RSA Security Conference Day 2: Using Your Own Computer at Work

As alluded earlier in the TechSoup Blog, IT managers in the corporate sector are taking greater notice to a trend that we've encountered for many years ' employees or volunteers bringing in their own computers to the office. Due to lack of funding or a dedicated IT budget, you may bring your own laptop to the office, or work on say your nonprofit's finances at home. In the short run this is mainly done as a cost saving measure, since it's often difficult to allocate grant funding to office equipment unless it's explicitly allowed. In addition, you are often likely to find great deals on computers individually, but less so for a whole office full of them.

In the long run, however, it can pose problems in terms of interoperability in the office, as well as support if devices aren't of uniform configuration. Even with the donations from TechSoup, you may be unlikely to be able to purchase computers for every one of your employees and volunteers in the near future.

At a session called "Bring Your Own Computer to Work ' What Now?" the speakers offered some tips that can help IT managers and accidental techies address this increasing trend:

• Understand the legal ramifications. In these circumstances where workers use their own computers, "cross-contamination" of data will be inevitable. One's personal data, some of which may even be personally identifiable when it's stored in cookies or browser cache, may end up being backed up to the organization's backup server. Likewise, donor or client data that comes through email, accessed from a personal device would remain there, and in turn, is not secured. These actions may run counter to any legislated privacy laws you must abide by depending on your type of organization and the constituents you serve.
• Outline a clear set of entrance and exit policies for these devices. With the legal ramifications in mind, you should communicate clearly to your employees what sort of support can be given when they bring in their computer (for example, would your consultant be responsible for the spyware you are infected with when your children accidentally visit a malicious site?), as well as when the employee or volunteer leaves the organization (for example, what data must be purged from it once they terminate their employment or volunteer project?)
• Consider technical solutions to establish usage guidelines. While many solutions were proposed, such as cryptography, remote desktop, and virtualization, a very simple solution that nonprofits can deploy is making sure you create separate user accounts on the computer that's being brought in. For example, creating a separate "Jane-work" user for only work activities would have an operating system level separation that would make backup and licensing a lot easier. Your work Outlook data would be kept within only one Outlook instance, and your accounting license will only apply to the one user.

With these tips as a starting point, take the time to consider what works best for your organization, your employees, as well as your clients and constituents. Although their interests are not always perfectly aligned in terms of security and convenience, a balance can be made between these three groups.

Photo: G.MAI