As my colleague, Nick, mentioned in his post last week, we recently published a study entitled Redefining Employee Computing. It encompassed over 18 months of research, interviews and focus groups, and was sponsored by 30 global organizations, many of them household names. One area of the findings I’d like to discuss is the idea of “controlling” an employee’s computing environment. While many organizations think there is a way to actually accomplish this, the most forward thinking companies accept the fact that their employees discuss company business whether or not the company likes it or is even aware of  it. Employees are also going to be working from anywhere that has an internet connection, via any device they’d like (phone, PDA, laptop, etc) so security policies and access need to adjust based on that. Given the needs and behaviors of employees as well as the connectedness that the internet offers do you know how far and how fast your policies need to change? We expect a variety of policies to be revised or developed to enable new models of employee computing:

• Web 2.0 & Social computing behavior In many companies this is new ground for employee and technology policy. These policies outline expectations for employees’ communication and behavior when using Web 2.0 technology, not only on the job, but anytime they can be identified as employees of the corporation. Today, everyone with an online presence is in a sense (or may be perceived to be) a spokesperson for the company. Every day brings news stories of people and organizations learning the new rules of the road the hard way, ranging from silly (bad-mouthing the boss on Facebook after you’ve “friended” him) to the serious (discussing product plans or arguing product quality with competitors on online forums). Remember, employees have always had the ability to pick up a phone or send out an email with unacceptable company content. The difference in the 2.0 world is the breadth and speed of the channel. News, true or untrue, spreads very fast. A few years ago Yahoo announced a reduction in the workforce but did not publicly disclose what parts of the organization were affected. However, upset employees posted notes online and it became clear quite quickly what groups were involved. A Web 2.0 policy and diligent use agreement may not have changed the Yahoo situation but it could have substantially decreased the amount of traffic initially posted. Far better to establish some basic rules of the road than to keep learning the hard way, or try to close the road altogether.

• Self-service rights and responsibilities As employees are permitted more control over their computing set-ups, they need to understand the limits of what they can do on their own and the responsibilities they are assuming, especially if self-service extends to hardware purchase, configuration, or service; software selection and maintenance; vendor contracts (e.g., for telecom services); and any facets of systems administration (e.g., backup and recovery). Define what employees must or can do on their own. Also define the flip-side – what they can not do or must seek help with.

• Laptop and PDA configurations This is a more technical policy companion to self-service rights. The approach may vary by employee segment. For technologically adept employees, those who are self-sufficient and really want to manage their computing environments, define the basic standards and protocols that must be met in order to operate with the corporate infrastructure. For those who are technologically capable but not gung-ho, define a limited number of packages (hardware, software, communications) from which to choose. The packages may be attuned to roles (e.g., sales) or work patterns (e.g., road warriors). For those who don’t want the responsibility, a standard company configuration should still be an option.

• Vendor and license management This is another set of adjustments driven by the two points above, self-service and variable configurations. Does the company want to purchase hardware and license software in bulk for the sake of volume discounts, then resell or reissue to employees? Or really get out of the provisioning business and let employees serve themselves, but set up standing arrangements with key vendors (e.g., for discounts in return for guaranteed volume, or for group service plans)?

Of course, most of these policies are not brand new. Many companies are building on existing policies and adding information about new technologies, primarily email and the internet in general. Now is a good time to review your policy set and expand it to include Web 2.0 tools. Chances are you will also need to revisit your guidelines around information, IP, and privacy as well. As the market continues to add new ways of sharing information and collaborating with each other, enterprises need to keep up by recognizing trends early, learning about the implications on their businesses and ensuring that policies morph as quickly as employees’ computing environments do. Click the link to read more about the Redefining Employee Computing study.