Americas

  • United States

Asia

ryan_faas
Contributing Writer

Is it bad to give employees too many tech options?

opinion
Aug 03, 202213 mins
AndroidAppleEnterprise Mobile Management

When it comes to technology, offering "employee choice" can help attract new employees and keep current workers happy. But is there a downside to offering too much choice?

A network of linked question marks.
Credit: Igor Kutyaev / Getty Images

I’ve long believed companies should offer workers a choice in the technology they use in the office and when working remote. Doing so lets employees use what they feel is the best choice of devices for their work, it can help attract and retain staff, it lessens the likelihood workers will go rogue and source their own technology (a.k.a. shadow IT), and it establishes a positive relationship between IT and the rest of an organization.

Companies like IBM and SAP have documented their experiences in moving to an employee-choice model and have declared it a success. But does that mean it would work for every company? And how do you decide which way to go?

The most important question in developing (or expanding) an employee-choice model is determining how much choice to allow. Offer too little and you risk undermining the effort’s benefits. Offer too much and you risk a level of tech anarchy that can be as problematic as unfettered shadow IT. There isn’t a one-size-fits-all approach. Every organization has unique culture, requirements/expectations, and management capabilities. An approach that works in a marketing firm would differ from a healthcare provider, and a government agency would need a different approach than a startup.

Options also vary depending on the devices employees use — desktop computing and mobile often require differing approaches, particularly for companies that employ a BYOD program for smartphones.

PCs, Macs, Chromebooks, and other desktops

Most employee-choice programs focus on desktops and laptops. The default choice is typically basic: do you want a Windows PC or a Mac? Most often, the choice only extends to the platform, not specific models (or in the case of PCs, a specific manufacturer). Keeping the focus on just two platforms eases administrative overhead and technical support requirements. It also allows companies to leverage volume purchases from one partner in order to receive bulk discounts.

The rise of Chromebooks in business expands that choice, as does the use of other operating systems such as varying flavors of Linux or specific versions of Windows. Although Windows 11 has been out for some time now, many organizations are still tied to Windows 10 — partly for simplicity of support and partly because many older PCs don’t meet the requirement of Windows 11. 

Google is making a play for the enterprise by offering ChromeOS Flex, which turns aging PCs and Macs into Chromebooks. This allows companies to continue to use machines that have dated or limited hardware, but it also means adding support for ChromeOS devices. Because Flex is so new, it’s not clear just how feasible it is with varyious hardware configurations.

Then there’s the option of going beyond just specific platforms. Although hardware uniformity makes it easier to deploy, manage, and support a fleet of devices, some users might need specific models, specs, or manufacturers. And even a minimal amount of hardware choice can greatly expand the overhead for deployment and support, particularly when you use multiple manufacturers.

Where to draw the line

Start by determining which operating systems you can support. A big part of this decision is understanding how much additional work and cost each requires. (Supporting Windows is generally a default for most organizations, as are the tools for deploying and managing Windows PCs.)

To support Macs, you’ll need to invest in software for managing devices, typically referred to as enterprise mobility management (EMM), unified endpoint management (UEM), or mobile device management (MDM) services; different vendors refer to their wares using any of these descriptors. You might already have an Apple option, since it uses the same protocol to manage both iOS and macOS hardware. So you won’t have to invest in another tool to manage Macs (aside from additional license costs for the Macs you deploy) and there shouldn’t be a significant learning curve. It also means you can use the same user/device groupings that already exist and even many of the same policies, though some tweaks might still be needed.

Even if you have a management solution already, you should explore other options — especially if you’re underwhelmed by the system you have. You’ll also want to consider investing in an Apple-specific EMM option such as JAMF, Kandji, and others. The advantage here? These companies typically offer capabilities for deploying Macs and iOS devices (as well as software and configurations) that go beyond what’s included in Apple’s MDM protocol. If you expect to support a large number of Macs, this can make some tasks and processes run more smoothly and efficiently than something designed to support multiple desktop and mobile platforms.

It’s also important that you have enough IT staffers, particularly help desk and support staff that understand Macs.

Should Chromebooks or Linux be in the mix?

Several, but not all, EMM vendors include support for ChromeOS. If your current vendor does, there shouldn’t be a significant expense in adding ChromeOS hardware to the mix. Otherwise, you’ll need to look at other options. This can mean adding a platform specifically to manage Chromebooks or outright replacing what you now use. As with Macs, you’ll be able to leverage existing organizational details such as user and device groups, but you’ll need to develop policies specific to ChromeOS.

