I'm sitting on this plane doing my usual thing: Working. Part of my job is to read...a lot.
I follow a variety of people. One of them is Mike Rigsby. Recently he wrote an article where he lays out the opinion that BYOD (Bring Your Own Device) just wouldn't work in today's enterprises.
Obviously this peaked my interest. :)
Mike lists out the concerns that he believes he would have. And I have to tell everyone, they are valid issues. But at the same time, I don't believe they're as bad as he anticipates. I have the benefit of seeing first hand what this would be like...because I've deployed technologies that enable BYOD in enterprise environments. Let's hit the list…
I believe the consumerzation of IT is forcing this issue. You can actually make the argument that the same force is applying to BYOD as well. But the question Mike is raising is "Do you really want them in the enterprise?". Well, the reason you want standardization is for support most of all, and also easy procurement. With a BYOD technology like VDI (Virtual Desktop Infrastructure), you rely less on the client hardware and more on the operating environment and infrastructure. This has the potential to reduce hardware support costs because you don't support as much hardware. Enterprises are realizing this and taking advantage.
Security is a tough one. I think it really depends on the business requirements that drive the functional requirements to make this determination if BYOD is a good fit for you. Typically there is risk assessment performed to evaluate if BYOD is acceptable, but a risk assessment is going to take into consideration technology that can prevent and mitigate a lot of these concerns. From VLAN's, 802.1x, NAP/NAC and ACL's, many companies have discovered limited and acceptable risk when contained appropriately.
VDI can also help reduce the attack surface for the company in question. Mike describes a situation where users have their laptops stolen. In the case of VDI, since nothing is on the end users laptop, the impact of stolen property is limited to the end user.
Mike frames this topic in the context of user productivity, which is absolutely a concern. What if the user loses or damages their equipment? Even if it's their own, the business still has to deal with lost productivity. I've discovered that most companies who employ BYOD don't deploy it company-wide. There are certain scenarios that require company owned hardware (like a dependency to interface with another hardware device or a security policy in place). But depending on your business, the vast majority of users are probably information workers. In this case, VDI can be ideal for a BYOD solution. Several companies I know simply have hardware on reserve for this type of scenario.
In conclusion, are there reasons not to deploy BYOD/VDI? Absolutely. It's a large capital expense. You need to purchase the backend infrastructure and software licenses, which are not cheap.
But is it worthwhile? I believe more companies are asking themselves that question and the answer may surprise Mike.