Legal

Survey shows 39 percent of employees purchase their own laptop for work

Employees are buying a lot of their own technologies to use at work -- including laptops, cell phones, and GPS systems -- according to a new survey from digital research firm In-Stat. This phenomenon presents IT departments with a series of complex challenges.

Employees are buying a lot of their own technologies to use at work -- including laptops, cell phones, and GPS systems -- according to a new survey. This phenomenon presents IT departments with a series of complex challenges.

------------------------------------------------------------------------------------------------------------------

I recently mentioned the issue of employees bringing more of their own technologies into the enterprise in my article on Gen Y and I've also discussed the issue of employee-owned smartphones. But, frankly, the new data from digital research firm In-Stat -- see the chart on the right from USA Today -- shows much higher percentages of employee-owned devices than I would have expected.

It looks like In-Stat cast a wide net in their survey by asking employees about technologies that they sometimes use for work and whether the company paid for them or not.

Nevertheless, the numbers are significant because it means that employees are a using their personal devices to access corporate data in large numbers. That can present a lot of serious challenges for IT, such as security, compliance, and customer privacy. That's why there's a push for IT to officially support more of these user-owned devices so that it can verify or set up enterprise-approved security and privacy settings.

This isn't a totally new phenomenon. Ten years ago I remember lots of business professionals running around with their own personally-purchased Palm Pilots, which were loaded with a mix of personal and corporate data. That situation would not pass many of today's compliance regulations -- Sarbanes-Oxley and HIPAA for example.

The difference today is that most of these same professionals now use smartphones to manage their data, with or without the blessing of the IT department. For example, with a smartphone powered by Windows Mobile, employees can access their Outlook/Exchange mailbox, contacts, and calendar by connecting the phone via Outlook Web Access in a few simple steps (and with IT being largely unaware of it).

For more, read the USA Today article Some employees buy own laptops, phones for work.

Do you have any personal devices that you use for work? What percentage of your users do you think are using personal devices for work in your company? Does your IT department support any personal devices? Join the discussion.

About

Jason Hiner is the Global Editor in Chief of TechRepublic and Global Long Form Editor of ZDNet. He is an award-winning journalist who writes about the people, products, and ideas that are revolutionizing the ways we live and work in the 21st century.

61 comments
NotSoChiGuy
NotSoChiGuy

Is a study that shows the various cost breakdowns for a firm comparing employee-owned vs. employer provided tools. Factor in realistic costs for support, security, equipment, etc. For a small firm (50 people or less) that doesn't really have an IT staff of note, this may make some sense (people were going to be on the hook for supporting the equipment themselves, anyway...or company would bring in consultant who has no stake in what is used) financially. However, as the scale increases, I'd have to imagine the costs associated with securing and supporting the devices would far outstrip the costs of simply issuing a standardized device. Something else that needs to occur is technical leadership realizing that one system does not fit all. A administrative assistance and a senior developer having the same exact desktop is pretty ridiculous. There needs to be a way to address the needs of the 15% or so of specialized users within a firm. At a former employer, we had a formalized procurement process for desktops and laptops. If there was a need to go beyond one of the standardized units (regular desktop, power desktop, regular laptop, ultra-mobile laptop), we'd allow it provided that the business unit kicked in the additional budget (since the systems were budgeted based off of the projected costs of the four standard images). This helped weed out extraneous requests (one thing to justify IT paying for something, quite another to get your own supervisor to sign off on a request), as well as ensure that all of the needs for the organization were met. Definitely not a perfect process...but it was far better than anything else I've seen at other large firms.

boolsea
boolsea

I work for a major international computer company developing web and non web based software. The 'standard' system that i am supposed to use is: XPSP1, 1.6Ghz single core P4, 512Mb memory, 20Gb disk, 17Inch tube screen (It's 6 years old for heavens sake!). This is because no matter how i try i (and others in my situation) cannot convince my employer to spend ANY money they don't have to, the only way i can get a paid for upgrade is to empty some coffee into my PC (and even then I may get a used PC!). I have ended up buying my own hardwars just so i can get some work done!

