Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
WHI T E PAP E R                                     “Bring Your Own Computer” Program:                                    ...
“Bring Your Own Computer” Program:                                                                  6 Best Practices for S...
“Bring Your Own Computer” Program:                                                            6 Best Practices for Success...
“Bring Your Own Computer” Program:                                                                                        ...
“Bring Your Own Computer” Program:                                                                                        ...
“Bring Your Own Computer” Program:                                                                                        ...
Upcoming SlideShare
Loading in …5

Bring Your Own Computer (BYOC) Program


Published on

White paper that outlines the benefits and best practices of a BYOC program. A "bring your own computer program" is one where employers allow employees to bring their own computer to work, or provide a stipend to an employee who wants to choose and purchase a computer themselves.

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Bring Your Own Computer (BYOC) Program

  1. 1. WHI T E PAP E R “Bring Your Own Computer” Program: 6 Best Practices for Success Driven by the groundswell of demand for consumer technology like Apple Macs, “Bring Your Own Computer” (BYOC) programs are gainingpopularity with businesses. Theprogram provides a company’s employees with the flexibility to choose their device. Somechoose PCs. Many are choosing the Mac they already cherish for personal use. SUMMARY Business users who love the Apple Mac are the “consumerizers” of technology in their firms. As loyal citizens of the company, they may use the one-size-fits-all approved desktop configured with Microsoft Windows. But each one dreams of ditching that device for a Mac or a better laptop. Driven by the groundswell of demand for consumer technology like Apple Macs, “Bring Your Own Computer” (BYOC) programs are gaining popularity with businesses. The program provides a company’s employees with the flexibility to choose their device. Some choose PCs. Many are choosing the Mac they already cherish for personal use. There are many valid reasons for choosing a Mac. Technologically, Macs are on par with, if not superior to, many Windows machines. Mac laptops also have a good battery life up to seven hours. Most importantly, Macs serve as a sleek accessory for the image-conscious executive who needs to project “latest and greatest” while wooing big clients. For these reasons, more organizations are beginning to o er BYOC programs. BYOC programs can be a huge benefit for both the employees and IT. Employees enjoy the flexibility of choosing the machine best suited to their needs, while companies benefit from happier executives and sta , and reduced hardware investment. In addition, if executed correctly BYOC can dramatically reduce IT administration and help desk costs. It is critical that su cient planning is done prior to implementation of these programs. On considering BYOC, your company will have questions about how to approach implementation. This guide describes the six best practices of BYOC for making this program a success in your organization. 1
  2. 2. “Bring Your Own Computer” Program: 6 Best Practices for Success 1–CHOOSE APPROPRIATE DELIVERY MODEL When implementing BYOC, a key consideration is how to deliver identical services to multiple computing platforms. While there are many solutions in the market, a managed client based virtual machine is the most robust, flexible and cost e ective solution for BYOC. Since the image runs locally, it is available online or o ine, and requires little hardware or server infrastructure. The management wrapper further ensures the image can be centrally managed and updated. DELIVERY MODEL PROS CONS Port everything to the web • Works with any device with • Expensive and Convert all essential services an Internet connection. time-consuming to be web applications that to convert. can be accessed from the • Some applications cannot employee owned machine. be converted to the web. • No offline access. Provide a remote desktop • Can be accessed from • Requires expensive Host employees’ corporate many devices. back-end infrastructure. desktop in the cloud on a • Can be centrally managed. • Interactive applications do server using VDI (virtual not work well in VDI or TS. desktop infrastructure) • No offline access. or TS (Terminal Services). Provide virtualized • Performance is good with • May not work across both applications that run locally local application execution. Mac and PC. Distribute or stream • Can be centrally managed. • Virtual applications do virtualized applications to not interoperate with employee owned device. each other. • Some applications cannot be virtualized. • Weak security. Provide a managed • Is centrally managed. • None. corporate virtual machine • Local execution provides to run locally great performance and Distribute corporate virtual the ability to run online desktop directly to the or o ine. employee owned machine • OS virtualization provides using client virtualization. security and platform independence.2
