Virtualization helps Consumerization
Consumerization is a term that was coined by Doug Neal of CSC to describe the fact that enterprise IT is being disrupted by the combination of tech savvy employees who make high levels of personal investment in IT and have access to a whole raft of web 2.0 applications via the Internet. Gartner are also now vocal on the trend. The challenge faced by enterprise IT is how to unleash the creativity and leverage the investment of their employees whilst at the same time retaining control over key applications and data. There are a few popular approaches that seem to be getting traction:
Operating System Virtualization: users have one PC (virtual or physical) that’s their’s and they can use it for whatever they want (within reason) and another (again physical or virtual) that’s managed by the enterprise. The flow of data between these two machines is controlled via firewalls, AV etc. The most popular configuration with users is to have the enterprise PC as the virtual PC, not surprisingly the most popular configuration for enterprises is the converse. The combination of VMware free player, Microsoft’s low cost (no additional cost for MSDN subscribers) Virtual PC and hardware support in future processors from Intel and AMD is making this increasingly practical.
Application Virtualization: users have one PC that is under their control but enterprises provide isolated applications that can run on top of an application virtualization layer. In this mode the enterprise can be assured that their application configuration can not be compromised by applications that users install (apart from drivers) and that they can deploy, activate and de-activate these applications quickly and simply. Application Virtualization will often even allow multiple versions of the same application to run concurrently on the same machine.
Enterprise Portals: users have a PC that is under their control, and access all key applications and data via an enterprise portal. Such portals normally provide support for a wide variety of application types including Web, Java, and Citrix. Its not a stretch to imagine these portals also being the access point for downloading applications that run on the application virtualization platform described above.
SSL VPNs and network access control: SSL VPN’s are rapidly replacing IPSEC VPN’s as companies move to an application access rather than a network access model. Many SSL VPNs include network access control capabilities that involve an agent being downloading and scanning the PC to make sure that it meets enterprise criteria (patches, AV, firewall configurations) prior to the connection being established. This capability is often combined/integrated with Enterprise Portals.
Network contraction: a few years ago it was common for the only firewalls in an enterprise to reside at the perimeter of the WAN. An increasingly popular model is to protect the enterprise applications in the datacentre with firewalls and also to protect PC and workstations as well. In some companies they are dispensing with the WAN altogether and PC’s running local firewalls effectively live on the Internet or behind commodity firewalls, and the enterprise perimeter has contracted to surround just the datacentres. These datacentres often publish all of their interactive services via an Enterprise Portal as described above, and control connections to that portal using an SSL VPN and network access protection.
Personal Allowances: The final piece of the puzzle for me is how to handle the merging of business and personal use that we are increasingly seeing. The model that appeals most to me is the allowance model. Provide employees with all software they need for core business processes and a role specific allowance to invest in everything else including phones, displays, desktops, portables, tablets, productivity software, home networking etc. Define standards and publish best practices to help people make sound decisions and to help them be as productive as possible, allow employees to supplement the allowance with their own money if they want to. Because individuals then own the devices it also looks like employees will take on more – if not all – responsibility for acceptable usage compliance.