In our June 22 issue, I suggested it's time to rethink IT's typically strict policy against non-IT supported applications on end-user systems. That column generated a lot of reader mail--to say you feel passionate about the subject is an understatement. Your messages ran about four to one against the notion of letting end users load their own applications, and some of your words for me were...well, less than kind. One writer asked if I'd been dropped on my head as a child; another asked if my own IT staff had charged my office to confiscate the obviously aberrant laptop on which I'd written that column.
Unless Mom's been lying to me, neither is the case. Though I must say, the latter conjures an intriguing image of our IT support team rushing in, Tasers brandished, shocking me into unconsciousness, then cuffing and duck-marching me into some IT kangaroo court where I'm tried and sentenced for my crimes against the enterprise. All too often, this vision isn't far from what IT enforcers would wish for--there are plenty of control freaks out there who'd love to string up anyone who violates IT policy, regardless of the reason.
But that control is an illusion. Once you let users take their laptops home, the chance you'll still control the application mix on their machines is nearly nil. And, by the way, IT knows this. If you really had control of your end-user devices, why would you consider spending an enormous chunk of the IT budget on NAC-like technologies? After all, at its core what NAC does is host assessment and remediation. Why would your buttoned-up IT infrastructure need that--unless, of course, you've already lost control of your end-user devices?
It's important to note that I'm talking about the general case here. Highly regulated industries that deal with sensitive data--health care, finance, national defense--must live by more stringent rules. But the way they do so provides guidance to the rest of us.