hi,
Am a freelance enterprise engineer,mostly work with enterprise.
I am already aware of the fact about security implications of allowing employees to use their personal electronics.
I would really appreciate if the client allows me to use my own laptop i.e personal linux laptop and connect to work network using their own vpn service which would still make the machine compatible with the security policy.
Unfortunately none of the clients i worked till date allowed this except one.
Is there any other specific reason for not allowing freelance engineer to use their own machine.
Because you are a risk on their network.<p>Using their equipment they can ensure you are on isolated network if you have no updates applied and can push those updates to you. They can push security configurations, like restricting what office apps can or cannot do. Ensuring AV is configured to their liking. Configure logging so if you ever get owned, they can trace it back from where it came and what it did. They can ensure you are on some proxy server. They can alert you if your host accesses known bad site. They can run background penetration tests if necessary.<p>And so on.<p>MS world has the tools to do that. Supporting Linux in that kind of enterprise would need significant additional investment.
Their system, their rules. VPN alone doesn't make a system compliant, unless the client says so. Just as a random thing, imagine if you showed up with a machine that is running your own compiled kernel, with Spectre mitigations disabled. They would never see what hit them.
Maybe you’re working for the wrong clients. When I worked freelance it was expected that I would provide all necessary equipment myself. Access to servers and version control is usually by SSH, so it didn’t matter what OS I ran.<p>Also, using your own equipment is often a differentiator between contractors and employees, as is setting your own work schedule.
If your customers supply the equipment and dictate the hours and so on you get close to the IRS classification of employee. You (or your customer) can't just call the relationship freelance or contract, it has to meet some requirements that show an independent relationship.<p>I have freelanced for over a decade and never had a customer tell me I had to use their hardware. I don't doubt it happens -- I know f/t employees working remote who have to lug around a "work" laptop -- but I would just say no to a contract like that unless it had a lot of ofsetting benefits.<p>The policy may come from the IT security people rather than a policy enforced by the client company. I have had to jump through hoops with large company IT departments just to get access to their network.
Many companies have ISO, PCI, etc conditions that require them to maintain positive control over devices on their networks. This will include both security tools, like endpoint agents, but also policy controls like Active Directory and Intune (MDM). There are also a few oddball vpn services that only work under Windows (no clue why people buy them). Getting all that working under one operating system is difficult enough. Each additional OS generally requires a redo of those efforts, plus effort to maintain interoperability.<p>That said, there are efforts to get tools like Intune to work on Linux, but it's still early days.<p>Said as someone who vastly prefers working under Linux.
As others have mentioned, security is not just about connecting to a vpn. Bare in mind that the IT department has to take care of hundrends of techologically illiterate pc users in their organization and they need as much remote control as possible and as much standardization as possible. I am not saying it's undoable to plug in a linux pc in there, I am just describing some factors<p>Depending on what work you do exactly and how beefy your machine is, you can spin up a virtualbox with linux to do your job. I had such a case and did my work just fine.
A lot of enterprises need to comply with regulations and security standards (e.g. PCI-DSS or SOC2) which often require them to implement systems and processes over their "control environment". They need to demonstrate that they can do things like enforce password requirements, or disable your device/account remotely (via MDM) if needed. It's not enough that you use their VPN.
In my experience with large corporates they architect their environment for the Microsoft ecosystem - windows, AD, M365 apps and so on.<p>This means they only have to worry about making stuff work and be secure for windows clients. This means they can easily save time and money by saying “only use windows clients”.
One word: support.<p>Support does not mean “it works“. Support refers to who is on the hook when something goes wrong.<p>If the company is not prepared to support Linux, there is your problem.
Probably companies have actions with Apple so they buy and promote their sh#t.<p>In all the companies I had been so far I always requested a Linux and they came back with a lot of bullsh#t