I have worked in many organisations over the years, and have experienced how they have provided IT services and dealt with the subject of security – basically as many different ways to do it as there are grains of sand on a beach. One thing though is that most are on the same beach – they have as a rule run their IT services to the benefit of themselves, which includes minimising their costs and not maximising their customers (the users) business benefits. They generally do not recognise the need of many knowledge workers to do a better job using IT to improve greatly the company’s situation. They have to provide the quickest and cheapest solution to get the user off their back and meet usually a very stupid SLA that focuses on time and cost. They are setup to deal with everyone (except the very highest people in the company) as low end grunts who are not to be trusted, particular with regard to to the companies information (even though it leaves every night to go home to live their life – i.e. in the users brain) and also with regard to working every second of the day (hey there are other ways to bunk off than play Minesweeper or look at Facebook you know, and you are not tracking those).
Indeed, I have been that Head of IT Services who had done just those things but now I see the error of my ways. An employee (particularly the knowledge worker) needs to be trusted, but they also need to be managed in everything they do in that trust circle. Do not use IT to block your workers, give them what the need and closely and suitably manage them to make them as effective as you need them to be. You will find out if they are not working that way rather than rely on petty monitoring, and then you can remove the need for their services. You do not limit most things they can do with IT equipment, because that results in them creating poor security situations most of the time to get around those limits to do a better job. Give them the rope to lift the weights with the knowledge that some will hang themselves with the rope 
This leaves however the problem of how to deal with providing IT equipment and then IT services in an effective way to create this new working environment. I work in a small organisation, that relies on dynamic use of IT equipment and services. I have excellent opportunities to get things done with the best IT from whatever source, whilst staying secure. I have not had the clamp applied so that I cannot connect to public WiFi, or even WiFi at all. I am a better worker because of it, and I am secure because of what I know. But what about how you do this in a more structured way for those who are not as skilled?
This is where Microsoft and BP are leading the way in an interesting approach as detailed in this CNET blog post, which I heard about from the podcast Buzz Out Loud. The novel idea is give the user the best of both worlds – give them money to buy a laptop that they are responsible for and have personal use of, which has basic specifications for OS, performance and desktop security. They then use this as their terminal to the world of work and play – that terminal giving them access to Desktop Virtualisation services for the main secured Corporate services, combined with Citrix solutions for other applications and the basic workgroup services (email, calendar, file services etc) provided through the basic services on the machine, supplemented with additional applications provided to them by basic IT.
A novel idea that I believe is necessary as we move forward into a world where we even now all have personal phones (with dual SIM holders and second lines) that we also use for work, and I see computers going exactly the same way. In fact, an interesting quote in the article is about providing computers as a retention tool…
“For the company, such personally owned laptops can save on support costs and serve as a retention tools for Generation Y-ers, said Lee Nicholls, global solutions director for IT consultant Getronics.”
However this is not a one solution fits all. There is still a need for the limited purpose and tightly controlled workstations for many tasks, but then those are the ones that benefit from that very controlled application usage such as with front desk employees and call centre representatives for example.
It might just work…
