Consider byoc as part of desktop as service strategy

Consider BYOC as Part of a Desktop-as-a-Service Strategy

Introduction Info-Tech Research Group Info-Tech finds that Bring Your Own Computer (BYOC) policies and programs should only be considered by organizations that have developed specific capabilities in infrastructure, support, security architecture and end-user policies that support a strategic shift from desktop asset management to service management. For those who have made progress on this path, BYOC offers the potential to improve service and reduce cost. For others, understanding the BYOC end state allows necessary capability enhancements to be prioritized based on the incremental benefits each delivers. This research is designed for: This research will help you: IT managers in mid or large-sized organizations that have virtualized desktops and/or applications or that are actively exploring alternatives to traditional PC desktop management. Organizations with a mandate to reduce asset management costs. Organizations at the end of a PC lifecycle refresh. Organizations that support mobile/global workforces as well as limited term or contract workers. Understand the components of a desktop-as-a-service strategy, including key planning principles, goals, and expected benefits of such a strategy. Perform a capability assessment to benchmark your organization’s readiness to support delivery of desktops-as-a-service to various endpoints, including employee-owned devices. Create a plan that covers key considerations, pitfalls, and actions for developing a BYO program for appropriate user groups. The growing popularity and use of personal devices, from smartphones and iPods through tablets to laptops, is challenging IT to take a position on allowing – and even encouraging – the use of such devices in the workplace.

Executive Summary A BYOC program, enabling the use of employee-owned smartphones, tablets, and laptops, offers alternatives to traditional desktop delivery models, shifting the roles of both the end user and IT. Interest is there, but BYOC is a polarizing issue. There are real benefits: lower cost for the business, more productivity for end users, and less break/fix for IT; there are also legitimate concerns: effective communication of new support agreements and ensuring the security of business information assets. Those interested in moving forward must focus and build upon the four pillars of BYOC capability: infrastructure, security, support & operations, and policy. Together, these provide the basis for the desktop-as-a-service model that enables BYO initiatives. Design your BYOC strategy around the goals of lowering cost and complexity of desktop management, increasing agility and flexibility of service delivery, and ensuring the security of the new program. These goals can pay dividends, even if full BYO isn’t being pursued. Going full BYOC requires close attention to policy and communication. Info-Tech Research Group

Strategize Execute Understand This section will: Outline benefits to end users, IT, and the business. Explore the serious concerns expressed by IT about BYO programs and learn from where the interest is originating. Define the three objectives of a desktop-as-a-service strategy. Understand where BYOC originated and why you need to pay attention now Managing BYOC Roadmap 1

BYOC is seen by many to be complex, expensive, and dangerous – especially for software support & security of business assets In traditional distributed processing, employee applications and data are installed on company owned and managed devices such as PCs. Management of these assets enables the organization to support the efficient use of the applications and protect the data from loss, damage, or theft. If employees are using their own devices, legitimate questions include: How can IT protect the corporate data from corruption, misuse, or theft if there is no control over the device it is stored on? How can efficient use of company-owned applications be supported if the application is on a device with non-standard configuration ? How can the employee install and use a needed application if their device uses a different operating system or operating system version than what is required by the application? The device owner is responsible for taking care of his or her asset ; however, if company owned (or licensed) software and data is on the device, won’t the device owner logically expect the organization to provide support? How can the organization protect centrally located data if it can’t ensure that a device on the same network is properly secured ? Info-Tech Research Group 19% 23%

However, there is interest & real benefits available for those who want to take advantage of the opportunity IT Benefits Dealing with less break/fix and more infrastructure, security, and strategic initiatives – issues with a higher priority. Lowering costs through elimination of the function of acquiring, configuring, deploying, and maintaining end-user IT assets. Improved efficiency in application management and delivery through centralization means not having to manage applications across distributed assets. Business Benefits Incentive for recruiting and retention. Hire remote employees to reduce office real estate costs and maximize the available talent pool. In business continuity situations, employees can have their work with them outside the office in case of emergency. End-User Benefits Sense of ownership and greater end-user satisfaction. Employees can set their own preferences for their devices. Work flexibility and agility. Ability to use the tools that fit their needs and work style. 100% Laptops 12% 19% 17% Tablets 17% 13% 16% Smartphones 11% 16% 25% Very Interested Implementing Somewhat Interested Not at All Interested Interested Source: Info-Tech Research Group N=75

