I have seen a trend in the field where the concept of employees using their own PC's at work, based upon a set of corporate standards has become under consideration. The concept is BYOC (Bring Your Own PC) . The recession and resulting tight economics have likely brought this concept to the forefront. As I have mentioned in all of my previous postings, there are no right or wrong answers in client lifecycle management, only conscious and unconscious decisions,and that is true in this case. However, in this case I admit I have a stronger opinion regarding this point than other topics we have discussed, so I will do my best to be even handed in this dialog, by presenting as many sides to the positions as I can.

I need to point out as always that the opinions expressed on this blog are mine and mine alone, they do not represent the opinions of my employer.

Many highly respected and well known businesses are comtemplating , implementing or otherwise considering BYOC. Among the arguments positioned is that end users would receive a stipend and could literally buy any thing from a defined configurations or standards list vetted by the business. A stipend or other method of benefit would acrue to the employee. The employee is then responsible for all non- business licensing and usage. The flexibility and benefits allow the end users to have much latitude in make, model, aging, and brand among other decisions.The idea is to empower the end users, which would result in increased usage and a lower cost.

On the surface, the idea seems sound and well thought out. Supporters of BYOC frequently point out that higher education has had this approach for quite a while with very few problems and issues raised.

As a future stated direction, I think that BYOC will be one of the approaches to be taken in many industries. However, my opinion (and I emphasize my opinion) is that given where client technology is today and the challenges and issues which exist to separate business persona from personal persona, my perception is that there is so much risk associated with the approach as defined today, that the rationale may be flawed. I continue to believe that businesses who are considering  the approach have a particular perspective - that BYOC at the end of the day will cost less than the existing IT infrastructure. The fact that BYOC has risen into prominant discussion in the midst of the recession perhaps is a clue.

Business may believe that passing the acquisition to the end user may permit an exit from the managing of the diverse supplier base. Moreover, we all know that there is more and more convergence of consumer and business PC's, so perhaps BYOC will create even more synergy.

The BYOC also reduces noise. End users who are not satisfied with IT or the business decisions in client computing will undoubtedy be pleased with BYOC, and usually those who are not satisfied are far more vocal than those who are satisfied.

Being a lifecycle practitioner, my focus is not on the PC itself, but the environment that the device resides in, and because of this, it seems to me that the focus of BYOC may be on the device itself and not to reduce cost or complexity (let alone transform a corporation into an institution of high education). Cynical comments aside, let's look at the associated business practices.

It would seem that if a business is virtualized in its application suite and the desktop or laptop is appropriately secured so that unintended printing and USB memory can be managed, then BYOC could work and likely work well. Leveraging a net book could accomplish the security aspect equally well.

Short of the above, how can the corporation avoid being fully responsible for the device. Let's look at security, software, and disposal as examples. I could provide deeper examples, but being a blog we are limited to highlights, but if the demand is there from your comments, I may continue research to develop a more formal white paper on this subject.

Security, BYOC would suggest that a business be very high at the practice level on hardware asset management. Regardless of who owns the device, the discussion is about the access to corporate information and the PC is the key to the access. Knowing who has that responsibility ultimately will clarify the issue- IT does. If the end user leaves the PC on at home, as an example, friends and family may well have a level of access if the device remains on or if printed material is on a table or desk. Security also implies that access is contolled and manageable. In certain highly regulated industries such as health care, financial services, or pharmaceutical it would seem on the surface that security would be a primary concern in BYOC.

Software on BYOC co-mingles business applications with personal applications. From the business side the argument is " We only pay for the business application". This implies that the tools exists for a business to check each PC to determine that all are in compliance. What if personal applications are on the device, and employees acquire non-sanctioned software that creates driver issues with existing applications, or introduces viruses or other malware. More importantly, if personal applications are used in the business arena, approved verbally by management or acquired through a P card or other permission with Active Directory, as an example, then the business just signed up for more risk and responsibility not less.

From a disposition viewpoint, once BYOC happens , we do care about how employees dispose of their devices and cleanse their machines. There may be a belief that liability has been passed on to the employee from the business, but that does not seem likely. What information may be on this quasi-business ans quasi -personal device should revert back to the business. The business is the enabler.

Lastly, without really going into the weeds with detail, is the following closing point, if the BYOC PC has any consumer information (even emails that could relate to customers), intellectual property, or even social networking software that can discuss a wide range of topics as we all know, I would care as a customer of a business who adopts BYOC to disclose the strategy (as many have publicly) since I could then make a decision if I am comfortable with that governance model to protect my identity, consumer information, and commentary. Having the end user stewardship be the front line of defense for consumer information protection may not be the best governance case.

You would think by reading this blog that I am not supportive , truth is I am supportive,  in the right circumstances with the right governance and controls. Innovation in this area  will likely change my opinion in the short term given the rapid pace of innovation cycles, but now it would seem that virtualizing and net books hold the best promise in this area with the right level of managebility.