  3. 3. “Bring Your Own Computer” Program: 6 Best Practices for Success 2–CLEARLY DEFINE THE POLICIES FOR THE BYOC PROGRAM Articulation of policies will help guide success of a BYOC program. By specifying details in advance, your company can present a comprehensive, well-thought program that will be easy to understand and follow. Typically, a stipend model combined with a clearly defined minimum hardware support policy works the best. Here are typical policies to consider with BYOC: How will machines be acquired? Some programs direct users to buy machines from local retailers or through a corporate discount with an online retailer. A company can also fulfill BYOC by making the purchases through its own corporate acquisition process. Is there a stipend, and how much? While some companies require participants in BYOC to use their existing computer, others provide a stipend. The user would be free to add personal funds if they wanted to upgrade to a more powerful model. Which employees are eligible? Some BYOC programs are enterprise-wide; others specify eligibility, such as a minimum management level or pay grade. What are the minimum hardware specifications for a machine? The company must establish a baseline for running business applications at an acceptable level of performance. Once this baseline is established, the company should specify minimum system requirements (e.g. RAM, CPU and disk space). Any recommended or prohibited devices? The BYOC program will generate more enthusiasm by accepting as many types of devices as possible. This policy will be a ected by the program’s support policy and how the company implements program delivery (see “Delivery Model”). Who provides support? Policy should define if corporate IT provides hardware support, or if the employee must add a support package (like AppleCare) for their device. Policy should also specify the minimum level of the support package (such as response by “next business day”), and who will pay for the external support package. All policies should be clearly communicated to employees. Legal and tax implications are closely related to program policies. 3–DISCUSS LEGAL ISSUES WITH CORPORATE COUNSEL Corporate counsel should consider factors in the BYOC program that would a ect a lawsuit or audit. A forensics analysis may require the company to gain control of particular computers in the possession of employees, contractors, or collaborators. For example: Who owns the hardware? If users own their devices, consider the use of a binding agreement that allows the company to meet potential obligations to auditors or the legal process. Consider solutions that provide tracking and containment of corporate data on the user device. Who owns data on the hardware? The agreement should specify which data are owned by the company versus user. For example, a partition such as a virtual machine would be owned by the company. Data and applications owned by users would go elsewhere on the hardware.3
  4. 4. “Bring Your Own Computer” Program: 6 Best Practices for Success Statement on personal privacy. The company should clarify what it can and cannot see or access on the physical computer, and its commitment to privacy of personal use and data on the device. Users should be responsible for backing up their own data, as the company cannot be liable for its loss. 4–CONSIDER TAX IMPLICATIONS TO BOTH THE USER AND THE COMPANY BYOC can a ect the company’s and employees’ tax responsibilities. The primary issue entails whether conveying all or even part of a physical device to an employee7 Essentials for or contractor is a taxable event. Federal and/or state law may apply. For example:Virtual Desktop Security Does the recipient owe extra tax on the event? Users will be more enthusiasticCHECK HOST SANITY about BYOC if they do not have to pay taxes on a new computer.Check BYOC physical machinefor malware that can attack the Does the company pay this tax for the recipient? If new taxes are due, users willcorporate VM. Each virtual desktop be more enthusiastic about BYOC if the company pays those automatically scanned for malwarebefore device can be used. If the recipient leaves the company and keeps the machine, does that constituteVM ENCAPSULATION extra compensation? Policy should specify a user’s tax responsibility for separationThe VM is completely isolated from from employment or contract.and independent of the underlying Companies considering BYOC should consult their tax advisor to clarify thesephysical computer. issues. Users also may be advised to consult their tax advisor.VM ENCRYPTIONThe VM supports strong encryption,such as AES 128- or 256-bit. 5–NEGOTIATE SOFTWARE LICENSES BASED ON YOUR DELIVERY MODELACTIVE DIRECTORYINTEGRATION When using virtual desktops, the company may be required to pay for two softwareVM supports AD credentials and licenses unless the employee owns the device—one for the physical desktop, andtwo-factor authentication, such as one for the virtual machine. Licensing should be incorporated into multiyearRSA SecurID and PKI. return-on-investment calculations for the BYOC program. For example:GRANULAR SECURITY POLICIESAddress the entire organization or What are the licensing considerations if the Virtual Machine runs on a server? Iftarget policies for di erent user the user is running a Windows virtual environment on a server, VDA licenses aregroups. required in addition to the Microsoft OS license.CENTRALIZED CONTROL OF What are the licensing considerations if the Virtual Machine runs on the endpoint?SECURITY POLICIES If the user is running a Windows VM on top of an existing OS, only the only theAn administrator can revoke or killVMs running on any device. Virtual