
As Microsoft found out to its cost allowing uncontrolled user installed apps is a nightmare. So if a user can install all of the above how do we both allow the right apps and protect ourselves against the wrong ones AND reduce our support costs?
- Any application that directly manipulates business data must provided by the enterprise.
- The desktop OS must be treated as an untrusted device.
- Approved applications should be delivered by TS or App streaming.
- The users must have a method for choosing from available enterprise applications.
- Users data and enterprise application settings must be separate from user installed application settings.
- Users must have have the ability to roll back their environment to any point in the past, while keeping data and enterprise application customisations.
- Users must be able to reset their machines to virgin state whilst keeping data and enterprise application settings.
If users can provide themselves with the tools they need in a timely fashion and lets face it this is exactly what IT admins have been doing for years, business agility is increased, with the right tools support is decreased and application provision is improved. Giving the organisation lower costs and a competitive advantage.