It's Time To Bring Your End-User Computing Strategy Out Of The '90s

The traditional end-user computing strategy for organisations is to buy a bunch of desktops or notebooks and roll them out indiscriminately to workers. These machines are tightly controlled because the assumption is that users are stupid and will invariably break any machine you give them. This approach is sorely out of date and we sat down with IBRS IT advisor Dr. Joseph Sweeney to discuss why companies should revamp the way they look at end-user computing.

It's not uncommon to see public and private organisations buying a number of the same computing device and deploying them to staff as part of their regular desktop refresh process. These machines are often loaded up with the same type of software and are locked down to minimise the chance of users breaking them. The computers don't even need to be portable since workers will be coming into the office to do their jobs anyway.

But the end-user computing landscape has moved past the archaic notions that:

  1. Users are stupid and have a low level of knowledge when it comes to computers
  2. You go to work in order to do work
  3. PCs are quite expensive so procuring standardised devices would be a lot cheaper

"All of those assumptions led to a way of managing the end-user environment in what we would call the '90s-centric, best practice standardised environment; all of which drives down total cost of ownership, the holy grail for all end-user computing managers." Sweeney told Lifehacker Australia. "But all those assumptions are no longer relevant but a lot of organisations are still holding on to them.

"When we talk to organisations about next-generation work environments, a lot of the time they are being stymied because the end-user computing team or desktop team would still be trying to build those end-user computing environment with all those old assumptions."

So what has change?

For one, the end-users are no longer ignorant about technology. In fact, there is a high level of digital literacy among professional workers today. That is why Shadow IT has become a problem in businesses as users seek their own technology solutions to solve their work problems.

Another change is that computers are so much cheaper now as they have become heavily commoditised to the point of being viewed as disposable. This has resulted in most people owning more than one personal device that they can work on and the rise of bring your own device (BYOD) in organisations.

"If you look at things like Chromebooks and mid-range tablets, they should be treated as disposable assets by the business. This is very unlike the old way which is to extend the life of the PC for as long as possible to get the most value out of it," Sweeney said. "All of the cost now is in the software."

The advent of cloud computing has liberated workers from their desks. Work can now be done anywhere, any time. Work practices are changing as a result and more people are able to work outside of their offices.

"All of this changes the way you think about managing security for end-user computing. It's no longer about securing the devices, it's about securing the data and the app. The device just becomes incidental," Sweeney said.

This has major ramifications for teams that manage end-user computing and the IBRS analyst has some strong words to say to them.

"For desktop teams, if they're not able to start talking the language of business and stop thinking of everything as standardised, they're going to be out of a job; it's literally that savage," he said. "I've already seen significant pushback on desktop teams that want to roll out 10,000 of the same laptops and the business just turns around and goes 'No, we're going to get our own iPad or Surface Pro, get some Salesforce software and do our own thing'."

So what should organisations do to move their end-user computing strategy into the modern era?

Sweeney advises that the best approach is to let workers choose their own device. As for software, a self-service model where users can go on an enterprise app store and choose what they need on their devices would be desirable. This can go through a quick approval and provisioning process, preferably automated.

Likewise, when users leave the organisation, all of those services and licences that were provisioned to them are automatically pulled back into the corporate pool. According to Sweeney, companies can expect up to 30 per cent cost savings in licencing if they take this approach and managing that end-user lifecycle better. It also makes provisioning services to contractors easier.

"You can create a very light management framework where you're not really managing much of the device but you're locking down who accesses to applications and data," Sweeney said. "Those applications and data must be available on cross platform devices."

He noted that there are tools out there that are mature enough to help organisations modernise their end-user computing strategy. Most companies already have about 80 per cent of the tools required to do this, they just need to be arranged in a different way, he said. But the most important thing companies need to do to move all of this forward is to admit they have to make a change.

"It's kind of like being an alcoholic," Sweeney said. "There are these assumptions that we have that we don't know we've got and until we admit that we have a problem we're going to keep managing the desktop in the same, inefficient way."


    In my workplace users are still stupid. I wish we could lock down their machines more.

    There are the "one thing has changed, help I can't fix it because I might break something". Usually their headphones are plugged into the wrong port, their monitor/desktop is turned off or they can no longer access their email (but somehow are able to email us to tell us this).

    Then there are the ones with a enough knowledge to get by but do things they should really know better than to do. Installing strange things, messing with their wifi settings and generally messing with settings they don't understand.

    The best ones are the ones that know what the hell they are doing and come to IT with meaningful and clearly defined things they would like done. These people are a joy to work with, even if their requests usually take a bit longer to get done.

      Our happiest clients (everyone involved in the business) are the ones where their environment is heavily locked down... why - because "everything just works", mainly because the stupid users (97% fall in this category IMO) can't wreck anything.
      BTW I actually like these people, as people they are very nice to deal with, but most of them only understand how to do their job by rote (thats why they hate change) with no fundamental understanding of anything in the world in which they live.

    This is a dangerous and erroneous perspective. Yes, users are more tech savvy now than they were in the 90s. And yes, computers are a lot cheaper in general. But people should absolutely still be going to work to work.

    But the problem with trying to revamp the other two assumptions (people are smarter and computers are cheap) as the narrow minded perspective you expect from an individual end user who doesn't understand why they can't install iTunes (or whatever) on 'their' PC, not the broader strategic perspective you'd expect from someone managing the corporate network.

    Users may be smarter and may not necessarily break things on their computers, and if they do yes those computers may be cheaper and easier to break. But end users, like it or not, have access to broad swathes of the corporate network. It's not just about them breaking their computer, it's about them introducing malware that compromises not just their own workstation but your whole environment.

    It's a constant battle for network and systems administrators to mitigate against all kinds of threats, and the end users have their own jobs to do without having to worry about spending their time constantly mitigating them too. For that reason, above people breaking things, the best approach is to keep your environment locked down and operate on the principle of least privilege.

    Sounds like a quick way to bring your entire network down, and end up infecting the PCs of your client base.

    From experience, very much agreed with the previous comments. Worked in High Schools for a number of years with 1-to-1 notebook programs, where the teachers and students had full local admin and pretty heavily locked down servers. We'd reimage between 10 and 50 PC's a week because of students actions generally resulting in numerous viruses. Server was fine, especially since there as only shortcuts, not mapped drives. Then worked for an MSP where our most problematic clients were the ones what gave their staff local admin. Think we went though over a dozen Crypto recoveries a month - and the people causing these issues were highly intelligent people.

    Last edited 19/11/15 3:39 pm

    1 Users ARE still Idiots. and "Shadow IT" is usually idiots that think they know what they are doing that then course more work for IT that then means the computers get even more locked down.
    2 Standardization make Imaging and IT jobs easier.
    3 Dell/HP/Lenovo all offer discounts to company's when they buy more computers
    4 Cloud computer will not work until internet speeds have increased to deal with it and it has its own limitations, anyone who has had to deal with a Wise terminal knows this.

Join the discussion!

Trending Stories Right Now