Tech D
Tech D

I like using the company's stuff they have laptops, desktops, handhelds, their data, voice plans, hey I can do my work and personal stuff too. When I start buying for self and using it at work, shouldn't there be tax relief for that? Of Course.. What about the gas I use too, vpn, should I stop there, food, ridiculous.

mhbowman
mhbowman

We have 802.1x and port security in place. Further you have to have rights to add a device to the network. Before a tech can do that for you the device has to be checked to see that it complies with hardware, OS, and antivirus standards. If it doesn't it doesn't get added. Period. Likewise, once a system's OS, or hardware no longer meets the minimum requirements it has to be removed.

JPRuiz
JPRuiz

For many years, I felt tempted to bring some of my "toys" to work, just because they are exactly what I want, not some cheap, standard issue item. But I never got to it, simply because of a simple fact that few people actually take into account. Everyone here continues to state that how are you going to prevent company data from leaving on the personal laptop, how are you going to make the laptop compliant with the company's standards, etc... My question was, is and will still be: how do I ensure the company's crap does not mess with my personal settings, tools, programs software on my PERSONAL property. Bottom line, if it is MY computer, then MY stuff is priority one, and the company WILL take a back seat. On my personal computer, my stuff comes first. If a work tool, or a work policy conflicts with MY personal settings, too bad, my settings stay on MY computer, end of story. So better keep the important stuff on you personal laptop, and work stuff on a work laptop. If the company laptop is less than optimal, that is not your problem, it's the company's problem and you can whine and be as annoying as you wish to the powers that be regarding the equipment you have been issued and how it limits your productivity. Better not to mix apples with oranges.

john.kandrovy
john.kandrovy

It always brings up the question of who really owns the laptop or desktop when it contains sensitive information or it becomes an integral part of the business. An example would be that the business does not want to purchase the required software to create reports... So someone says don't worry I have the solution on my laptop,so in a quick fix to create reports.So then that laptop becomes the sole machine for report creation in which on a daily basis it's semi routinely brought in / taken home. Also, with that no one else knows how to do report creation due to it's on someone's personal laptop.

Blade4825
Blade4825

We do not allow people to use personal devices on the work network, flat out no if and or buts about it. Several years ago the network was brought to it's knee's by a virus that ran rampant. Since then if the computer is not a work machine than it doesn't belong. For people coming in to do meetings, or vendors that need access to the internet for presentation purposes a separate account with limited access has been created for them.

danponjican
danponjican

I buy my own smartphone and prefer to have companies implement policies where they issue a monthly expense budget rather than limiting you to a limited number of phone and service options.

ashipps
ashipps

Buy it yourself if you want a high quality PC and cell phone, loaded with your favorite options and software. The alternative is getting stuck with hand-me-down or general issue (cheep) PCs and phones that provide only what you need to get by, with strings attached. If you are a VP or director you might get what you want. The rest of us are best off supplying ourselves. I also brought my own scanner and printer to work for increased efficiency and creativity.

jdclyde
jdclyde

This is short term thinking, done primarily by bean counters, looking to shave the bottom line. On paper to a security clueless accountant, it is a win for the company to get someone else to pay for assets. They do not have the realization that it is the DATA that holds the most value for the company, AND that personal system is going to be a security breach that will NOT make it if they need to meet government compliance of data safety. This is a dangerous practice. This is a dumb practice. This is a fad that is going to come back to byte some of the bigger players hard when they end up in court over a compromise. [b] This is STUPID because how do you get the companies data off the personal systems when the person leaves the company?

wszwarc
wszwarc

The problem is not the number of employees using non-company devices. The problem is that the company is not flexible enough to provide employees with the devices they need to stay competitive. Think about non-computer related devices for a moment. Employees have been using their own calculators, watches and phones since the beginning of time. Why? Because it was either too difficult to get one allocated or they weren't allocated at all. Now that computing devices are a commodity; like calculators, watches and phone; why wouldn't we expect them to use their own. Either supply cutting edge devices to all of your employees or stop whining and figure out a support and security policy. I expect 99% of us will have to work with the latter. By-the-way, isn't it time we stopped complaining about user owned devices?

eward
eward

Instead of spending money fixing problems brought in my personal equipment, or enforcing rules, fork over the extra cash and let the employee pick out his own computer. Then he gets the laptop that he wants and you have control over it's security policies. You've just increased security, employee happiness, and probably saved money in the long run. The only hard part is convincing the "bean counters" to see the long-term savings behind the up-front cost. If you're company is buying new computers anyway, the cost probably won't be too much more.

