- geek, able to perform work on computers all over the world
- well suited to, and experienced at, working alone
- little need for person-to-person contact
- no desire to be in an office
- forced (by economics) to live a very very long way from the office
- no need to maintain a desk (and associated costs) for me at the office
- I pay for my own internet (saving the firm paying for it)
- less stress for me (no commute)
- less carbon emissions (no commute)
For longer than I can remember, I've used a dedicated machine to connect, via VPN, to the company network; this machine is dedicated in that it's used only for 'work'. It runs anti-virus (that I pay for myself), a firewall (that I pay for myself) and uses genuine 'Office' software (that I pay for myself). This dedicated machine is now a virtual machine (thanks to the goodness of VMware).
The company has now declared that VPN access is going to be locked down to only 'official' builds of the standard platform. That means that my dedicated machine will be useless in a little over a month. Why? "Security", I'm told, via a 'corporate mandate'.
There are two choices:
a) use the remote office web portal, specifically, the same portal that hasn't worked since 2003; it'll do just great if you're running IE6 on Windows with Microsoft's JVM, but useless on a Linux host running Firefox and the 'real' Sun JVM
b) use an 'official' corporate build on a company laptop
I do have a company provided laptop; in terms of hardware, it's not a bad bit of kit, reasonably specified and although physically heavy and having rubbish battery life, it's a very usable computer.
However, the corporate build (that is, the operating system and applications) is fundamentally flawed. I've not been able to use the mail client for months, due to an issue that no-one seems to understand. Every time I change the password (which is enforced, so I have no choice in the matter) the disk encryption breaks, and leaves the machine completely useless.
I realise that things sometimes go wrong, however, when they repeatedly go wrong (I've "had" the corporate laptop for at least a year, and used it only a handful of times) there needs to be a good process to fix it.
Sadly, this is also a sticking point. Support is only provided by having the laptop physically present at an office - hardly ideal for a remote worker. Better yet, the support teams insist that a ticket is opened to request support, but fail to respond until after I've left the building for the day and I'm back at home again (there's 80 miles/2-3 hours between the office and my house).
Perhaps you're thinking what I did, that is, I open a ticket, and leave it open so that the support teams can work with me to arrange a mutually agreeable time/date to get the laptop to the office? No dice; tickets are forcibly closed, with or without resolution, in order for the team to "maintain our SLA". I've even tried opening a ticket that I 'own' (meaning they can't close it) and send an assignment for work (so they'll get work 'credit'), but alas, I'm thwarted once again when they refuse to perform any work at all unless they 'own' the ticket. Arrrgggghhh!!
I use my dedicated machine simply because it works where the company laptop doesn't. The fact that my dedicated machine has:
- it's own anti-virus,
- it's own firewall,
- is a virtual machine, with limited network access,
- resides upon a locked down Linux host, which is connected via the network to...
- ... another Linux firewall...
- ... which has internet connectivity provided via DSL modem/router with it's own firewall
It seems that 'security' has far greater weight and influence than 'being able to work' and that has a devastating effect upon productivity. Being forced to commute 160 miles a day means that all the benefits of working from home are (perhaps obviously) instantly obliterated.
When 'security' goes too far = fail.
4 comments:
Disagree. Lets chat. Your friendly security engineer :-)
This was my original use case back around 2003 for VMware on linux. Suck the corporate build into there, and route right through it.
HP are looking at laptops which at boot only run a hypervisor. The corporations can then control the images. One for business and others for personal use. The business one could just be enough OS to RDP back to hq or only do VPN and nothing else. Not sure why we aint looking at those too.
A VM would be ideal; in fact, that's what I use now... ;)
Still, it'd be nice to have VM as an 'official' option.
Post a Comment