Freely subscribe to our NEWSLETTER

To refresh, or not to refresh? This is the dilemma that many companies are facing. In an effort to reduce IT budgets, companies are cutting back on new purchases, and corporate laptop fleets are a target. Analysts estimate that maintaining a modest fleet of just 50 corporate laptops can cost a company thousands per laptop, per year in licensing, maintenance and support, on top of the initial purchase price.

With this in mind, it’s not surprising that many organisations are considering giving their employees a one-off allowance to buy their own laptop for both business and personal use, rather than invest in a fleet of new corporate laptops.

Benefits of bring-your-own

Giving workers a stipend allows companies to remove the laptops and some of their associated costs from their books. And allowing employees to choose their own preferred laptop can be seen as an incentive to help keep staff motivated.

Yet, while this option is certainly attractive from a financial and practical viewpoint, it also raises another issue: security. Businesses sacrifice rigorous, uniform control and protection of networks, devices and data.

Security drawbacks

Let’s look more closely into the potential security issues. If employees use their personal laptops for work, businesses will need to ensure secure remote access to the office network from a large variety of different machines. Which VPN method and VPN client should they choose? What disk, data and device encryption software should they deploy? And how can they ensure security compliance on each endpoint?

Meeting these requirements is expensive and complex in terms of management, and could end up counteracting the potential savings and benefits gained by the organisation from offering personal laptop allowances.

What companies need is a different approach to endpoint security that combines data encryption, session virtualisation and secure VPN connectivity on a simple, plug-in device – like a USB drive for instance. This could give a solution that delivers data and device protection across a range of different endpoints, that’s also easier and cheaper to manage than a laptop fleet.

Plug-in security

A new generation of USB drives is now available, integrating both VPN connectivity for secure remote access, and automated hardware encryption to secure all stored data against accidental loss or theft. These devices are also centrally-managed so that corporate policies can be applied and drives re-provisioned if lost.

This transforms what were portable ‘storage-only’ thumb drives into fully-secure solutions for remote connectivity. For the company, the support and management overhead is far lower than for a managed laptop. In addition, using such device removes the headache of controlling a large number of endpoints, while delivering large-scale secure remote access, and keeping confidential data secure.

Virtual workspaces

From the employees’ perspective, the ideal endpoint solution would just ‘clone’ their office computer and deliver it on their home computer. All users would have to do is simply insert the device in their home PC or laptop, type in their passwords and start working as if they were in their regular office environment.

For the duration of the session, the host PC transforms into a virtual office workspace and a trusted endpoint, with a secure VPN connection for accessing the corporate network. The virtual workspace segregates data from the host PC, while controlling applications and file transfers. When the user ends the session, the virtual workstation disappears without a trace. Both the local data and the corporate network’s integrity are protected from malware, hacking attempts and data theft.

Assessing the benefits

A secure virtual workspace solution of this type would enable businesses to overcome the cost and complexity that they usually experience when delivering uniformly secure, remote access to the corporate network from a variety of employee-owned laptops. So it is possible to make the business, personal – and vice versa.