Interest in BYO has escalated because of advancements on both the IT and the consumer side Info-Tech Research Group Generation Y Millennials started entering the workforce in larger numbers and are often associated with the consumerization of IT. Many of the next generation employees don’t remember a world without the Internet and are used to having the latest PC or Mac at their fingertips. Some companies are using BYOC as an incentive program to attract new talent; however, most companies are not likely to look at this as a top driver for business decision-making. Tablets Bring Your Own Computer might more aptly be called BYO Device (BYOD), as much of the recent interest has been driven by iPad users and the proliferation of tablets and smartphones in the workplace. The pressure on IT began as a result of end users and C-level executives wanting to take advantage of their latest toy. As the number and capabilities of tablets on the market continue to grow, so too does pressure for BYOC programs. The Cloud Available SaaS options are almost unlimited – covering, for example, Payroll, Accounting, CRM, Project Management, and HR Management Systems. Online productivity suites are also maturing year over year: Google Apps , Zoho , and now Microsoft Office 365 all offer the potential to reduce application maintenance costs by placing responsibility for patching and upgrading in the hands of a third-party cloud vendor. Virtualization Desktop virtualization is continuing to take hold in organizations of all sizes. Desktop virtualization can range from the virtualization of individual applications to full desktops. Organizations that are farther along the virtualization path are looking for new ways to leverage this desktop-as-a-service delivery model to reduce hardware and support costs. IT Consumer

BYOC can be a hot topic for IT – both for and against it; a conversation is potentially confrontational but necessary Info-Tech Research Group In Info-Tech’s survey of trends to watch in 2011, BYOC came dead last. BYOC has established itself as a polarizing topic among IT professionals. Some are very optimistic while others are vehemently opposed to the idea. Interestingly, while BYOC is last, interest in and adoption of desktop virtualization (DV) is very high. DV is seen as a significant enabler of BYOC, and this may predict the future state of BYOC on this chart. I’d love to be the Dr. No, but that’s not a culture that I’ve ever promoted in my organization. We can’t say no to people. They’ll just work around you. These things will come in whether you like it or not. So you better figure out how you want to manage it.” - CISO, Government “ Bring Your Own Computer might more accurately be called BYO Device (BYOD), as it includes a full range of devices from smartphones to tablets to laptops, and whatever the future brings. “ I was talking to a major ISV that employs probably 10,000 people or something like that. And they ran a scan to see how many unmanaged devices they had. They called them cockroaches. And they had 3,000 unmanaged devices that were connected to the network, and they have no idea who owns them. And they definitely didn’t buy them. So whether you like it or not, it’s happening, and IT needs to get on top of it.” - From conversation with virtualization vendor The more IT resists, the more end users are going to push. It’s an age old problem that will only get worse with time: shadow devices on the network . High Low Adoption Interest Source: Info-Tech Research Group N = 254

Where this solution set fits: BYOC is enabled by desktop virtualization capabilities Those considering or already implementing BYOC can do so because they are developing capabilities that enable multi-device access and alternatives to traditional desktop PCs. Info-Tech Research Group Question BYOC is fraught with difficulties in a traditional distributed client PC environment. As organizations begin exploring alternative delivery methods, when is the best time to consider BYOC? Answer BYOC can be, and is being, considered by those who are moving away from the traditional distributed fat client model. Who would that be? Organizations that are exploring alternatives to desktop PCs for workers (laptops, thin clients, tablets, and smartphones) as well as alternative application delivery methods such as application presentation, cloud-based SaaS, and Web-enabled applications. Organizations that are invested in or interested in investing in desktop virtualization are better prepared for BYOC and willing to extend their capabilities to this service. Those who are not leveraging virtualization technologies to replace traditional desktops are less likely to be interested in BYOC. Related sets that address aspects of desktop virtualization: Develop a Desktop Virtualization Strategy Select a Desktop Virtualization Solution Build Steps to VDI Implementation

Take a device-agnostic approach, but recognize that different devices are used for different purposes Info-Tech Research Group Smartphones, tablets, and laptops are on a usage continuum which is characterized at one end by consumption of small chunks of information with little creation or manipulation; at the other end is broad data consumption and significant creation and manipulation. Tablets are somewhere in the middle and have attributes overlapping both ends of the spectrum. They can be used, for example, to access iPad apps but also full virtual desktops. It is no surprise that executives, who want ready access to small chunks of content in a highly mobile environment while being less likely to create or manipulate content, are more likely to pressure IT for smartphone BYOC policies. Data Consumption, Creation, and Manipulation Implementing 29% Interest 39% 61% 38% 62% 71% No Interest No Executive Pressure Executive Pressure Bring Your Own Smartphones Source: Info-Tech Research Group N = 71 % of Organizations

