IT must come to terms with the fact that the accepted model of how employees work and how IT manages the devices, applications, and data used by the employees has all changed. There are a few factors that have caused this change. Software as a Service (SaaS) applications have become widely popular and are now used by both consumers and businesses, on a daily basis, for critical functions such as accounting, email, and CRM. Enduser devices have become less expensive and much more powerful. For example, most company employees now have a smartphone and a tablet computer, use them on a daily basis for personal reasons, and have a natural expectation that they should be able to do their job on them as well. Finally, the proliferation of high-speed Internet data and public Wi-Fi has created an "always connected" society. Today, people are more mobile and they have the expectation of being able to access company applications and data at any time, from anywhere, and from any device.
This series of changes has made the way that IT has controlled application and data access in the past almost silly today. IT has tried to use remote access solutions with layers of policies and controls in an attempt to securely provide workplace mobility but, for the most part, it has failed. In many cases, today's "power users" and mobile employees are the leadership at your company and they tend to agree with the mobile workforce when it comes to providing the workplace mobility that employees demand.
IT is forced into fighting a losing battle between the control and security that they are tasked with creating over company data and the freedom that employees demand. How can IT meet the demands but also protect your company's data when your data is traversing networks and devices that you don't own?
Certainly you could crack down on employees and enforce a policy of only allowing company-owned devices on company-owned networks to access company data. However, smart employees will find a way to bypass your policies and, in doing so, create security holes. Additionally, by taking a hard line on IT control, you run the risk of stifling employee productivity and make a name for yourself as being an uncompromising and demanding organization.
Control and flexibility don't have to be mutually exclusive. What is better is a new tool that allows balance between them.
Companies today have complex IT policies that cover what devices you can use, where you can use them, what applications you can use, and (most importantly) what you can and cannot do with sensitive company data. Those policies are written down and employees are required to sign them. Unfortunately, in most cases, employees don't understand how the policies map to the technologies they use, and there are few automated systems in place that prevent or protect them from accidentally mishandling company data. In fact, most data breaches are the result of a simple slip of a user's username and password that ends up in the hands of a malicious attacker. It could be that an employee accessed the company network using an insecure device or had so many passwords that they used the same password for all Web sites.
Thankfully, new solutions have been made available that provide both IT and employees what both parties need for successful connectivity. These new unified workspace solutions are policy-driven and allow IT to give the employee one place to go that is secure but also available from anywhere and on every device.
Figure 1: Illustration of how policy-driven data and applications work.
This setup works by combining the following systems:
This type of solution can provide the "control without constraints" that will help you strike a balance between IT and the demands of end users.
A policy-driven data and application management solution like the one previously described can make the life of an IT pro easier by:
Let's look at a few of the most common use cases.
With applications and data no longer residing on end-user devices, applications and data will be more secure than ever before. Additionally, when you layer IT policies on top of the application availability, you'll gain granular control over who can access what, when, and from where.
With a single interface for all employees to go to for all their corporate applications, enduser support calls will be reduced. No longer will there be questions about how to gain access to particular applications on their computers, what their credentials are for applications, or the best way to "work from home."
There are times when end users need access to their entire virtual desktop and there are times when they just need to open a single spreadsheet, make a change, and email it that document. Desktop virtualization should be available for a complete desktop experience and streaming applications should also be available for short-term application needs—for example, from a tablet computer at the client site or at the airport.
A solution that supports IT-defined policies, application streaming, an application catalog, and credential management is going to be the "best of all worlds" when you want to implement bring your own desktop (BYOD). It won't matter what device the end user is using. They'll be able to access the applications they need while IT maintains control of corporate data by keeping applications and data in the secure data center (and the end users' personal data secure on their own personal device).
Unless IT can offer the applications that employees need and allow them the workplace mobility they demand, IT will be seen as a barrier to productivity and efficiency. Stop fighting the losing battle with today's tech-savvy and mobile workforce. By employing a policy-driven application with streaming data delivery, your company will finally be able to achieve the control you need while giving employees the freedom they demand.