Enabling Consumerisation of IT

The flood gates of consumerisation have opened, and the advice on all fronts? Don’t try to stand in its way. Great advice, but what does that mean to the CIOs that need to maintain information security and compliance? Careful plans and policies need to be put in place or you’ll end up with a much larger issue on your hands than just drowning in user demands.
It isn’t simply a question of whether users can bring their own devices into the workplace – it is what governance you will put in place to enable productivity while also protecting business information. When looking at the IT challenges introduced by consumerisation, it may help to use the application as a focal point. After all, it is the ability to run applications on these new consumer devices that drive the additional productivity promised by consumerisation. Independent of what device the user has, you want to:
1) Provide secure access to applications.
2) Deliver those applications in a way that respects device form factor and purpose.
3) Secure the devices running the applications and the data being shared via those applications.
4) Make sure that both devices and users are compliant with corporate policies.
The crux of problem is ensuring that these capabilities can be implemented across a diverse set of employee-owned devices, alongside your corporate-owned systems. There are already tools available – some of which you probably already own – that can help make this transition to supporting employee owned devices a reality. These solutions fall into three categories: End-to-end security, Virtualisation and Unified Management.
End-to-end security
When a device is connected to the corporate network, you need layered security. The device itself needs to be resistant to malware and have the ability to lock down data if it is lost. The connection to the network needs to be secure, through SSL or IPv6, for example. Finally, the data and resources that the devices are accessing need to be secure and uncompromised. Many of these end-to-end security capabilities are available today: DirectAccess provides secure remote access to your corporate network for PCs running Windows 7. BitLocker can help ensure data is protected against loss or theft, and the upcoming release of System Center 2012 Configuration Manager allows you to manage mobile devices – with capabilities like remote wipe – through Exchange Active Sync (EAS). For data protection, Active Directory Rights Management Services (AD RMS) ensures that only authorised users are able to view and share corporate confidential information in SharePoint or Exchange, for example.
Virtualisation
Application and desktop virtualisation provide additional options for managing consumerisation. Application virtualisation transforms applications into centrally managed services, making application deployment quicker and eliminating potential conflicts with device operating systems or other applications – important in an environment where you no longer have control over the device platform. Today, Microsoft App-V provides this application service provisioning on Windows devices, and integrates with System Center and Citrix to extend this capability to other devices. Along with applications, you can also deliver a complete virtualised desktop experience on mobile devices – enabled through Microsoft VDI (Hyper-V) or Microsoft Remote Desktop Services, which can also be extended to other devices through Citrix integration. Not only does this provide mobile users with the functionality that they need, it simplifies compliance issues by centralising management of desktops and applications in your data centre. The benefit of this model is when the user logs off their device, the corporate data lives in the data centre – not on the device.
Unified Management
Finally, to truly enable consumerisation of IT, you need a way to incorporate the permissions and policies that you create for these new devices with your existing management infrastructure. This unified management needs to be able to incorporate and leverage all of the technologies that will be targeted at enabling these consumer devices – including those security and virtualisation solutions mentioned above – in a single view. And because users have multiple devices, the management solution needs to be able to recognise and associate those devices with the user so that policies are applied consistently, no matter what device they happen to be using. The upcoming release of System Center 2012 Configuration Manager provides a unified infrastructure for mobile, physical and virtual environments. It manages applications based on a user-centric view, determining what devices the user has and then delivering applications in the optimal format for each device.
I hope that this has given you a few ideas on not just if you should enable consumerisation of IT, but how you can do it using some tools that you are already leveraging in your enterprises. I highly recommend that you attend our 1 Nov. Executive Webcast on Consumerisation of IT. It will feature Microsoft’s CIO Tony Scott, as well as Brad Anderson, Corporate VP of our Management and Security Divison. These executives will give you even more details on how you can put your consumerisation plans into action.
Andrew Conway
Director
System Center Product Management