Business leaders should understand ‘Modern Desktop’ as a seismic shift in corporate computing
By now, most business leaders are familiar with some aspects of their organizations’ journey to the cloud. That includes CEOs, CFOs, and others who don’t live and breathe technical topics on an everyday basis.
These business leaders have probably already seen financial and operational benefits of moving software and servers to the cloud. That includes products in widespread use, such as Office 365, as well as enterprise software specific to a single organization.
But business leaders may not yet be familiar with some more recent trends in the cloud journey. One of these is referred to in the IT industry as “Modern Desktop.”
Though the phrase “Modern Desktop” sounds like it might be just a marketing phrase, it’s actually a seismic shift in corporate computing.
In fact, it’s such a big change that dedicated IT professionals — who have, in many cases, worked for decades to build and maintain network architectures that have, for the most part, served organizations well — may in some cases be reluctant to recognize and embrace both the scope and importance of this transformation in corporate computing.
Therefore, it’s all the more critical for business leaders to understand the basics.
The topics at play here are so fundamental that they affect everything from how devices are managed — no longer provisioned by IT staff — to the very role of the IT department in the broader environment — no longer delivering devices and experiences, but rather enabling them subject to corporate governance policies.
My objective with this article is to lay out for CEOs, CFOs, and other business leaders the essentials of the Modern Desktop model. This is, without question, the future of corporate computing.
The traditional “corpnet” model
First, let’s briefly note the traditional model for corporate desktop computing — a model that has, to a large extent, served companies and users well and has scaled up to hundreds of thousands of users:
- Network architecture and security: Devices are “joined to” a corporate network. That is, either a physical presence or a virtual private network (VPN) connection is required to access corporate resources. The basic security posture is one of keeping threats out, such as by firewalls and a mix of antivirus tools.
- Applications: Like the devices accessing them, applications also run on the corporate network.
- Device deployment and management: The IT department images new devices in what is often a time-intensive provisioning process. Devices are then delivered to users and managed centrally.
Given that this traditional model is still working reasonably well for most organizations, why does it even need reinvention? We’ll take three of the biggest reasons in turn: (1) security, (2) efficiency, and (3) the cloud-based, application-centric user experience.
The Modern Desktop model is architecturally more secure
The traditional corporate-computing model has a fundamental architectural problem when it comes to security — because end-user devices are joined directly to the corporate network, a compromised end-user device can threaten other parts of the network via lateral movement.
You can, of course, address lateral movement and other security risks using a wide range of tools, both hardware and software. But you can’t expect any number of security tools — whether hardware or software — operating in the same network space as a potential threat to reduce risk as effectively as solving the underlying architectural problem.
In the Modern Desktop model, it’s extremely difficult for hackers to move laterally from one desktop to another, or from a desktop to a server. The devices and servers only touch in the middle when a user needs access to a particular application — and in gaining that access, users and devices must navigate through a series of protections that ensure the user’s identity and a “healthy” device.
The Modern Desktop model is more efficient for both end users and IT
When you take a smartphone out of a box, you expect it to “just work.” You expect to establish your identity on the device and then again when first accessing secure resources such as your email — including your corporate email. The implication of these expectations is profound: the device is disposable. Its job is to give you access to what really matters: data and applications. When the phone breaks, or when its hardware is no longer meeting your needs, you simply get a new phone and reauthenticate.
Note what’s not happening with the smartphone: no imaging by IT. No loading additional software by IT. Probably not even any ordering by IT. Or, for that matter, probably not even any physical contact by IT.
That’s where we’re going with desktop computing, too. Take away the need for the PC to connect directly to the corporate network and you eliminate time spent imaging and provisioning PCs out of the box. Not only that, now you can have the computer shipped directly to the end user from the manufacturer. The user unboxes the computer, powers it on, logs in, and from that point onward, the device is provisioned for them based on the applications they need. In the background, established governance rules are applied to both the user and the device, as noted above.
The user can then access cloud-based resources, including both applications running natively in the cloud and also on-premises applications published to the cloud.
The role of IT, then, focuses on building and enforcing that “edifice of governance” that keeps the organization safe and enables users to do their work. This is critical, strategic work in any organization. It’s obviously a higher-level function than the hands-on work of provisioning PCs!
The Modern Desktop model supports today’s app-centric end users
There’s another benefit that comes with IT’s evolution away from delivering devices to enabling access: a foundation for stronger partnerships with departments throughout the organization. IT is no longer limited to providing solutions within the confines of a traditional corporate network and its attending security risks and technical limitations.
This is essential because the world of applications is increasingly self-service. People are used to looking around for software that meets their need. They are familiar now with the cloud model in their personal lives, and they expect the same level of convenience at work.
So, the technology surrounding the Modern Desktop model must be capable of governing use of self-service applications desired by end users and departments.
Getting started — both co-management and greenfield
First, it’s important to note that the Modern Desktop approach requires always up-to-date software, including the operating system on PCs, so Windows 10 is a necessary aspect to the model. Once Windows 10 is in place, we recommend both (1) starting to co-manage existing devices using the modern approach, where possible, alongside the more traditional tools, and (2) creating a greenfield “modern-only” environment as you deploy new devices — whether all computers or just a select portion of them.
In this way, your older PCs will become a smaller and smaller percentage of your total number as time passes. In the meantime, the co-management approach will bring some of the modern security benefits to these older machines.
So, even if it’s for only 10 or 15 users, we encourage IT and business leaders to start down the Modern Desktop road. You’ll learn lessons that will support your work to bring the rest of the organization into the future. You’ll build your experience working with the monitoring tools, publishing your applications to the cloud and — perhaps, most importantly — starting to establish the governance rules that are, in the new world of corporate computing, at the very core of IT’s service to the organization.
Nathan Lasnoski is chief technology officer of Wisconsin-based Concurrency Inc. (www.concurrency.com), a Microsoft-focused professional services firm founded in 1989.
Click here to sign up for the free IB ezine — your twice-weekly resource for local business news, analysis, voices, and the names you need to know. If you are not already a subscriber to In Business magazine, be sure to sign up for our monthly print edition here.