When corporate clients go personal
The era of the locked-down corporate PC may be ending. Bring your own.
In most enterprises, PCs are what the accountants call a "corporate asset." The company buys them, loads software on them, sticks on a little asset tag, and lets employees use them as tools for their jobs. A given IT department may have more or fewer formal processes--or may simply be more or less control-freakish. But, whether employees get much choice in choosing a preferred PC model and whatever IT's general attitude toward running "unapproved" applications, the PC is company property.
There are lots of historical reasons for this general approach. Desktop PCs sat in an office or a cubicle and were clearly part of a company's physical plant. At least as importantly, PC management (and security) of those PCs was largely predicated on controlling the entire PC software image. Not that managing this way was particularly effective or easy but there were few tools to deal with applications at a more granular level. Finally, even after a PC became a standard fixture of the corporate desk, that didn't mean they were in every home--nor that everyone was exactly "computer literate."
It would, of course, be silly to say all that history is now part of some dead past. However, we're starting to see a variety of intersecting changes that make it much more thinkable that IT shops could at least partially divest themselves of their PC supplier role. Instead, the idea is that employees would just use their own personal systems. There might be stipends; there might be negotiated bulk purchases that people would have the option of hooking into. IT would still be on the hook for at least corporate application support. But, whatever the details, it would be a very different way of thinking about PCs.
(Think of the following discussion specifically in the context of what are often called mobile professionals: executives, sales reps, developers, and so forth.)
Pricing, notebooks, and ubiquity. Pricing has come down, many PC buyers are going mobile, and "everyone" (in the group I'm talking about here) has a PC and is pretty comfortable with using it. That's a broad-brush statement, of course. But the bottom line is that PCs, and even notebooks, are something that people routinely own and use independently of however they use them for business. There are a lot of analogies to mobile phones here; early car phones and even their pocket-able successors tended to be company supplied. Today--especially if we're talking about basic voice phones--employees mostly just use their own.
Changing nature of work and workforce. More mobility, more contract or project-based workers, more blending of the personal and the professional. Collectively, these mean that it's increasingly impractical for IT to give someone a notebook with the stern admonition that "this shall only be used for official company business." It's not surprising that one IT manager I've spoken with who is pushing this personal PC theme particularly hard does indeed work for a company which brings in lots of consultants, local experts, and so forth on a project-by-project basis.
Changing security models. Increasingly work doesn't happen from a single location or a particular device. Furthermore, in part for the reasons noted above, a largely binary approach to security that distinguishes between those inside the "moat" and those outside doesn't really work any longer. And once you open the door to partners and others accessing your infrastructure using equipment that isn't locked-down by your IT department, you pretty much have to move to a model that does security on the basis of user roles and permissions rather than depending on specific device characteristics.
Virtualization, Rich Internet Applications, and other application delivery mechanisms. Finally, and by no means least, today there's an increasingly rich set of tools that provide ways of keeping corporate applications or even complete operating system images isolated within a personal PC. VMware ACE is an example of a product that is specifically designed for this purpose. However, because many software services are now delivered through a Web browser, in many cases users don't even need to directly connect to a corporate network in the usual way.
My point here isn't that every PC in an organization will get personal. In fact, as I've written about previously, I'm seeing a lot of interest in thin clients (which are inherently part of a formal IT infrastructure) for security and other reasons. But we are starting to see a shift toward more personal PCs as notebooks become ubiquitous, application access becomes less hardwired, and security shifts from device-based to user-based.