Critical Planning Principle: minimize the corporate presence on end-user devices, whether employee or company-owned Installation of company-owned or licensed data and applications on a device creates challenges for support, management, and protection of these assets. To meet the objective of reducing the complexity and cost of end-point device management, the company footprint must be minimized. Info-Tech Research Group We won’t give you wide open access to the network. We’ll just give you presentation layer access, browser-based access to the resources. So that’s the approach we’re starting to take more and more because it’s a recognition that we have absolutely no control over and governance over an employee-owned machine, be it an iPad or, frankly, a smartphone. It’s not going to matter.” - CISO, Government “ By installing nothing or very little on the endpoints, two things happen: IT can reduce responsibility for the device. With a traditional, distributed PC delivery model, IT is responsible for the applications installed on those devices, as well as the hardware. With a virtualized delivery model, the applications are centralized and can be maintained away from the endpoint. When that endpoint is no longer owned by the business, it becomes the responsibility of the end user. The device doesn’t matter. Centralized applications can be delivered to endpoint devices without a concern about what kind of device to which it’s being delivered. As one CISO pointed out: “ You can no longer look at this as an iPad issue or as the Chrome 3 or Android 3 devices start to come out. You’re going to choke on trying to keep up with any kind of platform.”

Lower costs and improve service using alternatives to traditional fat client PC deployment & management BYOC is the cart, not the horse. BYOC should not drive efforts such as replacement of traditional PCs with virtual desktops. Rather, those efforts make it possible to consider a BYOC policy. Info-Tech Research Group So if not BYOC exclusively, what is the overall goal? Why do it? Imagine a world where IT could focus on the delivery of the information services and applications that workers need to perform their jobs, while not having to spend time on the devices that workers use to access those services and applications. This world would be device agnostic; the type of device used to access applications and services wouldn’t matter. Access to applications and services on the devices would require the most basic, simple to use, and easy to support access clients possible . Getting to Value: Objectives of a Desktop-as-a-Service (DaaS) Strategy Reduce the cost and complexity of deploying and managing end-user devices. Improve agility of application deployment and accessibility to applications from multiple endpoints and device types. Ensure that while objectives one and two are being achieved, business digital assets are protected from damage, misuse, or theft. Is this a return to dumb terminals? In a sense, yes. But these access terminals will provide a window to applications that are as feature-rich and powerful as anything that runs on a PC desktop. In fact, in certain cases, they will be the same applications as the desktop. For cases employing virtual desktop infrastructure, the PC desktop itself will be an accessible service from a range of devices. Info-Tech Insight:

Reduce business costs & IT complexity by minimizing desktop management requirements The Three Objectives of a Desktop-as-a-Service Strategy Info-Tech Research Group Reduce the cost and complexity of deploying and managing end-user devices. The Goal Endpoints that are as low maintenance as possible. Focus on zero or minimal install that leaves little to nothing on the endpoint that must be managed locally. The Benefits Zero and thin install endpoints require little to no intervention by the IT department, making the endpoints low impact. This means that IT gets out of the break/fix cycle of managing desktop hardware and is able to focus on service delivery as well as other strategic IT initiatives. Enabling Technology App stores . iPad apps, for example, can be downloaded from a self-service store by the employee. A similar technology is found in the Citrix Receiver storefront (formerly known as Dazzle) which allows employees to download business apps sanctioned and supported by IT. Web apps . The number of cloud-based productivity suites is increasing. Office 365, Microsoft’s cloud-based Office suite, joins Google Docs and Zoho among others. Productivity on the cloud means that no endpoint has a local productivity suite that must be supported by IT. 1. Reduce Cost and Complexity

Move away from asset management toward service management to enable a more flexible work environment Info-Tech Research Group Improve agility of application deployment and accessibility to applications from multiple endpoints and device types. The Goal Applications that can be accessed from anywhere and on any device. The Benefits Increased end-user productivity and work flexibility. This type of application agility is enabled by presentation and virtualization technologies which centralize apps in the data center. With centralized applications, IT is able to add, upgrade, and patch applications and services more easily. The endpoint doesn’t matter. For example, rolling out a new OS does not require a PC refresh as it can be delivered as a virtual machine (VM). The Three Objectives of a Desktop-as-a-Service Strategy Enabling Technology As indicated above, virtualization technology is a key enabler for achieving this goal. For more information on desktop virtualization strategy and selection, refer to Info-Tech’s solution sets: Develop a Desktop Virtualization Strategy and Select a Desktop Virtualization Solution . Vendors who offer solutions for hosting and streaming applications and OSes include Citrix XenApp and XenDesktop , Microsoft App-V and Remote Desktop Services (formerly Terminal Services), VMware’s ThinApp and View . 2. Improve Agility and Access

