The BYOD trend began with mobile devices like smartphones and tablets, and in most organizations these are the only types of devices included in a BYOD program. A range of recent announcement and trends, however, have begun to shine a spotlight on the on the idea of extending BYOD to include BYO-PC and BYO-Mac options.
- Elements of VMWare's strategy like its Horizon program highlighted last week at VMWorld
- MokaFive's Enterprise Anyware, which the company pitched as a replacement for VMWare ACE, which will reach end of life status at the end of this year (not to be confused with MobileIron's newly announced Anyware mobile management suite)
- Microsoft's Windows To Go feature in the enterprise edition of Windows 8
- Centrify's new cloud-based Mac and mobile management solution that the company describes as "ideal" for BYO-Mac initiatives
- Apple's move to lightweight iOS-style configuration profiles for enterprise Mac management
All of these technologies point to solutions for expanding the concept of BYOD to apply to notebook PCs, Macbooks, or even less traditional options like Chromebooks. The big question, however, is whether it's really feasible or desirable for an organization to extend its BYOD program to include employee-selected and owned computers.
Why mobile was an easy fit for BYOD in many organizations
There are several key factors that have made mobile platforms an ideal fit with the BYOD model.
- Minimal cost to purchase a smartphone or tablet compared to a mid-range or high-end notebook.
- Mobile devices are add-ons to existing enterprise staples rather than a wholesale replacement of a existing technology like a PC or Mac.
- Mobile devices aren't used for as many tasks as PCs and Macs.
- Mobile management and security solutions are relatively lightweight systems compared to an Active Directory infrastructure in a medium or large enterprise environment.
- Even considering the growing range of mobile malware potentially impacting Android devices, the overall range of malware and device-oriented attacks remains much lower than on some (especially older) Windows PCs.
- It is easy for IT (and end-users in many cases) to remotely locate, lock, and wipe a mobile device. This adds a layer of security that is just beginning to appear in the desktop PC world.
- Mobile app stores may not use the most enterprise-friendly licensing models, but they are generally easy to understand (unlike licensing from Microsoft and other enterprise vendors) and consistent. That makes mobile app selection and procurement somewhat easier in many situations, particularly when software will be installed on a user's personal device.
- Employees can easily bring in their own devices with or without IT approval. This leverage has forced many IT departments to accept BYOD devices against their preference.
Mobile platforms aren't Windows
The biggest advantage for mobile devices and BYOD is clearly that there generally no legacy processes or systems in place. Yes, you can make the argument that the BlackBerry and BES were existing technologies, but the initial workers jumping on the BYOD bandwagon had often never been assigned a BlackBerry. When the time came for IT to seriously look at how to effective manage or integrate BYOD devices, which to date have mostly been Apple iOS devices, it was easy to start fresh with new acceptable use agreements and related policies, new IT processes, and a new selection of mobile management tools.
But PCs have been an entrenched part of enterprise computing and IT processes for decades. There is a lot of legacy technology and thinking associated with to secure them, apply access restrictions, deploy applications, apply Windows and application patches, configure an appropriate user environment, and provide technical support. The ubiquitous way to handle many of these issues is through Active Directory and group policies or enterprise licensed software. This was the major reason that Windows 8 appealed to enterprise IT: It offered both desktop/notebook and tablet options (sometimes on a single device) and it integrated with the existing administrator tools and methodologies (the lack of this type of support was one of the biggest failures in the initial release of Windows RT).
The problem, however, is that this is a very heavy set of solutions. Depending on the hardware users bring in from home, it may not even be possible to apply the traditional mechanisms, since consumer versions of Windows don't include the ability to join Active Directory domains. That could mean that IT would be required to install a site or volume licensed version of Windows, which opens up licensing concerns. There's also the question of whether or not a user would want to allow IT that much access to a personal system, which would have large amounts of personal data and include content not appropriate in the workplace.
VMWare, Citrix, MokaFive, and Microsoft all offer an approach to work around these concerns -- give the user a fully provisioned and managed Windows installation or virtual desktop. That could mean simply relying on a VDI solution, where the user accesses a virtual instance of Windows running on a server in a datacenter or cloud provider -- the Desktop as a Service model -- or it could mean a managed virtual machine running locally on the user's computer. Windows To Go extends the virtual machine concept by placing a complete Windows 8 installation on a USB drive that can readily access the hardware of any supported PC. While all of these solutions are options, some of them could require a major increase in enterprise infrastructure to work effectively.
BYO-PC vs. BYO-Mac
The same options VDI and VM options for running a managed instance of Windows applies to Macs as much as PCs. Another option is to use Apple's Boot Camp feature and install an enterprise-managed version of Windows in to which Mac users could use in a dual-boot fashion. The problem, however, is that if employees want to use their personal Mac notebook in the office, they probably want to use OS X and Mac applications rather than Windows.
Apple has actually done a lot of legwork in trying to make the BYO-Mac concept easier for enterprise IT to accept. Over the past few years, Apple has effectively separated the two major functions of directory services like Active Directory - user authentication/access restrictions and client management. The company has achieved this my switching Mac management from a heavy directory-based system to lightweight XML configuration profiles that are functionally the same as those on which all iOS device management is based. The end result is that administrators can use some of the same mobile management solutions like those from MobileIron and AirWatch to manage Macs with no additional back-end systems and not much of a learning curve.
In some organizations Macs may actually benefit from the same lack of legacy technology and thinking that mobile devices do since they have generally not been rolled out in large numbers or even supported at all.
Can BYO-PC work?
Ultimately, there is potential for expanding the BYOD model to encompass a broader range of devices, including an employee's primary computer. Such a model certainly has advantages, particularly for individuals that work mostly or completely outside the office. Brining the traditional managed PC model together with the the typical BYOD approach, however, is something that each organization will need to evaluate based on its existing policies and technology approaches and test in a small pilot project before considering anything like a wide scale deployment.
Somewhat ironically, Apple offers an interesting and platform neutral white paper (PDF link) that may be useful for CIOs and other IT leaders considering a such a move.