Some are, yes. Universities definitely do but I’ve also seen it in smaller companies. Not yet so much in large ones, though here (MS) we do now kind-of have the option: you can have a Windows remote desktop session hosted in Azure and on the corporate network, where it can then connect to other VMs for work, which you can use with your personal laptop / desktop. I know a couple of folks who started using it.
Android’s Work Profile is quite a nice way of separating the personal and corporate parts of the system. Each one has a pretty-much isolated namespace for storage and so on. For laptops, this seems like a place where confidential computing would help. If I can run my work stuff in something like an AMD SNP-SEV, Intel TDX, or Arm CCA VM, then work can get a remote attestation that shows that I’m running the approved work VM image and that my host OS can’t see inside it and I can do whatever I want on the rest of the system.
My employer is a ~250-300 person consulting company and we definitely do this. Mainly because the majority of the company works for a client that hands over a laptop with their specs, locked down security policies (a lot of it is government consulting), etc. The devices we bring are subsidized by the company which allows them to enforce certain base rules that avoid some of the stuff in this article. Also, the vast majority of people only need their personal laptop for in between projects, special projects for the company (e.g. business development prototypes, open source updates, etc.), and things like time cards. Company systems are all SaaS so that also lowers risk of issues.
I’ve also seen this model for a couple clients of ours that tend to be smallish companies coming out of startup phase and needing to expand a bit. The policy is often a holdover from the startup days and generally stays adopted as such since devs and designers want their PCs with Linux installed or Macs (even the .NET folks set up dual boot or have WSL enabled plus a lot of Docker in Windows), business folks want Windows, etc.
i have worked for at least one company w/ a $1B valuation whose policy was BYOD (with a modest reimbursement for purchasing new hardware, if necessary).
it’s completely insane but some places just don’t have a sense of operational security.
I would suspect that organizations that allow personal laptops are more common than the other way around? Although I’d consider most work laptops I’ve seen “personal” since no one uses them but that employee and they can use it in any way they like (and most of them do..) so it may be down to the semantics of “personal”.
The title is so good you don’t need to read the rest of the article
Are organizations that allow personal laptops for work that common? I always thought BYOD was limited mostly to smartphones and tablets than laptops.
Some are, yes. Universities definitely do but I’ve also seen it in smaller companies. Not yet so much in large ones, though here (MS) we do now kind-of have the option: you can have a Windows remote desktop session hosted in Azure and on the corporate network, where it can then connect to other VMs for work, which you can use with your personal laptop / desktop. I know a couple of folks who started using it.
Android’s Work Profile is quite a nice way of separating the personal and corporate parts of the system. Each one has a pretty-much isolated namespace for storage and so on. For laptops, this seems like a place where confidential computing would help. If I can run my work stuff in something like an AMD SNP-SEV, Intel TDX, or Arm CCA VM, then work can get a remote attestation that shows that I’m running the approved work VM image and that my host OS can’t see inside it and I can do whatever I want on the rest of the system.
My employer is a ~250-300 person consulting company and we definitely do this. Mainly because the majority of the company works for a client that hands over a laptop with their specs, locked down security policies (a lot of it is government consulting), etc. The devices we bring are subsidized by the company which allows them to enforce certain base rules that avoid some of the stuff in this article. Also, the vast majority of people only need their personal laptop for in between projects, special projects for the company (e.g. business development prototypes, open source updates, etc.), and things like time cards. Company systems are all SaaS so that also lowers risk of issues.
I’ve also seen this model for a couple clients of ours that tend to be smallish companies coming out of startup phase and needing to expand a bit. The policy is often a holdover from the startup days and generally stays adopted as such since devs and designers want their PCs with Linux installed or Macs (even the .NET folks set up dual boot or have WSL enabled plus a lot of Docker in Windows), business folks want Windows, etc.
i have worked for at least one company w/ a $1B valuation whose policy was BYOD (with a modest reimbursement for purchasing new hardware, if necessary).
it’s completely insane but some places just don’t have a sense of operational security.
I would suspect that organizations that allow personal laptops are more common than the other way around? Although I’d consider most work laptops I’ve seen “personal” since no one uses them but that employee and they can use it in any way they like (and most of them do..) so it may be down to the semantics of “personal”.