In addition to EMM solutions, you can use Google’s Chrome administration service; it allows you to not only manage ChromeOS but also the Chrome browser installed on other platforms. Although it works fine, it will lead to extra admin overhead since you’ll be using two separate tools with overlapping functions. And again, you’ll want to have staff familiar with ChromeOS to adequately support it.

Another concern with Chromebooks is that they come with a so-called expiration date. Each model includes an Auto Update Expiration date after which it will receive no feature updates or security patches. While all technology eventually suffers from obsolescence, it’s typically because older hardware can’t run newer software. Even then, on other platforms security patches are typically maintained for some time. With ChromeOS, the decision is less based on technical improvements, more on an actual date. And the clock starts ticking when a Chromebook model is first put on the market, not when it’s purchased or first activated. If you decide to support ChromeOS, use Google’s list of models and associated dates to maximize the length of service for each Chromebook.

If you intend to offer Linux devices, you’ll want to look for hardware that can support it. Determining exactly what that looks like can be a bit tricky because of the varieties of Linux available. It’s best to standardize on one and source the best and/or most cost-effective option. This also eases support demands, which can grow significantly if you require multiple Linux distributions.

OS versions and hardware specifics: Choose wisely

It’s important to determine which versions of each OS you’ll support. That decision may be driven by hardware or by security issues with each platform, the timeliness of updates, and the process of updating both the OS and software once hardware is deployed. This can vary significantly, so consider your security requirements, the expected lifespan of the machines, typical refresh timelines, and how easy it is to support each version of the OSes you select.

Once you’ve settled on the platforms, the next big consideration is what hardware specs or models you plan to offer. (You’ll want to standardize this as much as possible, particularly for PCs.) Sticking to a single vendor is best for both volume purchasing and ease of support, but even then hardware configurations can vary a lot. Aim for a solid workhorse, and stick as closely to standard configurations as possible (again for both volume purchasing and support).

Form factor matters, too. This is particularly true for PCs where there numerous desktop, laptop, tablet, and hybrid options. While a good single option should meet the needs of most workers, there are legitimate reasons some users and executives may need or want something different. If you have a good sense of what those needs are, you can decide in advance on a couple of options to offer — either when employees are making a selection or if the standard option doesn’t meet their needs.

Alternatively, you can select a standard option and then treat requests for models on a case-by-case basis. Should you go this route, create a procedure for users to request a specific model/configuration (and to keep costs in check, require manager approval as part of the process). And you can always ask about specific reasons for a non-standard choice and suggest alternatives less likely to increase cost or administrative complexity.

How to decide on mobile devices

In many ways, mobile devices were the catalyst for employee choice in the first place, regardless of whether they’re employee-owned BYOD devices or business-owned devices under a choose-your-own-device (CYOD) model. Although some companies still dictate specific devices, this largely involves devices like iPads and tablets. With smartphones, however, employees typically have a wide range of options.

The iPhone has long been the phone of choice for business, espeically after Apple began incorporating enterprise features as far back 2008 when it introduced support for Exchange Active Sync and configuration profiles. (Two years later, Apple unveiled its MDM protocol.) Although Android suffered some significant teething problems when it comes to enterprise capabilities, both platforms today are enterprise-ready.

The big question for smartphones is what level of legacy support is appropriate. Apple continues to provide OS updates and security patches for the iPhone longer than any other smartphone manufacturer. It also has the advantage that updates are delivered direct from Apple to each iPhone.

On the Android side of things, support for OS and security updates can vary widely — as can delivery of them. Google’s Pixel devices get a decent margin of active updates, and they are immediately available (much like iOS updates). Other manufacturers are decidedly more mixed. Some, like Samsung, beat Google’s update timelines, but most fall short of it — and some devices will never see an OS update. Because manufacturers need to vet new Android releases with their hardware and any customizations they’ve made to Android, it’s not uncommon for months to elapse between when Google publishes an update and devices receive it.

Given the number of Android device models available, trying to understand what to support or not was once a major challenge (and one reason iOS dominated the business market for so long). In recent years, Google has worked to help companies avoid this pitfall by creating Android Enterprise, a set of features designed to help organizations deploy and manage Android devices.