Strike a balance between reduced complexity, increased agility, and security concerns Info-Tech Research Group 3. Ensure Security and Integrity Ensure that while objectives 1 and 2 are being achieved, business digital assets are protected from damage, misuse, or theft. The Goal Protection of business information assets by preventing cross-contamination between business and personal functionality. The Benefits Meet compliance regulations more easily. Easier even than with traditional desktops. Ultimately, it’s the ability to give the business what it wants while protecting them from themselves. 37.5% Very Challenging 9.7% 44.4% Not at all Challenging 0.0% 4.2% 4.2% 81.9% of survey respondents said that security was challenging or very challenging. Source: Info-Tech Research Group N=72 Enabling Technology Network Access Control (NAC) identifies devices as they connect, and applies tight network restrictions dynamically. Often includes anti-malware validation to limit potential attacks against internal resources by infected devices, and integration with multi-factor authentication solutions. Multi-factor authentication strongly validates users and/or devices before allowing access. IPSec and SSL VPN technologies enable secure access from BYO devices to otherwise inaccessible systems. The Three Objectives of a Desktop-as-a-Service Strategy

To meet the three objectives of a DaaS strategy, capabilities must be developed in infrastructure, ops, policy, and security Info-Tech Research Group Virtual Servers Server Capacity Storage Bandwidth First Line Support Third Party Support Self-Support HR Legal Finance IT NAC Multi-Factor Authentication Encryption Infrastructure Security Operations Policy

Without proper capabilities, there is simply too much cost & effort required for a successful BYO program No-Go State BYOC would be difficult without a significant cost/effort investment. Currently, users are coming in to work with their iPads despite being discouraged to do so. Infrastructure Traditional, distributed PC environment with some server virtualization, but no desktop virtualization (DV). There are current budget restrictions that prohibit moving forward on DV. Security Early stages of determining what security controls are required to mitigate the risk of employee-owned devices. They use SSL VPN and are investigating ways to leverage this further. Operations/Support Haven’t been able to build a compelling business case to support consumer devices and do not see cost savings in outsourcing. Policies Current policy for contractors connecting to the business network is for IT to ensure the controls on the contractor machine meet or exceed those of the business. There is a user acceptance form in place. They would like to extend this policy to users, but unsure how to police it. Capability Maturity Policy Infrastructure Operations/Support Security Case Study

Organizations that have developed capabilities in desktop virtualization are better prepared for BYOC Info-Tech Research Group Can-Go State BYOC may not be desired but can be conceived. Currently, executives are coming to IT asking to bring their iPads into work as they see other businesses are enabling this. Infrastructure Have used presentation virtualization extensively for some users, but not all. Are exploring further virtualization of the desktop. Security Use multi-factor authentication to access the network, have fully encrypted hard drives on their assets, and have developed a plan to move towards a full, authenticated network in the near future. Operations/Support The CIO fully expects BYO to become par for the course and wants to leverage the internal skills achieved through their DV experience. There is some reluctance and concern about rolling out a new support model. Policy Have “secret sauce criteria” in place for dealing with different devices on the network, particularly with contractors. Can limit access for untrusted devices. Capability Maturity Policy Infrastructure Operations/Support Security Case Study

Development of capabilities in the four pillars will provide answers to these questions Info-Tech Research Group

Understand Strategize Execute This section will: Define the four pillars of BYO capability and analyze remaining gaps. Outline three BYO delivery models and their relation to the capability pillars. Examine specific challenges and the key technologies that can securely enable BYO. Success in BYO relies on four main pillars Managing BYOC Roadmap 2

As devices move from light data consumption to heavy data creation, new capabilities must develop Tablets occupy a middle ground where consumption and creation of data has a wide range. BYOC needs to be a consideration once interest enters this zone. There are two potential paths that can be followed at this point. Info-Tech Research Group - Light data consumption - Minimal data creation Heavy data consumption Local data creation Easier and more supportable More flexible device capability Full network Harder to support (e.g. local rather than centralized apps) Limited by device capabilities For more information on managing personal mobile devices, such as the iPhone, refer to the Info-Tech solution set, Manage the Invasion of Consumer Technology . Final steps : Full BYOC policy created by all business groups. TCO calculation in conjunction with Finance. Full BYOC BYOC Light Past this line, infrastructure, security, and operations pillars must be considered in order to support advanced data creation. Integration Virtualization Data Consumption and Creation Continuum

At one end of the BYO spectrum, there is emphasis on consuming small chunks of data with little to no data creation The Light Model Details BYOC Light allows access to small chunks of information, typically via e-mail and public-facing Web applications, primarily for consumption. A Light Model usually involves access from personally-owned smartphones or tablets, though laptops, home PCs, and other Internet-connected devices may also be used. Steps must be taken to restrict access to and storage of sensitive or regulated data, or to provide appropriate protections; however, the other pillars may not require as much work to get such a program off the ground. Candidates Many organizations are already supporting this type of environment, whether they call it BYOC or not. Allowing employees to bring their personal iPhone, Blackberry, or Android smartphones into the workplace and connect to the guest wireless is a form of BYOC that focuses on consumption of data. Info-Tech Research Group Least Effort Most Effort Least Effort Most Effort Least Effort Most Effort Infrastructure Operations/Support Policy Security Endpoint Central

