IT administrators have long preached, "manage the data, not the mobile device." Now that concept is coming to PCs, too.
Despite the rise of mobility, organizations still must support PCs. Increasingly, these machines are personal laptops or notebooks that employees bring to work or use to access corporate systems from home. In response, some enterprise mobility management (EMM) vendors are adding bring your own PC (BYOPC) controls and PC management and security capabilities to their products.
"Whatever people choose to buy and use for their personal device, they'll want to use at work, as well," said Richard Absalom, senior analyst at Ovum, a global research firm based in the U.K.
More than 55% of full-time employees said they access corporate data from a personal laptop, according to Ovum's Global BYOD Survey. For users that want to do work after hours, for instance, it's convenient to access corporate email, stored documents or even some business applications on a home PC.
IT's interest in the BYOPC trend is growing, as well. Twenty percent of small businesses said they have already implemented or are expanding an implementation of bring your own PC or Mac, according to Forrester Research's Forrsights Hardware Survey, from the third quarter of 2013.
IT wants mobile-PC merger, but do users?
When mobile devices first became prevalent in the enterprise, Apple's iPhone was the immediate focal point. Soon, with the growing consumerization culture, employees brought smartphones with other OSes -- plus tablets and personal PCs and Macs -- into corporate environments. At first, vendors provided point products to manage specific device types. Now, IT wants a way to manage all endpoints through one system.
It doesn't even matter what the endpoint is, said Michael Thompson, an IT contractor for a large financial institution and technology consultant. His organization has developers and contractors that use Citrix Receiver to access XenApp virtual desktops and apps from various endpoints. IT manages those by having different certificate and authentication policies for different devices, whether they're corporate-issued Macs, personal iPhones or anything else.
The company uses MobileIron Inc. for mobile device management (MDM) and has considered holistic EMM products such as Citrix XenMobile, but Thompson said a centralized console for mobile and PC management would be key.
"Having one pane of glass to hit everything is a big, big deal for support," he said. "The more things we can get shoved into one panel, and then have entitlements based on that panel … that's definitely something important."
While IT might want to manage workers' personal computers, it's unlikely BYOPC is a win for the employee, said Matt Kosht, IT director for a utility company in Alaska.
"Since [workers] would likely also have personal apps and data on [the PC], they don't want organizational IT having the opportunity to surreptitiously monitor their activity," Kosht said. "IT naturally embraces and wants EMM since it re-establishes the control they lost over the endpoint, [but] I think full-blown EMM on a BYOPC is simply a non-starter since users will reject it."
Rather than get involved with a BYOPC or corporate-owned, personally enabled program, many employees simply use personal laptops without IT's knowledge, Absalom said. In fact, 34.7% of users that bring their own PC do so against corporate policy, according to Ovum's survey.
EMM products add PC containerization
EMM vendors have turned to PC management because they must round out their offerings in the face of increased competition, Absalom said. VMware made it clear that one of its reasons for acquiring AirWatch was to develop a single console for managing desktops and mobile devices. AirWatch allows for PC management through the same MDM techniques it uses for iOS devices.
More on BYOPC
How to troubleshoot BYOPC issues
BYOPC vexes IT pros
Implementing network security for personally-owned PCs
Then there's the container approach, where a secure container separates the personal from the work environment -- something that many EMM vendors already offer for mobile devices. Moka5 supports PC containerization in its new LivePC product for client management. The container runs locally on the user's device regardless of network connectivity. It includes IT controls, such as the ability to revoke the work container when an employee leaves the company.
"While mobile device managers have been using some form of container for security for a while now, they have yet to bring it up to the PC," said David Applebaum, a senior vice president at Moka5. "The PC is really the heart of the enterprise. Tablets are great for consuming information, phones are good for interactivity, but those are not work devices."
Dell EMM also offers a secure container for PCs. Using features from Dell's acquisitions of Credant and SonicWALL, IT can configure PIN access to the encrypted mobile container; plus, users don't need VPN connection to access the business container.