Lovs2look
Lovs2look

Where you have a "personal" laptop and a work one, then yeah, great. It all works well. Are you lugging two laptops around tho'? I like to listen to music while I'm working...do I fire up my laptop to play music while I fire up another laptop to do work on? Not really practical is it? Not to mention my desk isn't big enough to accommodate two laptops. Nice idea, I just don't think it works too well in the real world.

sangraal
sangraal

smaller to mid range inc.s love this practice but it works for them nicely since most are not utilizing technology other than by the default configurations by non technical users. However, in a larger company like ours that actually does have a secure network in place with the personnel that enforces that actively, it is a very productive thing to utilize technology. It works out very nicely with no issues if done correctly. It is great to get email from your phone and outlook if you are in another location. It is awesome to fire up your laptop and remote any important tasks at your desktop. and really this is the way to go for the future. It can be argued that the , restrictive or simply the policing strategy, is actually a non developed way to deal with these issues.

Ed Woychowsky
Ed Woychowsky

When I was consulting there was a location where I considered using a condom when using a network cable. To give an idea, they had anonymous FTP because passwords were too much of a hassle, then they wondered where all of their storage went. Hmm, maybe it was the copy of Spiderman in French or one of the other fifty movies on the FTP server?

j-mart
j-mart

Can always get the best out of the tools they have. Top people will get even more. And often those that are not up to it will blame the tools in front of them for not producing the required work. I could take into work an old 486 and could get my jobs built in the works as fast or in some cases faster than using the modern equipment at work. It comes down to how good you are not just what gear you have got.

Lovs2look
Lovs2look

We don't allow untested (and unsupported) devices onto our network. Looks like you'd be stuck with a cheep (sic) laptop and hand-me-down scanners at my workplace. Like you said...enough to do your job.

wszwarc
wszwarc

Bravo to you... What have you, as an IT person, done to maintain company security policies while using your own equipment?

Lizzie_B
Lizzie_B

JD writes: [i]"how do you get the companies data off the personal systems when the person leaves the company?"[/i] That is a huge problem and one I just went through. For the last 18 months, I've been using not only my laptop but two of my desktop systems for work. Talk about a mistake and a mellacious hess! I did so because my systems were faster, more powerful and better suited to the purpose than what the business had available and using my own systems made my job substantially easier - and the business was on the edge financially. I was working for "family" - that is, there was (and is) family tie between my life partner and the business owner, which made it seem like a "safer" and "more reasonable" solution - after all, it's family, right? I will never, ever do that again. I ended up having to deal with having over 600 GB of company data on my disks that had to be moved onto company owned machines. And, because my systems had been available, the company had NOT purchased systems that were more suitable to their needs - which meant that when I left, the business STILL did not have appropriate systems. Ultimately, I spent the better part of a week getting the data off my machines and onto company disks. Although the arrangement was beneficial in the short term, overall it harmed the business. It's a mistake I hope never to make again. You're absolutely right, JD. Stupid is what I was and Stupid is the ONLY word for it.

john.francis
john.francis

If you put all corporate data and applications in a centralized server farm, only allow access via Citrix or Terminal Services, and front it with a VPN (ideally browser-based) that prevents any data transfer to or from the client device, then I say the user can use whatever they want. This is just one step more than was in place at my last company. The only users with "real" access were in the main office using corporate PCs (or terminal devices). The big advantage was that users could access their desktops remotely whenever and from wherever they chose, without any worries about potential vulnerabilities. Also, the corporate data was protected from unauthorized disclosure. If a laptop full of customer data is stolen, who owned it doesn't matter much.

Ed Woychowsky
Ed Woychowsky

Once when I was leaving a company, a manager that demanded that I turn my personal laptop over. She said that since I purchased it with money from the company (my salary) that it belonged to the company. I laughed and suggested that she take advantage of the company's counseling. When she pressed the subject, my response was rude and followed by the suggestion that she sue me if she didn?t like it.

ashipps
ashipps

My best creativity and productivity is when I bring my own devices to work. I will not put-up with 2nd rate, standard issue PCs. I also bring my scanner, small printer and a camera as necessary to work.

wszwarc
wszwarc

This has been going on for 20 years. It is not likely that it is going to stop. Even technicians are using their own equipment. Rahter than issue declarations that will be unheeded, like we have been doing for 20 years, work out a data security plan that INCORPORATES user devices. The last vestige of security was back in mainframe days. In today's world - terminal service.