Info-Tech recommends a virtualized model for increased security & ease of management The Virtualized Model Details This model relies heavily on desktop, application, and presentation virtualization and involves the highest level of investment in infrastructure. In this model, the end-user device accesses a separate corporate virtual machine on a central server. The virtual machine, applications, and data remain secure and isolated in the data center while the employee is connected to the business network. Increasingly, encrypted “offline” virtual desktops enable data security and isolation on the user system, while allowing for productivity when network connectivity is limited or absent. Candidates Regardless of the size of the organization, this model has clear security and manageability benefits over other models. However, it does not come free: organizations that have already invested in virtualization technology have a head start here. Even server virtualization is a step in the right direction, as competencies developed through server virtualization can be extended to desktop virtualization. Advanced virtualization models may also include client-side hypervisors where the business virtual machine is partitioned and kept separate from the employee’s personal data. Info-Tech Research Group Least Effort Most Effort Least Effort Most Effort Least Effort Most Effort Infrastructure Operations/Support Policy Security Endpoint Central

Integrated models rely heavily on strong policies and require significantly more time & effort spent on support The Integrated Model Details Of the three full BYO models, this is probably the most challenging, and for many organizations, utterly unrealistic. In this model, all applications are installed locally, and personal and business data sit together on the machine without separation. The required level of security on the endpoint is high, and expectations must be explicitly stated in a comprehensive set of policies. Candidates Small businesses with low risk data assets or certain individuals within a larger organization are the best candidates. There is a significant level of trust required for this kind of access to business IP. Businesses with any kind of compliance requirements around data privacy and security will be unable to deploy this type of BYO model without significant company-controlled security capabilities on the system to contain risks and potential liability. Info-Tech Research Group Least Effort Most Effort Least Effort Most Effort Least Effort Most Effort Infrastructure Operations/Support Policy Security Endpoint Central

Organizations may look to hybridization to take advantage of the best of all worlds The Hybrid Model Details There are a number of ways a hybrid model can be deployed, depending on the applications in use. One example of this would be an organization that allows employees to use basic productivity apps on their end-user device and then delivers other applications virtually. In another example, the organization may rely on a number of cloud applications for some of its application requirements, while other apps may be hosted in the data center, and still others may be installed locally on the client. Candidates A hybrid model applies to a much broader range of use cases. There are still security concerns about accessing business data for local applications, as well as for accessing central services – as such, the net result can be the worst of all worlds! However, an increasing number of organizations are looking to and trusting the cloud with their business data, opening up additional possibilities. Info-Tech Research Group Least Effort Most Effort Least Effort Most Effort Least Effort Most Effort Infrastructure Operations/Support Policy Security Endpoint Central

Required infrastructure capabilities are much the same as those for virtual desktop environments Info-Tech Research Group Virtualized Servers. A capable IT infrastructure based on a solid foundation of virtualized servers will decrease implementation complexity and improve the business case for DV. Experience, skills, and tools gained through this initiative will transfer nicely to DV, and can be leveraged for deployment and management of virtual desktops. Server Capacity. There must be available server capacity to support the delivery technology required to offer a solid BYO strategy. Determine whether current capacity is sufficient to support DV and, when possible, use existing capacity to deploy the initial pilot to avoid purchasing a new server for DV. Calculate current IOPS on the storage media, as this is the current bottleneck in most environments. Network Storage. An existing investment in network storage will not only provide capacity but will also enable higher availability/recovery of the BYO infrastructure. It will also enable higher availability/recovery of the virtual desktop infrastructure. Make sure your storage area network (SAN) is ready for the added burden of hosting virtual desktops. Network Bandwidth. Consider typical use cases to determine bandwidth requirements as media streaming and delivery protocol can make or break a BYO program. Criticality of capacity planning, monitoring, and infrastructure support are magnified with desktop virtualization relative to traditional desktop PC setups. For more details on infrastructure requirements, refer to Info-Tech’s Develop a Desktop Virtualization Strategy . Focus on the following infrastructure enablers to minimize implementation pain

Truly mobile workers pose a challenge, but a virtualized infrastructure can help mitigate some pain points Info-Tech Research Group There may be some users that need a full functioning Windows desktop with all the applications, and these users may also be mobile and unable to connect to the network all the time. The challenge is how IT can provide flexibility and service to users who are not connected to the network. Below is a list of product solutions that can address these four technologies. It is for example only, and is not exhaustive . Citrix XenClient Citrix XenVault VMware MVP (Mobile Virtualization Platform) Citrix XenDesktop VMware View Quest vWorkspace Microsoft Desktop Virtualization Citrix XenApp VMware ThinApp Salesforce.com Google Apps Any number of SaaS solutions Citrix Receiver (can be installed on a growing number of devices)

Draw a line in the sand: tell end users what they can and can’t do to decrease the effect on support costs Info-Tech Research Group The Question What are the obligations of IT in supporting the end user – not the PC? 52% of respondents strongly agreed with the following statement: Help desk support requirements have increased [since allowing personal devices on the network]. In short, when it comes to personal device support, focus on mitigating connectivity issues with corporate infrastructure. Leave end users to manage their own devices when it comes to hardware and support issues. n = 113 In Info-Tech’s survey on personal mobile devices, the majority of survey respondents interviewed saw an increase in support costs after permitting personal devices on the network. Those that did not focused heavily on developing a policy that outlined resolution options for common issues. My device won’t receive e-mails. My device and calendar won’t sync. My device can’t access Active Directory. My device won’t turn on. My device is frozen. My screen is cracked.