Manufacturers that want to be included within the Android Enterprise rubric must agree to implement certain security and management features and offer some level of update support down the road. Google uses data from these manufacturers to create a searchable list or authorized Android Enterprise devices that can be sorted across a wide range of metrics including initial Android version, hardware and storage, carrier region support, and initial release date. This provides a useful tool to determine what company-owned devices you are willing to offer and/or the range of devices that you’re willing to support under a BYOD program. But the program has come under fire, too, for falling short of its lofty goals.

There seems to be a trend with Android to treat it primarily as a smartphone platform, even though there are a range of Android tablets on the market. Most simply don’t have the mindshare that the iPad, Surface, or Kindle Fire enjoy. (I note these three examples because they are typically more requested than Android tablets.)

Managing iPads is not materially different than managing iPhones and Macs. Until relatively recently, the iPhone and iPad ran the same operating system, though Apple has begun to differentiate between them. With the advent of Apple Silicon, the current iPad Pro and iPad Air actually use the same M1 chip that powers several of the current Mac models.

Likewise, the Surface is a Windows PC, as are any number of other Windows tablets or hybrid devices. there’s little difference between managing Windows tablets and managing desktop or laptop PCs.

The Kindle Fire is a completely different animal. Although Fire OS is based on a forked version of Android, it really can’t be thought of as an Android device. Its user experience is completely unique, it can’t connect to the Google Play Store, and it is designed to prefer Amazon’s services instead of those from Google. Most significantly, Fire OS cannot use Android’s EMM features because the OS has been so heavily modified. 

That doesn’t mean you can’t manage Kindle Fire tablets; there are a few EMM vendors that support some basic device management for them. Most EMM vendors, however, don’t (or have stopped supporting Fire OS). This can mean relying on multiple EMM products as well as higher administrative challenges and confusion. Very few organizations support Kindle Fire tablets as a result.

What other devices can be offered?

In addition to traditional desktop and mobile platforms, business and education computing continues to explode. Smart TVs (or boxes/sticks that offer streaming and other features) are a growing staple in many conference rooms, meeting spaces, classrooms and offices.

The Apple TV set top box offers extensive configuration and management capabilities in tvOS, including setup, access restrictions, network connectivity and device name, and apps. As with other Apple products in this list, any vendor that supports Apple’s MDM protocol should be able to manage a fleet of stationary Apple TV units or units for employees and executives that need to travel as a presentation option. Beyond Apple TV, the situation is murkier, though EMM vendors do support different TV platforms, most notably Android TV.

Despite the business potential of virtual assistants in business and enterprise, the smart speaker market is almost entirely consumer based. The same is true with vehicle infotainment platforms such as Apple’s CarPlay and Android Auto. This doesn’t mean they can’t be used for basic business tasks like asking Siri to read and reply to messages, or telling Google Assistant to schedule a meeting or create a to-do list. With no direct enterprise integration, these platforms simply use their connection to a user’s identity in their respected ecosystems to perform tasks and shuttle the results to a user’s devices, essentially acting as a shortcut to completing a task on a smartphone or a PC.

Working with employees, managers, and executives to deliver the best combination of tools to support their job functions has become a requirement for almost every IT department, particularly after two and half years of remote and hybrid work during the pandemic. This offers tremendous opportunities for both users and IT staff, but too much of a good thing ceases to be good.

The watchword is balance — and what that looks like for each organization will differ. Plan accordingly.

ryan_faas
Contributing Writer

Ryan Faas is a technology journalist and author who had been writing about Apple, business and enterprise IT topics, and the mobile industry for over a decade. He is author and/or editor of ten technology books. He is a prolific freelance writer whose work has been featured on Computerworld, Enterprise Mobile Today, InformIT, Peachpit Press, Cult of Mac, Cult of Android, About.com, and Datamation. In 2008 he was awarded a Neal National Business Journalism award for his work featured in Computerworld's "Week of Leopard" series.

In addition to writing, Ryan has spent a large portion of the past fifteen years in the systems/network engineering and IT management fields as an IT director, systems administrator, trainer, and all round multi-platform and mobile device technology consultant. His client list ranges from human services agencies, small non-profits, and private schools to fortune 500 hundred companies and major media agencies. He also worked for mobile management provider MobileIron from November 2014 until October 2015.

More from this author