Machine needs to be licensed by the corporation.TAMPER RESISTANT CODEOnly authorized individuals can 6–RE-ASSESS SECURITY AND NETWORK POLICIESaccess, modify, or copy the VM System security is the last major requirement for BYOC. Physical devices chosen byimage or metadata. end users are outside the reach of controls protecting the organization’s physical perimeter. So each device must be treated as “untrusted,” and subject to strict endpoint security measures. Regardless of the delivery model chosen, the BYOC machine should not be allowed to directly connect to the corporate network. One approach is to segment the network to create separate corporate and guest networks. The BYOC machines are allowed only on the guest network. Access to corporate resources can then be provided from within the secure virtual machine or through a VPN access point. 4
  5. 5. “Bring Your Own Computer” Program: 6 Best Practices for Success HOW MOKAFIVE IMPLEMENTS BYOC As you’ve seen, the key to a successful BYOC program is to enable flexibility on endpoint devices while protecting the corporate environment. MokaFive does this with desktop virtualization, but in a unique and di erent way from traditional server-based solutions. In essence, MokaFive moves the virtual machine o the server and onto each endpoint. Organizations get all the benefits of virtualization namely the ability to centrally manage but without the cost, complexity and the network needs of a server based virtual desktop solution.C AS E ST U DYMajor SiliconValley Law FirmCHALLENGE A BETTER APPROACH• Half of the lawyers wanted to use Macs, not PCs Simple to deploy, Simple to update• Enable separate personal and corporate environments With MokaFive, an IT administrator creates a “virtual golden image” of the enterprise• Support mobile executives’ desktop, called LivePC, and uploads to their MokaFive server. LivePC golden images desktops across multiple are delivered to MokaFive Player running on users’ devices. Updates applied to the platforms (Mac, PC, Linux) golden image are automatically distributed to all LivePCs. Users’ LivePCs areSOLUTION bit-accurate copies of the golden image, so update success rates are significantly• Deploy MokaFive directly on higher. And no matter how many, how large, or how complex—updates get applied attorneys’ desktops, Mac or with a single reboot. PC hardware• Single image across users in Always secure the U.S. and China• Users personalize desktops MokaFive eliminates worry about infection from malware on users’ systems. The with applications enterprise golden image is virtualized and completely separated from the users’BENEFITS hardware, applications, and data. More than 70 policy controls, such as encryption,• Ease of management: single personalization, and enterprise integration with features like AD and two-factor image for all mobile executives, authentication servers, enable IT to easily implement enterprise security measures yet personalized by each user and policies across all desktops. Users Keep Their Stu No longer will updates blow away users’ personal settings every time the enterprise desktop changes. Within the LivePC, user specific corporate applications, data, and settings are kept separate from the golden image and golden image updates. IT can maintain and update a single golden image yet provide customized experience for each user within their LivePC. 5
  6. 6. “Bring Your Own Computer” Program: 6 Best Practices for Success One Total Package Unlike standalone client hypervisors, MokaFive incorporates a Type 2 client hypervisor (VMware Player, VMware Fusion, or Oracle VirtualBox) and wraps it with management capabilities. The Player runs on many platforms including Macs and PCs. The LivePC runs on top of MokaFive Player and is isolated well from the users’ machine. MokaFive will also o er a baremetal solution, which will allow “We’ve used MokaFive companies to use MokaFive management directly on corporate machines for more than two without having to manage and license a host OS. years. It lets us MokaFive is right for BYOC embrace consumer MokaFive provides the best of all worlds for a BYOC program. For the enterprise, technology and it enables total security and central control of all endpoints. The solution allows IT administrators to centrally create, deliver, secure and update a fully-contained personalization, while virtual desktop to every employee-owned computer. Robust endpoint security at the same time provided by MokaFive ensures that electronic corporate assets stay separate ensures a managed from personal applications and data. For the user, BYOC with MokaFive enables freedom to use and personalize whatever device they choose. These capabilities secure environment. provide the bedrock of a successful BYOC program. Bottom line: user satisfaction is higher LEARN MORE and my sta is By following these six best practices, companies will be prepared to avoid more e ective.” the potential speed bumps and road blocks of BYOC—and reap the benefits of more productivity, happier employees, and lower cost of IT operations. For more Philip Hoare information on creating a BYOC program or deploying virtual desktops, please CIO, Wilson Sonsini Goodrich & Rosati email MokaFive at or visit our website at Broadway Street, 2nd FloorRedwood City, CA 94063http://www.mokafive.comMokaFive™, LivePC™, and the MokaFivelogo are trademarks of MokaFive, Inc. Allother product or company names maybe trademarks of their respective owners.Revision: BYOCEWP1 6