Affordable consumer technology causes problems for businesses

Other developments could come in the shape of more intelligent networks that take some of the administrative burden off the IT department to manage an increasing range of devices, whoever ultimately owns them.

"The ability to provide instant awareness of the introduction of an unauthorised device to a network would make it easier to accept the use of personal technology devices," says Mason. "If a desktop computer immediately shut down and notified network security of such an incident, the confidence with which companies could allow the use of such devices would undoubtedly increase."

An act of cyberterrorism on crtical national infrastructure that resulted in deaths could of course set back smart approaches to IT security and provoke blanket bans on consumer technology, but, that risk aside, the future approach to employee-owned IT is probably a continuation of the series of compromises that have characterised progress so far.

However, as ex-White House CIO Carlos Solari points out, guessing how the IT industry will evolve is a dangerous game: "Predicting the future is a risky business - predicting how security will play out may be riskier still," he says.

Citrix's 'bring your own computer' (BYOC) scheme

Virtualisation specialist Citrix began a pilot scheme in September 2007, following numerous requests from employees, who realised the company's software would allow them to use their personal machines relatively securely on the company network. "We had employees asking about bringing their own computers to work, wanting to use the laptop that they were most comfortable with," says Citrix CIO Paul Martine.

Following a survey of employees to discover the scale of interest in a 'bring your own computer' (BYOC) scheme, Martine sat down with other departments to work out the ramifications beyond the immediate technical impact. "We got together with HR and legal to make sure that our existing policies inside Citrix satisfied the needs of someone who was going to bring in their own device. We found out that it didn't matter what the physical device was - all policies and procedures remain the same," says Martine.

Having agreed that allowing staff to bring their own technology into the workplace could be done legally and securely, Citrix settled on a programme based around a $2,100 purchase grant, available every three years to staff members who signed up to the scheme. Staff had to be permanent employees and agree to buy a three-year warranty for their laptop. "If there were hardware failures, the employee could go back to the vendor they bought it from - anything else we would take care of at Citrix," said Martine.

Another condition of the BYOC scheme was that staff had to hand in their existing company devices to ensure there was a pool of spare machines if any consumer-owned laptops failed. "If a BYOC device failed and they had to send it back to the manufacturer, then they could take one of these managed devices - it created a pool of reserve laptops," he says.

For the initial 250 staff signed up to the scheme, Citrix enabled access to corporate applications via a software client called the Citrix Receiver. "Our core product basically delivers applications from a data centre to a user - we really don't care what the device is. The Receiver is the client component you download onto your laptop which brings in our SSL VPN and the XenApp plug-in which allow you to receive the applications," explains Martine.

To secure the machines that didn't come equipped with any pre-loaded AV software, Citrix also provided access to McAfee anti-virus software. Protecting the devices was a high priority for the users, according to Martine, as many employees spent considerably more than the $2,100 grant provided. "A lot of people bought very high-end laptops. They could justify spending $3,500 on a Mac because of the extra money provided by the company," he says.

The scheme has now proved so popular that Citrix is slowly expanding it to international offices, with the eventual aim of extending it to all permanent staff. While it might sound like the BYOC scheme was a piece of forward-thinking altruism, it also makes financial sense. The $2,100 grant was based on the fact that over a three-year period it cost the company about $2,600 to purchase and support a company PC - so across the 450 people already on the scheme, Citrix is making savings of $225,000 every three years. "What saves me time is that my IT team doesn't have to manage those devices - that was really the benefit to the company," says Martine.