Should personal computers be allowed on the corporate network?
Should you allow personal computers to access the organizational network?
June 1, 2011
One of the challenges facing organizational IT at the moment is the personal computer problem. This is usually explained in one of the following ways:
Computer literate Gen Y demand that they be allowed to bring their personal computers (which usually means a Mac) into the office and plug it into the corporate network and that they be allowed to work on that rather than the fusty Windows box provided by the company
That someone high up the totem pole wants to use their newly purchased personal computers (which means that they’ve gone and spent a whole lot of money on a Mac and are trying to justify it to their partner by saying “look dear, I use it for *work*”). That IT, in fear of the important person, bows to this request, setting a precedent meaning everyone else who wants to use their personal computers eventually gets to do so.
We then hear a lot about IT needs to be “adaptive” to the needs of workers that want to use their own computers. The only way that IT can do this safely is if it has some policies in place and a signed agreement of the person who wants to use the personal computer to adhere to those policies. Having a written policy is like having a firewall protecting your butt as if you can point to something written down it doesn't seem as though you are being capricious in denying a request.
Here are some questions that need to be asked in developing a policy about people using their own computers rather than computers owned by the organization for doing organizational work:
Who pays for the software that goes onto the computer for the person to perform their work?
What happens to that software if the person decides to leave or is fired?
What happens to organizational data stored on the computer if the person decides to leave or is fired?
Is the person willing to let the IT department scrub their computer to reclaim software licenses that the organization paid for or verify that no organizational data is present on the computer?
Who is responsible for providing technical support to fix problems with the computer? IT usually has an agreement with a vendor to replace desktops and laptops in the event of hardware failure or can reinstall software and operating systems in the event of corruption. What happens when someone’s personal computer fails and they are unable to work on it because they couldn’t get appointment at the Genius Bar at the Apple Store until next week?
What happens if the person’s computer becomes infected with Malware - who is responsible for remedying the situation?
In some cases, such as legal discovery, the laptop may need to be seized for legal reasons. At one place I worked a co-workers laptop had to be sent interstate to comply with a discovery request and they were without that computer for two weeks. That was fine because IT was able to issue a replacement, but is the Gen X worker or executive aware that it may be necessary to turn over their personal machine and that they may lose access to it for some time?
In all cases you’ll need to develop policies and spell these issues out to people who want to use their own machines rather than the ones issued to them by the organization. The advantage of an organizational machine over a personal machine is that it is replaceable. If the person leaves the organization, the machine is handed back and no one has to worry too much about the thought of scrubbing a personal machine of organizational data and software. If the computer fails, organizational agreements ensure that hardware is replaceable. So while some people might want to use their “better” computer for organizational work, if you make clear, through policy, the hassle involved in doing so, most of them will choose to go with the “worse” organizational machine.
Last year there were reports of people being surprised when their personal phones were remote wiped after they left an organization. In those cases, the surprised people hadn’t read their organization’s policy with respect to using a personal phone to access corporate email. Using a personal computer to access and store organizational data entails similar responsibilities. If your organization is thinking of allowing people to use their personal computers to conduct organizational business on organizational premises, you definitely need to have a robust set of policies in place to deal with the inevitable sticky situations that such an arrangement is bound to generate.
About the Author
You May Also Like