NickNielsen
NickNielsen

[i]Either supply cutting edge devices to all of your employees or stop whining and figure out a support and security policy. I expect 99% of us will have to work with the latter.[/i] What's the business case for it? Why does a data entry clerk need a laptop? Why does her neighbor need a cutting-edge PC? Why does a straight 9-to-5-no-standby worker need a company-supported cell phone? Given compatible software, the vast majority of business functions in the vast majority of businesses can be completed on a Pentium 66 PC with 8 MB RAM with an old black dial-front phone parked next to it. Hell, most business functions haven't changed significantly since the terminal/mainframe days. The [u]only[/u] reason for business to support or provide equipment is if an employee can't perform assigned duties effectively without it. Otherwise, it's a waste of money that reduces profitability.

kristina_johnson
kristina_johnson

I would never condone any company allowing employees to purchase their own laptops for work purposes. It?s been a ?Hot Topic? many times during my 6 year career so far, and since I don?t decide the standards, luckily I could fall back on ?its company policy? when explaining why employees could purchase their own laptops, printers, etc to use in the office. Aside from the obvious security issues, there are so many things that can go wrong. Employee would think they have the right to load whatever software they choose on ?their? laptop, possibly causing software incompatibility or worse. Then when personal pictures, music, etc get loaded on this ?personally? owned laptop and IT takes it and possibly mistakenly deletes, removes these ?personal? items ? who is to blame? And then when repairing the laptop ? don?t even get me started there ? is IT supposed to be responsible for multiple different models of the employees own choosing for firmware and driver updates? What happens if the laptop needs repairing? Is the employee out their laptop while waiting for a replacement part? This just seems plain inefficient ?How I do things now - if an employee?s laptop is in need of repair ? I have a extra laptop waiting to be configured for them, usually it?s the same model and I can place an image on it in a snap. This way I only need to maintain one or two images and only store one or two images on the server, imagine having to do that for X amount of different models you could get by allowing employee to make their own purchases. Just sounds like a nightmare all the way around for the employees, IT and the organization. Just thinking about it makes my blood boil?..

shardeth-15902278
shardeth-15902278

After all, it isn't the user-owned device that is really the problem, it is the lack of security which allows something malicious in, or the lack of controls that allows something sensitive out, which is the root issue. One could argue that IT resistance to alternate devices is somewhat analogous to the entertainment industry resistance to digital content distribution - a futile effort to avoid a mechanism we don't fully understand, or fear losing control of. Perhaps, instead of running around filling USB ports with glue, we should pursue innovative systems that can classify and manage data according to sensitivity - the most highly sensitive being prohibited (by the system) from being transferred or copied to ANY remote device. And similar mechanisms to initially quarantine ANY device on the network, granting levels of access only as the machine is automatically checked for required levels of security compliance. Assuming, an assurance of appropriate controls on data, a well defined, open-standards document format, and appropriate security implementation. Does it really matter if the user prefers a MAC? LINUX? A Blackberry? a...? Certainly a homogeneous environment has benefits from the perspective of support costs - and acquisition costs (commodity buying power, at least it should, I've seen instances where it wasn't so,). And our current way of thinking largely requires it. But change occurs - ready or not; because of, or in spite of us.

j-mart
j-mart

Many see their "technology" more as a "fashon accessory" than a tool they base their choices on what "looks cool" more than any particular job requirements. At the place I work at I have always been provided by the company with the tools I have required. If I come across any software/ hardware that I think will be of value management will always listen and if you can justify cost verses productivity if the buget is available no problem. As we have definate requirements for each task hardware needs to meet specifications. At the start of a hardware upgrade cycle better than needed. This is the advantages of being in a company run by engineers. Engineers who design, cost , and build projects, know what's required to get a job done,

mhbowman
mhbowman

You would have every single type of device out there and maintaining images, drivers would be impossible, Not to mention incompatible hardware. Most people use the PC as a tool to do their job. They have no idea, or even care, what IT goes through to maintain a solid work environment. It doesn't just happen by accident.

