Is there a legitimate reason I should be required to use my company's computer? (BYOD prohibited)

Question

I just got a new job at a medium-sized (~100 employees) company and one of the first things I was told is that I cannot use my own computer, because I need to be able to connect to their network, access files, etc. I didn't think that made much sense because to my knowledge, as long as I'm on their network, I should be able to access anything I need to.

So I asked my friend this question, who told me it might be a security thing. Could there be a security-related reason as to why I'm required to use my employer's machine?

Answer 1

So this is an interesting question with a few points into why you not only should WANT to do this, but should do this for your own safety and security. It helps first if you understand that companies point of view before we talk about how it can benefit you.

Why would a company want to do this?

Many reasons. It makes it assured that your computer can access the network, do what it needs to do, and function how they need it to at a baseline. This way the IT department can maintain it easily, quickly, and up to standard.

Can they make me do this?

YES THEY CAN! They are having you work on their property, with their property, to make sure it works properly. This way you can actually do your job.

Should I do this?

Oh god yes.

• This lets you pass the buck if needed. Now if something that is supposed to work, doesn't work, it isn't your fault.
• Maintenance becomes a breeze because if your files are backed up to a safe place (any installers you used as well), then if something really bad happens they can restore it to a disk image and have your computer back to you in the matter of a few hours instead of days.
• IF you leave the company for any reason, you don't have to relinquish your personal computer to them for driver scrubbing or making sure you don't take any company software or intellectual property with you.
• IT has no claim to touch your personal computer for any reason.
• For security reasons, you can make sure that your work computer is up to their standards and any potential breach won't be your fault, but their bad policies' fault.

And here's the whammy: It keeps you safe from the company!

In using the company computer your own personal information won't be on the company network, and you can keep your private life away from your work life. This is a big advantage because you can make sure that your own data, is your own data.

Answer 2

As a guy who writes and enforces these types of corporate policies, I can tell you this: it is perfectly normal, and a perfectly reasonable policy.

I do NOT want your equipment on my network, ever. I can't control it, I have no insight into how patched it is, how virus-ridden it is, and I do NOT want you to keep company data on your personal device when you leave.

The sheer number of things that have gone horribly wrong when an employee comes in on the weekend with their personal laptop so they can do personal stuff on it while working on their work laptop makes me shudder. One laptop was a host for 4 different botnets and the owner didn't even know it. My network knew it, though, when the bots started scanning and probing my network.

In the end, you need to ask your IT Security department these questions. They will be happy to describe in detail why their policies are the way they are.

Answer 3

In addition to all the other reasons given:

Software licences. You and other employees need certain programs to do your work. These programs are usually licensed for a limited number of users.

The company want to control this and the easiest way is by controlling the machines. Letting employees install these programs on their own computers would be both a practical and legal mess.

Answer 4

It's a fairly standard corporate security policy to only allow company-owned rather than personal devices to access the company network.

Your corporate PC is typically only used for approved activities, covered by firewalls virus checkers and so on.

Your personal PC, in contrast, is not under the control of the company, often won't have anti-virus software installed, and who knows what dodgy software you may have downloaded. Therefore there is significantly more risk allowing you to connect a personal PC to the corporate network.

A separate issue is data protection. If your corporate network has sensitive data on it, which you copy onto your PC, which you then take home, there is more risk that data might leak because there's more risk your PC may be stolen for example.

In contrast to all this, "Bring your own device" is a common request from users, particularly for mobile devices, to IT departments are under pressure to reconcile these conflicting requirements.

Answer 5

It's my understanding that many companies prefer to restrict access to their own hardware so that they can better ensure proper security procedures. For example, suppose that company policy specifies every employee must use full-disk encryption. If employees were allowed to use their own personal machines, it seems quite likely that someone would forego encrypting their disk because it slows down their machine, or because they never get around to it, etc. Similarly if they want to enforce policies such as VPNs for Internet access, prevent less-secure versions of various software (e.g. web browsers) from being used, etc.

Of course, in practice, this frequently results in many employees' machines being less secure than they ordinarily would have been, because the IT department is chronically understaffed and overworked, or doesn't care enough, or whatever. (Example: I once ran into a company machine that was restricted to Internet Explorer 6 because nothing newer had been "certified" by internal IT. This was in 2011.) But the idea is often very appealing to higher-ups in management.

The "so you can access our network etc." excuse sounds like it might be something they tell employees who are less tech-savvy to avoid argument. "So you can access our network" is a lot easier to understand than "So that we can ensure your hard disk is properly encrypted."

This is, however, pure speculation. Having never worked at such a company, I have very little first-hand evidence. Everything I say is based off second- and third-hand information.

Answer 6

In addition to what has already been mentioned: if you own the equipment, you walk out with it when the job ends. Should the device contain importand data for the company, it becomes a major problem.