Consider alternatives to help ease the adjustment of new support arrangements: both for IT and the end user % Info-Tech Research Group Third-party support contracts . As part of a stipend, the business can ask employees to secure support contracts for their devices in case of hardware failure. If employees buy their laptop from a franchise/box store, service contracts are often not suitable for business requirements. In this case, the business may want to contract a suitable service provider and direct employees where to take their devices. A key element of this is having emergency reserves on hand to maintain productivity while the device is being repaired – this could range from previously retired hardware to thin clients. Self-support . The business can also encourage self-service and peer support for some problems. The success of this depends greatly on how comfortable the employee population feels about technology. IT may consider developing a knowledge base or internal wiki that employees can use to self-diagnose and self-help. The changing role of IT from asset manager to service manager. This is a real paradigm shift for IT. The administrative side of desktop management doesn’t really change – managing access and privileges – but IT is no longer managing patching and upgrading on individual machines.

The discussion to move towards BYOC is not just about IT policy alone; involve all parts of the business Info-Tech Research Group IT will determine the capability of both the infrastructure and IT staff skills to support the program. It may be necessary to create a skills inventory to determine capability and support guidelines. IT will also outline minimum requirements for devices purchased by employees. HR will define policies that are already available to be leveraged as well as new policies that must be developed. They will also determine how best to handle new employee onboarding, probation periods, and stipend proration if necessary. Finance can crunch the numbers and outline tax implications of the program for the business in order to determine an appropriate stipend amount. Legal will advise as to any compliance or regulatory restrictions that may interfere in widespread deployment of the program. Restrictions may be placed on a department by department basis. See Info-Tech’s BYOC Acceptable Use Policy .

Secure access from the BYO device to company networks and centrally-stored data therein Key technologies include: Network Access Control (NAC) . Identify devices as they connect and apply tight network restrictions dynamically (e.g. assignment to VLANs with appropriate VACLs). May also include anti-malware validation to limit potential attacks against internal resources by infected devices, and integration with multi-factor authentication solutions. Firewalls & static VLAN assignments . Restrict access to network resources based on WLAN IP address, or based on physical LAN port assignments to specific IP addresses or VLANs. Desktop Virtualization . Deliver a rich desktop experience (i.e. profiles, applications, and data) through a presentation interface, and limit or eliminate the need or potential for copies of company data to reside on the BYO device. Multi-factor authentication . Strongly authenticate users and/or devices before allowing access. Secure remote access . IPSec and SSL VPN technologies can enable secure access from BYO devices to otherwise private/inaccessible resources. How will devices be allowed to connect to internal company networks (wired or wireless)? Options & considerations for internal connection of BYO devices to business networks: Direct connectivity. The BYO device can connect in the same way(s) as any company-owned asset. Limited connectivity. Only allow authenticated access to specific, limited services or resources. For more information, refer to Info-Tech’s Build Security Architecture & Roadmap Implementation . No connectivity. Only allow strongly-authenticated access to secured, public-facing services (SMTP, IMAP, HTTP, RDP/VNC).

Secure all copies of company data stored on the employee-owned device Key technologies include: Encryption – whole device and content-level encryption can provide companies with the confidence that locally stored data (on the device itself, or on peripherals) is protected from inadvertent disclosure. Anti-malware – protect against local data (and central system access credentials) being disclosed as a result of system compromise. Remote & event-based wipe – ensure that company data can be removed from lost/stolen BYO devices, or is automatically removed after a set number of failed attempts to unlock. Strong passwords – ensure that access to the device, or to data on the device, is protected by more than a trivial PIN. Info-Tech Research Group Will devices be allowed to store copies of company data locally ? Options & considerations for storing local copies of data: No ability to store data locally. The device can only connect to a locked-down VDI session through which data can be accessed and manipulated. Limited ability to store data locally. The device is able to access some data and store it locally (e.g. cached e-mail/calendar/contact content). No restrictions on local storage of data.

