Internaut: Buying naked? Don't forget to cover your assets
Shawn P McCarthy
Now may not be the best time for government agencies to keep their clandestine 'naked PCs' undercover. Security and compliance concerns are likely to drive them out of the shadows.
For those unfamiliar with the term, a naked PC is a personal computer that is sold without an operating system. It's often purchased by people who personally want to install open-source Linux, or by organizations that have prepurchased Microsoft Windows through a licensing program.
Only a small percentage of naked PCs are controversial. In general, the idea makes a lot of sense. Naked PCs can be a cheaper solution for organizations that have negotiated discounted enterprise OS licenses. But naked PCs also pose challenges.
Some agencies are better than others at tracking enterprise OS licenses. In my conversations with Microsoft Corp. representatives and others, I've found significant concern that the government is running more PC operating systems than it has officially licensed.
A related problem is that of supposedly retired PCs that somehow make their way back into service. Most agencies keep a typical PC three to four years, replacing dozens at a time when they reach the end of their cycle. The old PCs often pile up in storage facilities before being sold. It's easy for someone to pull a PC out of a closet, unofficially update the operating system and bring it back to life as a backup system or a temporary desktop used for special projects.Wink, wink. Nudge, nudge.
Depending on whom you talk to, up to 10 percent of naked PCs end up with unlicensed operating systems. For resurrected PCs, that figure is much higher. Historically, this kind of situation has been accepted with a wink and a nudge. Few agencies tracked every single OS installation within their walls. But these PCs are normally plugged into networks, which is when the challenges'and threats'arise. Fortunately, trends in how agencies manage IT should help deal with naked PCs.
As more agencies appoint chief security officers and chief compliance officers, accountability has improved. CSOs are focusing heavily on patch management, improved software firewall solutions and virus protection updates. These are the main ways to combat hacker activity, but they only work if security managers know about the existence of every PC on their network, including what OS is installed on each PC. Meanwhile, CCOs are tasked with making sure agencies conform to all laws and reporting requirements, including those that cover security compliance and sometimes licensing.
As these two missions intersect, it's interesting to see something as task-specific as security patch management also fostering better OS license management. Driven by the needs of CSOs and CCOs, you should expect to see much tighter control of naked PCs as they're brought into government agencies, including how operating systems are licensed and installed. You'll also be expected to better account for old systems to which you grant new life. Keeping a network safe sometimes means paying attention to all the rules.Former GCN writer Shawn P. McCarthy is senior analyst and program manager for government IT opportunities at IDC of Framingham, Mass. E-mail him at email@example.com.