With an increasingly mobile workforce, employees have come to expect flexibility. They want flexibility with where they work and what devices they want to use, not to mention having remote and hybrid working locations options. In fact, according to this Forbes article, having flexibility in when and where you work is the #1 requested employee benefit. And with increasingly distributed workforces, device flexibility is much needed. Many companies are looking to reduce or eliminate the cost and complexity of buying, managing and shipping company-owned PCs and Macs to all/some of their employees and contractors around the globe.
Because of this, expectations on preferred device use have come to the forefront for remote work. To secure remote work and align it with our daily lives requires tools that allow workers to be trusted on any device from any location.
Look back over the past decade and we see how smart phones emerged into the enterprise. Consumer devices like iPhone and iPad became huge hits at home and it was just a matter of time before they displaced company owned devices like BlackBerry and seeped into the workplace. The increasingly more tech-savvy employees had spoken and the ball was in IT’s court to support this new era of smart devices. Gartner adds ”Consumerization can be embraced and it must be dealt with, but it cannot be stopped” when defining this behavior.
We can see several indications of how this should play out now for laptops.
In this blog post, we’ll look at three core areas:
- The evolution of Mobile Device Management Solutions,
- How BYO (Bring Your Own) is being extended to laptops and
- How organizations can roll out Secure BYO-PC in much the same way that we have already done for smartphones keeping corporate data isolated and protected from personal use on the same device
To read more details about each of these areas, and to understand how Venn can help your organization support Secure BYO-PC, you can read the ebook “MDM, now for Laptops: the Future is Secure BYO-PC”, which this blog post is based on, here.
Now let’s dive into these three key areas to learn more about how to enable MDM for Laptops.
1. Evolution of Mobile Device Management (MDM)
MDM solutions in their initial stages were designed to handle the management of mobile/handheld devices. Employees were bringing to work their shiny new iPhone or Android devices and pushing IT to grant access to company resources. They wanted company email, work apps, WiFi and ability to use their preferred device.
The evolution of MDM to support BYO mobile tech has been an incredible journey. What Apple and Android have been able to accomplish with their mobile OS offerings has enabled many of us to consolidate both our personal and work lives onto a single mobile device. This is where containerization comes into play. Implemented slightly differently between Android and iOS, but still with the idea of using native capabilities to keep these personas protected and separate on your personal device. This helps to ensure a familiar experience and less reliance on third-party extensions and tools.
[Note: In our ebook, we dive more into the differences of device management solutions, such as Mobile Device Management (MDM), Remote Monitoring & Management (RMM) and Unified Endpoint Management (UEM). We also dive into how they differ, how they work and costs.]
2. How BYO (Bring Your Own) is being extended to laptops
An important reason to allow employees to use their own laptop at work is the productivity savings. One of the most dreaded items that new hires or consultants have when they start a new job is the time it takes to get a corporate-issued device shipped to them in order to begin working.
According to this by Zippia, over a ⅓ of employees reveal it takes one month or more to finish the onboarding process which can encompass receiving a new phone or laptop and training on how to use it. This study also reveals that almost 70% of employees are likely to stay up to 3 years with a company if they are happy with how their initial onboarding experience went. Companies that allow employees to start on day one using their own device ensure less time onboarding and effectively gain productivity through device familiarity.
So, if a company knows they need to support Secure BYO-PC and employees are eager to use their own device, what is the hold up? With the need for zero-trust security models, companies don’t trust an unmanaged device on the network and employees don’t typically trust IT to load up their personal device with monitoring agents. As we saw with BYO mobile devices, both monitoring and security agents deployed on personal devices are often unacceptable to employees. While they need to be secured while accessing company data they also want to connect to their personal data without fear of being monitored or controlled.
Many employees are reluctant to enroll their home laptop into the company’s MDM platform due to privacy concerns. This is one of the primary stumbling blocks for organizations looking to activate BYO-PC or creating a policy for it because it is challenging to get buy-in from users. 74% And rightly so, seeing how 74% of companies have access to an employee’s personal email under current BYOD systems. This privacy infringement can cause distrust with employees and is why many companies have passed on implementing policies for BYOD laptops
3. How organizations can roll out Secure BYO-PC
What if this same type of secure containerization technology that was introduced to mobile devices was also an option on laptops and personal workstations? What if rather than IT having access to your entire personal device, they were limited to a secure container within the laptop where files, apps and communication for business use was restrained?
While MDM platforms have come a long way to allow the containerization of business data on mobile devices, there is still a void in the laptop and workstation market. Users want a single multi-purpose device where they are not weighed down by extra hardware or software enforced on them by IT. This is where Secure BYO-PC steps in to check all of the boxes with both end users on their personal laptop and InfoSec teams needing to ensure a secure and trusted platform. Users can remain productive on their own device while IT can easily keep corporate data securely contained. A win-win.
No need to install noisy and invasive agents on an employee’s personal laptop, but allow work data to remain completely separate from personal. And if and when an employee decides to leave a company, the business container can be completely removed, leaving no trace left on the workstation and needing to wipe the entire device
How can Venn help an organization embrace Secure BYO-PC?
Venn has invented a new approach to securing remote work on any unmanaged computer without VDI. With Venn, work lives in a company-controlled secure enclave installed on the user’s computer, where all data is encrypted and access is managed. Similar to an MDM solution, but for laptops; work applications run locally within the enclave – visually indicated by the Blue Border™ – where business activity is isolated and protected from any personal use on the same computer. Company data is now protected without having to control the entire device. As a result, remote work is easily secured on any BYOD or unmanaged PC or Mac making BYO-PC a reality.
Secure BYO-PC technology is not just about reducing hardware costs. As with mobile phones and MDM, narrowing company control to only within the secure enclave fundamentally reduces the scope and cost of securely onboarding and off-boarding remote workers. Companies and employees equally benefit. Security and compliance-driven companies gain protection for what counts and employees enjoy more freedom, flexibility and privacy.
