Is the “Managed Desktop” the ultimate solution? - Roger's Security Blog - Site Home

When I talk about the big trends, one of them is about the call of the younger generation for more flexibility. Flexibility in this context is about where you work, when you work and how you organize yourself. If you take this as a given, you have to wonder whether today’s IT is able to cope with that. In a lot of companies, they roll out a “one size fits all”-image to the desktop and therefore making sure everybody has the same image. This has definitely a good side as the management of it is kind of less expensive as you know how the image looks like (or should look like).

The longer the more I question that for a limited set of users. Just to be very clear: I do not say that you should change this policy completely but it might be worth considering change it for a defined set of users. Let me give you a few examples:

There was one company (a worldwide company) who decided to let you take a test (if you want) and if you prove to be able to handle your computer yourself, you get money to buy what you think you need.
I used to work for a consulting company which was running Windows XP back then. You had basically two options: You could get a standard image loaded and completely managed by IT. Or you could get a standard image loaded, get the local admin and take care of it yourself. If you had problems, they tried to help you a little bit but pretty soon decided to flatten your computer and install the standard image – that was your risk you had to deal with but it worked fairly well (except for a lot of people being local admin on their box).
Last but definitely not least – look at Microsoft. You can get the Microsoft IT image if you want (even over the network you can do it yourself) or install and join the machine to the domain yourself. This makes sense as a lot of people have a different appetite for betas and beta testing. Additionally a Country Manager might have a different need than me. The key thing in here is about policy compliance and ensuring policy compliance – this is where Network Access Protection comes into play (something I want to blog about later).

So, giving the next generation the right tools to be productive rather than limit their productivity will be a real key challenge I guess.

For quite some time I felt like being the lonely guy in the desert. I actually had a CSO once leaving the room when I said this (about 3-4 years ago). I now just stumbled across an article: Unchain the Office Computers!Why corporate IT should let us browse any way we want.

Well, I do not like the Firefox example ;-) but basically this will be the future – I am convinced. Rather than walking around and telling everybody that this is not possible due to security reasons we have to think about how to make it possible. What would this mean? E.g. persistent protection of information (Rights Management), enforcing policy compliance on the network, the perimeter will probably be between client and server (or between trusted and un-trusted systems or between complaint and non-compliant systems)…

At least there will be a lot of interesting stuff to do…

Roger