shardeth-15902278
shardeth-15902278

The one problem we had was much higher support costs. With a single brand/model laptop, any software issue that took more than 15 minutes to figure out, was resolved by re-imaging (took about 10 minutes start to finish). With the users picking their own gear, there was no single image, so either you spent more time trying to resolve the problem, or more time rebuilding from scratch. I suppose you could take the approach that they are responsible for support - send them to the geek squad on their dime when they screw up their computer, but that still doesn't account for their lost productivity. Perhaps a few loaners to mitigate that cost? Would that be sufficient? Not sure...

JPRuiz
JPRuiz

Either get approval to put music on the Hard Drive (yes, there are companies that will let you do this as long as you own the original CDs where you got the music, no P2P downloading!), or get yourself a personal MP3 player. I never said this was a perfect solution, I?m just saying that in this kind of situation you have to prioritize what goes where. My personal laptop is personal, my work laptop is for work. And no, I don?t feel the need to carry my personal laptop to work, that one stays at home while I?m at work. C?mon, just stepping through the door of your company can be enough reason for somebody to think they can have an opinion about your computer. I don?t think so!

CharlieSpencer
CharlieSpencer

If a company expects an employee to use a tool, it should provide it.

Lizzie_B
Lizzie_B

There are some applications that call for simple, raw computing power - for example, automated (batch) processing of thousands or tens of thousands of 12 megapixel images. Even with the smaller 6 megapixel photos, once you're dealing with truly large quantities and doing batch processing, the skill of the worker is not as critical to job efficiency as the processor, memory and disk speeds. Having said that, I have also seen many situations where the most critical component was the employee. A skilled IT person can work much faster and with greater efficiency with a dinosaur computer than the "average" user can with a wonderbox. At least as long as they're allowed to work without interference! Nothing slows down the job as much as management interfering with the workflow...

robie.sweet
robie.sweet

I disagree. My agency does remote upgrades. The computer I'm using is so old that a 30 minute upgrade on a new PC takes 3 hours on my company hand-me-down. The upgrade was so resource intensive, I couldn't do a thing the upgrade was being pushed. With regard to usng your own personal equipment?My company may not support my personal equipment but they certainly expect me to take my work home when we are pressed. Kind of a conflict, if you ask me.

jdclyde
jdclyde

would have been to get a few huge hard drives and slave them out. short term thinking is what takes many companies right into the poor farm. hope you left for a better gig, liz.

jdclyde
jdclyde

to feed out a secure access, and then allow personal systems like that.

jdclyde
jdclyde

because it IS your laptop, she can't say BOO about it. A lesson lost/wasted on others around here it seems.

jdclyde
jdclyde

that is unwilling to provide you with the correct tools, but you will never make it in a large corporation. The short term gains of the savings on equipment is a mistake larger corporations that HAVE to meed government compliance standards will not be stupid enough to take.

jdclyde
jdclyde

because you can not dictate what the users do with their own equipment. You have just lost control of the equipment because of a stupid bean counter that will be no where to be found when there is a major lawsuit because of a breach in customer information.

j-mart
j-mart

where technology items items are more "fashion accessory" or "statis symbol" than a real tool. Some of the users I have encountered who insist on having "all the toys" can't do much more than carry them around with them, turn them on and watch them light up. Being supplied with technology by the company should be direct related to the job you perform. Salesmen and Engineers who are often away from the works, laptops and cell phones are tools that help them perform their jobs. due to the nature of my position, all of my duties are performed at the companies works, the last thing I need is to be supplied with phone or laptop. The person it the desk next to me deals with a different product than I do, he travels around ocasionally, and is required sometimes out of normal hours, he gets a company phone. Last week he was out on site every morning 4-30 am and as it is winter down here, I'm better off without my company toys. The last thing I would do is use my own personal laptop for work, its mine and for. my things. I suppose it is harmless if some with "self importance" problems wish to walk around the place with their laptops etc, as long as they are not alowed to connect it into the company system where they could do some damage. As long as they get there work done a bit of posturing, though sometimes annoying is basically harmless.

