Unrestricted secure computing

Information technology (IT) departments have historically enforced security on end-user computers through a combina- tion of software agents that restrict what the computer can do, mandate particular actions on the part of the user, re- port various pieces of information back to IT, and regularly check for and apply updates, as well as policy restrictions that tell the computer user the various ways in which they are not allowed to use their own machine. From a user per- spective, this can be summarized as: IT takes a perfectly good computer and refuses to let you use it until they load it up with bloatware and tell you what you aren't allowed to do. Because of this, IT is often seen as making computers less useful rather than more useful, i.e., IT is the \Depart- ment of No." In this paper we attempt to provide a framework by which IT can overcome these historical tendencies while still main- taining the security that we must necessarily have in order to protect the proprietary and sensitive data in use by our campuses, colleges, and departments. We recognize the pri- macy of importance of data protection (as opposed to device protection). We discuss the various agents that are installed on end-user computers and suggest means by which those agents might be removed (i.e., bloatware reduction). We discuss frameworks currently in place for data protection (e.g., SharePoint, Citrix) that might be utilized to begin removing usage restrictions from our end-user computers (i.e., restriction reduction). Finally, we propose a model in which both the software agents and the usage restrictions take place at the network level rather than at the level of the end-user computer, thereby freeing the end-user computer from the clutches of IT and releasing it into the wild to be used to its fullest by the end user.