IT is often at the forefront of technology innovation -- but not always. When it comes to the concept of a standard desktop -- every employee's core install that consists of an operating system, applications, hardware drivers and a security suite -- IT has moved at a snail's pace.
Charles King, an analyst with Pund-IT, says companies have tended to live with older software because it works well enough for their needs. Enterprises don't always ramp up to the latest releases, especially in this era of "making do with less."
Then there are political issues, which can take the form of pushback from key end-user constituencies that want to do their own thing, and whom IT doesn't want to alienate in budget-challenged times. Plus, some people want to continue using whatever ancient software they've long since gotten used to using.
But now, it seems, the snail is picking up some speed. The use of a standard desktop is becoming more of a best practice. According to a February 2010 Gartner report, 50% of 300 people surveyed in a large company said they will be locking down more corporate computers, not allowing end users to install their own applications.
One major factor behind standardization is that security concerns are looming large. IT can make a strong case about rogue (untested) applications that can bring down the network, or vulnerabilities inherent in old software that crackers often pounce on.
IT managers who are implementing a more locked-down desktop say the strategy can lead to lower costs and smoother operations. King makes a point about the "overall fitness" of how organizations deal with software and handle operational budgets. A standard desktop forces IT to think about deployment strategies and, if handled correctly, ultimately reduces the number of approved desktops to just one or two.
Dealing with rogue employees
Some companies wrestle with the notion of standardization because they also want to allow some flexibility in how an employee does his or her job, says Pund-IT's King. There are approaches that can be used, including allowing employees to select new tools from a pre-approved applications library, or allowing employees to request new tools from IT.
Still, no matter what you do, some end users will insist on bending the rules, or breaking them outright, by downloading their own software.
In this case, King suggests, "If the app is fairly benign, simply note that the download is unapproved, explain why and have the worker scrub it from the system," he says. "In addition, creating a review mechanism for employees to submit applications for consideration/approval can be a good way for organizations to learn about new technologies and to reward workers for their initiative."
If an application is a known problem or contains potential dangers, or if the employee repeatedly downloads and installs unapproved software and is recalcitrant, "imposing some sort of sanctions seems appropriate," King says. These sanctions could range from formally noting the warning or event in the worker's file to building a case for suspension or dismissal. "Knowingly exposing an organization's IT assets or data to potential dangers is unnecessary and arrogant, and deserves to be addressed," he explains.
A number of organizations are successfully walking this line. Here's how four IT organizations are locking down their desktops while providing some flexibility for employees to do their jobs.
St. Luke's Hospital: Standardization with flexibility
Consistency across a large organization can be difficult. With 10 locations throughout Idaho, Saint Luke's Health System has been extremely careful about its standard desktop. For infrastructure manager Eric Johnson, one important goal was to give doctors and other staff flexibility around which hardware they can use -- from a list of approved devices -- and where they may work within the hospital.