stempy
stempy

I can see where your coming from in regards to security and personal files on the laptop. I think it depends on the employee and the type of work they do, for instance general office work which uses standard software is suited to company provided equipment. but in my case for instance as a developer, I have worked at some organizations with strict policies regarding their systems. I often needed to install multitudes of different software, configure pc's completely differently, and each time had to fill out approval forms, get these items approved, then they would need to make sure they had an appropriate licence for the software (which I personally already had on the laptop). This whole process completely dragged out contract time, in a few cases, they provided me with full admin rights to their systems, which I believe could actually be worse for security than allowing a laptop to be brought in, that could be configured to work with an external network. Even if the company provides laptops, users can still potentially install their own programs and files, they can still gather any confidential information, or even lose the laptops (and all sensitive info). With Personal laptops, IT departments shouldnt need to care about what is on the personal laptops, rather the protocols, data transfer, and security policies that the user needs to employ. IT should not be handling the Users Personal Laptop, rather defining the mechanism within their own network to communicate with the laptop(s).

shardeth-15902278
shardeth-15902278

That one was pretty easy to take care of for us, music/vids and the like were NOT our responsibility. They were restricted (by automated mechanism) from upload to the file server, and the 1.5 page agreement the user had to read before obtaining a laptop made it clear that if we had to fix the machine, we would probably wipe it out, and no attempt would be made to protect their personal data. That doesn't whittle your list down by much though ;).

JPRuiz
JPRuiz

Could not have put it better myself. As far as I can tell, all laptop now have CD players. And if worse comes to worse and the one you have doesn't, then get yourself a personal player and you will have your music with you.

CharlieSpencer
CharlieSpencer

Why do you need to store music on a company laptop? Why can't you load a CD in the optical drive?

Lizzie_B
Lizzie_B

plus ?a change, plus c'est la m?me chose.

CharlieSpencer
CharlieSpencer

"C'est avec une grande puissance est grande responsabilit?"

NickNielsen
NickNielsen

...all I can say is benefits, benefits, benefits.

robie.sweet
robie.sweet

I certainly agree with your comments, but I work for a state agency. Without money in the budget, need doesn't count (my work PC is also USB 1.1). And no, I don't get paid for overtime either. It doesn't matter where I do it. I have to purchase my own equipment for working away from the office. Our agency firewall doesn't allow us to connect remotely other than accessing email. I have an assortment of flash drives to take work home. I had to purchase an Ironkey (8 Gb, $250) to make sure my confidential files were absolutely secure. Guess that's life in the Big City.

j-mart
j-mart

If you are running windows machine will require regular maintenance to get best out of it, so all anyone can do is the best work with the tools in hand. If your company expects you to do work at home they should provide equipment or pay you for using yours.

NickNielsen
NickNielsen

If the time delays are as you say and you can document them, you probably have strong justification for a new laptop. I got a new laptop shortly after explaining that it took 3-1/2 hours to push a 5 GB image because my laptop was not USB 2.0 capable. As for working from home, I certainly hope you're billing the time. If you aren't or your employer won't allow it, keep your butt at work or at the client site until the job is done. If you're working at home and not getting paid, it's time to get your life back, regardless of the age of the corporate equipment.

Lizzie_B
Lizzie_B

In the heat of the moment in a time-critical business, it's too tempting and too easy to take the shortcut - especially when money is tight and a "solution" [i]appears[/i] to be free and easy. As the ostensible head of IT, I was as much (if not more) to blame for the problem as the company was. As I said, all I can do is hope that I really did learn from my mistakes.

Lovs2look
Lovs2look

Yes, I have just experienced the pain of a laptop user having a hard disk crash on them...no data was recoverable, unless we took it to an expensive data recovery professional, and the work data was not that valuable. His private photos/music/whatever were very valuable to him tho, so wasn't he pissed when I told him nothing was recovered. Again I explained the situation with laptops and our similar (unwritten as yet) policy regarding "personal" data, but users just want what they want. I'm waiting for him to go over my head so I can explain to management about his personal data requirements...that should be fun! All laptop (and desktop) users please note; NONE of your private data - whatever it is - will EVER be backed up by our corporate servers/tapes so please don't ask - as a refusal OFTEN offends. Reap what you sow.

Editor's Picks