Understand your current capabilities and assess your readiness for different BYOC approaches Info-Tech’s BYOC Readiness Assessment Tool asks questions about your current infrastructure, security, operations & support, and policy competencies. Your responses will result in prioritized advice to help you decide if BYOC is right for your organization, and if so, what model fits best, and where to focus efforts to make BYOC a reality. Some of the topics covered include: Desktop virtualization Granular network security/connectivity Encryption Self-service support Acceptable use and termination policies Info-Tech Research Group

Strategize Execute 3 Understand This section provides five final actions for developing a solid BYOC policy, including: Communicating support expectations. Analyzing the impact of these objectives on your approach. Documenting your position on BYOC. Consider five final actions to take BYO the last mile Managing BYOC Roadmap

If the capabilities assessment says you are ready for BYOC, consider these five actions for moving forward with a policy Info-Tech Research Group recommends the following actions. Success in developing the four pillar capabilities means the organization can support BYOC. Next is to establish the why and the how. Info-Tech Research Group 1 Measure success against overall objectives of a multi-device strategy. Having a multi-device IT service access strategy should contribute to lowering costs while increasing service regardless of who owns the devices. Given that, how does BYOC further those objectives? 2 Consider impact on overall objectives when deciding between passive or aggressive approach. Bring Your Own policies can range from passive (we allow connection from personally-owned devices) to aggressive (we encourage and even subsidize bring your devices). 3 Communicate policy requirements and roles and responsibilities for system support. Failure to meet success measures can be a result of communication failures as much as a failure of technical and operational capability. 4 Maintain company-owned device options for flexibility and end-user service. Info-Tech sees that even in the case of an aggressive BYOC program, allowing use of a company-owned device can mitigate a number of the potential pitfalls of BYOC. 5 Document your policy position and rationale for the business. In dealing with your internal business customers’ demand for service, there is only one question (with two corollaries) that matters. Can you deliver this service? If yes, how? If no, why?

Measure success against overall objectives of a multi-device strategy Success Metrics Objective: Reduce the cost and complexity of managing endpoint devices. Has the move to bring your own device lead to a reduction in capital spend for end devices? Look for reduction in desktop hardware/mobile device capital spend. If you are implementing a stipend system, the cost of the stipends should be counted as a capital spend. Has the move led to further reduction in time/effort spent on client support? Measure help desk ticket volume and time/effort spent on supporting endpoint issues. Hope for at least neutral impact here; if support costs increase, revisit the BYO fundamentals. Objective: Increase flexibility of service to the user. If client demand for the service has been high, conduct a follow-up survey to see if clients feel they got what they needed. Survey managers/executive groups to gauge if flexible access, including client-owned devices, has boosted productivity and/or job satisfaction. Objective: Ensure business-owned digital assets are protected from damage, misuse, or theft. If there has been an increase or change in security issues (e.g. breaches, malware attacks, accidental corruption or loss of sensitive data, theft or misuse of company IP) as a direct result of BYOC, then audit. Recognize that a temporary increase may occur, as previously-unsanctioned BYO activity comes under increased corporate scrutiny. Having a multi-device IT service access strategy should contribute to lowering costs while increasing service regardless of who owns the devices. How does BYOC further those objectives? Info-Tech Research Group

Consider impact on overall objectives when deciding between passive or aggressive approach Bring your own policies can range from passive (we allow connection from personally-owned devices to select services) to aggressive (we encourage and even subsidize BYOC). Passive Approach There are a lot of employees, including executives, that have their own devices and want to use them at work. IT can score a service win with these groups if they can allow access from these devices. Nobody is being forced to bring their own. In terms of meeting overall objectives, the goal is likely positive progress on the second objective – increased flexibility of service to the users – while at the very least avoiding any increase in cost and complexity of managing endpoints or additional security headaches. Aggressive Approach If the organization is embarking on an aggressive BYOC program – trying to transition as many employees as possible to Bring Your Own – there is going to be additional considerations such as HR implications of stipends and communications/support for less sophisticated tech users. The return on this investment will likely need to include definite cost and complexity reduction as well as service improvement.

If your organization decides to pursue an aggressive policy, think about including a stipend as part of the BYOC policy Info-Tech Research Group Below are purchase details for a new laptop on Dell’s online Small & Medium Business shop which allows for business editions of software, such as the OEM version of Windows 7 Pro rather than Home edition. Compare the cost of an individually purchased laptop against the cost of purchasing a device at volume through the business. Cost considerations: Taxation . Some businesses are eligible for a refund of the sales tax paid toward a business laptop. The amount of the refund varies by the size of the business as well as local tax laws. Cost of Support . The ideal state of a BYOC program is that IT will no longer be responsible for maintenance of the hardware. Calculate the number of man hours spent previously against expected savings. Licensing . Microsoft’s Software Assurance (SA) does not apply to thin clients or employee-owned devices. Compare the cost of SA against the cost of individual licenses or the $100/device/year Virtual Desktop Access (VDA) fee. Dell Vostro 3500 Laptop Processor Intel Core i5 (560M) 2.53GHz/3MB cache Operating System Windows 7 Pro 64-Bit Memory 4GB DDR3 Display 15.6” Hard Drive 320GB SATA Service & Warranty 3 Year Advanced Service Plan (next business day onsite service) Productivity Suite None . Add $399.00 for Office Pro 2010 Anti-Virus None . Add $40.00 for 36 months of Trend Micro Worry-Free Business Security Services Keyboard and Mouse None . Add $99.99 for Wireless Logitech MK710 Included Option Fingerprint reader Price $1219.99 +tax