Had this issue once. There will not be BYOD in my company. Never again.

Answer 7

In addition to what all other good answers highlighted, a company may ask you to work with their computer only to ensure that you invest your time in working and not in something else. This is particularly useful to monitor workers' productivity and efficiency especially in a period where the company faces hard times and needs to be sure of taking advantage of its full resources before taking the decision to recruit more workers and whom to fire. As a matter of proof, we hear from time to time cases of a worker who got fired from his/her job for spending lot of time on using Facebook at workplace.

Also, depending on the company you are working in, a company may need to monitor your machine's activities to protect itself from economic espionage.

And there are so many other reasons why it is not good for the company to let you use your own personal computer at workplace: the day you will get fired and feel it's unfair, you may take revenge by infecting their network or even more (this is not a fiction, but it happens)

Note that even if that is the standard as it was commented below your post, not all companies follow that.

Answer 8

Most company computers are hardened and updated regularly. They also contain AV and other SW to prevent and detect malware and other malicious attacks. By plugging your personal computer into their network you are providing an attacker with a system that is not as secure as the one they provide. Even if you believe your computer is more secure, it is up to the company to approve or deny such requests. A final reason would be, companies track where their information goes. By using a personal computer you could be exfiltrating their data (patents, ideas, proprietary SW...) and they wouldn't be able to track this. If you decide it is worth the risk, be prepared for the consequences. If you do decide to bring your computer to work, don't connect it to their network.

Answer 9

The best, and clearest response I can think of is:

Your computer is legally your property. Unless a person has a warrant for the data on your computer, they cannot access it. They cannot control it. They have no easy legal way to get the data back and certainly wouldn't have access to who may have been a recipient of it through your willful or unwillful actions. Not without at least expending some major $$ on an attorney for warrants, subpoenas possibly court, litigation, prosecution. I think you can see where this is going.

All the above, which are great answers, aside; Why would a company want to give anyone their knowledge base, and potentially leave themselves open to litigation down the road?

The example of: You take your personal computer into work with you as you're working on a Saturday to get caught up. Let's say in between your work, you want to access your favorite remodeling show, and chat with your neighbor about the next home improvement project.

As innocent as this sounds, technically you're breaking corporate policy and could be fired for 'stealing' bandwidth or violating policy or any number of corporate policy's that fall under the "I have read this document and agree to its terms" which we never, or rarely read.

Technically, you are 'stealing' bandwidth. It is their network and you're accessing it without express permission on a day when you don't have express permission to even be on the premises. Or at least that could be their argument if things got sticky.

Answer 10

Most likely reason for this is that they need to legally be able to install employee monitoring software with/without your consent.

I know this because I work for a company that makes that kind of software. Our software monitors all employee activity and reports to the boss(es) about your productiviy. And you wouldn't even notice or know that this is happening if you don't have extensive knowledge about computers and software...

As someone else has already mentioned it is a LOT easier (and possible) to do those things with the computers of their own.

Answer 11

1. Many companies have certain hardware standards. Using their equipment means you stay within those standards and are capable of using the technologies they use and running the software you are required to run.

2. They need to be able to set and maintain security on your system. They don't want to risk you being able to install a virus that spreads through their network stealing information and disabling computers. If it's a mobile device such as a laptop, they may require whole disk encryption.

3. They don't want to have to pay you to install and configure baseline software and settings when they most likely have an image they can load right onto a new machine for you in a short amount of time.

4. If you end up with important or sensitive data on your machine, they don't want to be on the honor system with you that "I deleted it" Plus if you have a software license for some very expensive software they would like to give it to the next guy if you don't work out and not risk being in violation because you try to keep it if you did.

5. You will complicate so many things for the IT staff. And if we are talking about joining to a domain and having group policies setup on your system, you may not like restrictions that must be in place on YOUR system and your just going to end up mad.

6. If something on your machine breaks, they can't just slap your hard drive into another computer and have you back up and running. They may not have replacement hardware on hand, and if something is really expensive that goes out they don't want to replace it. If something does break, they need to be able to get you up and running and back to your job that they are paying you for and let the IT staff do their job and repair the system. You really seem to like your computer. Would you want someone else fixing it when they don't want to pay you to and they expect you to get back to work on another machine anyway?

There are so many more reasons. This is scratching the surface. It's just plain a good idea for you and the company.

Answer 12

Is there a legitimate reason…

Yes ! Pretty simple and basic: responsibility.

If you use your personal computer within the network of your company and you cause any form of trouble, through any sort of virus, spyware, or any other malware, you will be personally responsible of all the consequences. Here responsible won't mean a lot of work to repair the damages (this house cleaning will be done by the IT team) this will rather mean a lot of money, reputation or job loss.

If, on the other hand, you use a company computer, this responsibility will be held by the IT team. (This is much more safe and comfortable for everyone.)