Communication of policy requirements and explicit support expectations will be critical Failure to meet success measures can be a result of communication failures as much as a failure of technical and operational capability. Info-Tech Research Group Here’s a Typical Concern The boss loves his smartphone. He wants to use it for work-related tasks. He also wants anybody in the organization with a smartphone to be able to use one. However, if his smartphone stops functioning, he’ll expect IT to support it. As seen above, a previous Info-Tech survey indicated that over half of respondents (52%) found that support workload increased with a mobile device strategy. If the organization has successfully moved to a model where support is focused on making services available and accessible, support requirements at the access points (access devices) should decrease. But this only works if the user community clearly understands their responsibilities and the obligations of the organization to support the device. Action This is a big culture change, so communication is key. Make sure the policies around BYOC are clear and explicit. Define what is in and out of scope in terms of support and in terms of what can be accessed by the employees using their device. Communications Plan Template for a BYOC Program

Maintain business-owned device options for flexibility and end-user service The overall strategic goal may well be to get out of the desktop asset management business entirely, but continuing to own and maintain some endpoint devices will make it easier to implement BYOC. In a broader IT as a Service initiative, the aim is to reduce the cost and management complexity of all endpoint devices including business-owned devices. BYOC can be leveraged to buy and maintain fewer devices; however, continuing to own and maintain some “spares” will boost service capabilities even as more employees bring their own. Info-Tech sees that even in the case of an aggressive BYOC program, allowing use of a company-owned device can mitigate a number of the potential pitfalls of BYOC. Info-Tech Research Group Scenario 2 In a company that is aggressively promoting BYOC, a new employee is told that he or she will be given a stipend to purchase a personal laptop that they can use to access a VDI corporate desktop. The employee is not interested in owning a laptop. He or she is interested in accessing the VDI desktop from a home office PC over VPN but would rather have a desktop PC at the office. In this case, if the employee was offered a choice between BYOC and a thin client workstation with access to a VDI desktop, the organization could still meet the objectives of reducing cost and complexity at the desktop while giving more than one choice to the employee. Scenario 1 The enterprise supports access to corporate desktop services via a laptop or tablet. The scope of support is clear: IT does not handle break/fix of the device but does support access to applications and services. What happens if the device does break and is going to take a week to get repaired or replaced by a third-party vendor? If this user can be given a “loaner” device, he or she can continue to work while the device is serviced. This could be a formerly-retired device or a thin client option.

Document your policy position and rationale for the business If you have used this solution set, you now have detailed information on whether or not your organization is ready to support a BYOC initiative, as well as an understanding of the bigger picture strategic goals of which a BYOC program can be part. If you are not ready, you know where you have to invest in capabilities development. If you are ready, you have also considered why this could be a good idea in terms of measurable benefits to the enterprise. Be prepared to communicate your findings back to the business. Info-Tech’s BYOC Strategy Position Template will help guide future investments in IT for capabilities development, including how return on that investment will be measured. In dealing with your internal business customers’ demand for service, there is only one question (with two corollaries) that matter. Can you deliver this service? If yes, how? If no, why? Info-Tech Research Group

Conclusion Info-Tech Research Group The three objectives for any desktop-as-a-service program: Reduce the cost and complexity of deploying and managing end-user devices. Improve agility of application deployment and accessibility to applications from multiple endpoints and device types. Ensure that while objectives one and two are being achieved, business digital assets are protected from damage, misuse, and theft. The four pillars of capability for achieving a BYOC initiative: Infrastructure Security Operations & Support Policy All four pillars must be robust to support a full BYOC program. The final five considerations for the last mile of the BYOC program: Measure success against overall objectives of a multi-device strategy. Consider impact on objectives when deciding between passive or aggressive approach. Communication of policy requirements and explicit support expectations is critical. Maintain company-owned device options for flexibility and end-user service. Document your policy position and rationale for the business. Understand Strategize Execute High Low Adoption

Consider byoc as part of desktop as service strategy

More Related Content

What's hot (20)

Viewers also liked (20)

Similar to Consider byoc as part of desktop as service strategy (20)

More from Info-Tech Research Group (20)

Recently uploaded (20)

Consider byoc as part of desktop as service strategy