How To Thwart the High Priests In IT 417
GMGruman writes "You know the type: They want to control and restrict any technology in your office, maybe for job security, maybe as a power trip. As the 'consumerization of IT' phenomenon grows, such IT people are increasingly clashing with users, who bring in their own smartphones, use cloud apps, and work at home on their own equipment. These 'enemies' in IT are easy to identify, but there are subtler enemies within IT that also aim to prevent users from being self-sufficient in their technology use. That's bad for both users and IT, as it gets in the way of useful work for everyone. Here's what to look for in such hidden IT 'enemies,' and how to thwart their efforts to contain you."
Rarely read such a nonsense (Score:3, Informative)
Nothing more to say.
IT Don't make the rules generally.. (Score:2, Informative)
Management make the rules, if management say no iphones, and you then thwart them.... you've gone against management wishes.... which can be disastrous for a job you like.
Of course Iphones in this example was simply that.
Re:Wow, what a stupid post (Score:5, Informative)
it's not just a stupid post, it's a dumb shameless plug, look at the submitter and the article editor...
very, very lame.
Re:Wow, what a stupid post (Score:5, Informative)
Agree with the other response; you apparently have the wrong end of the straw.
The IT dept support the _company_, not individual employees. If you want a tool that the company hasn't provided you, the right channel to go through is via management and the procurement process. Then your required tool gets a proper introduction-to-service and your IT guy is appropriate trained and ready to support it, rather than just having it shoved in his lap because it's the new toy you've just decided you 'need'.
if it's a device that you need for business purposes, the business will provide it for you. (Or should, if it's a genuine need.)
The influx of personal smart devices into business is great; but if you expect to connect them to my corporate network, you best be prepared to see them integrate into my corporate network requirements around security and support. I've seen policies from 'sure, but you support it' through to 'absolutely not' and the support guy's job is to enforce that policy. No more, no less. Oh and by the way, support guy rarely dictates policy, most especially in larger companies.
Galen Gruman, you have trolled and I'm respoding (Score:5, Informative)
All right, Mr Gruman you have trolled and since I'm one of your bad guys I'm going to respond and enlighten you:
I have best practices that tell me to control these things that you want to let roam free. I also happen to have laws, and some of these laws have very large financial penalties or the possibility of jail time.
Mr Gruman, how many attorney generals have you had conversations with after someone went ahead and did what you wanted done? I'm willing to bet it's not as many as I have had and that you've never had to deal with the results of your company making the international news because someone decided to bypass IT.
Your insight into how to play dirty politics to get your "Toy" into the office shows your complete lack of an understanding of how the enterprise works. Is your department going to pay for the budget for the time needed to support your toys?
These code phrases are code for things like "mutli-million dollar fines", "angry attorney generals", "class action lawsuits", "criminal negligence", "security clearance", "ethics", "privacy" and other such things.
You see this is what happens when some petty ass whiny twit such as yourself goes to the CIO and says I want my toy and the IT department won't let me have it. The CIO comes to the IT department and says, "why won't you let this twit have his toy" and we're going to come back with something like "federal law, accountability, public relations disaster".
You know what Mr Gruman, I have never, ever lost that argument. When you take into account that regulation is only increasing the odds that I might lose that argument drop even further.
Now Mr Gruman, instead you should try the tactic of saying "IT Department, I want to use this toy for business purposes and not just as a toy, can you please look too see if we can?". You might have a perfectly legitimate case, and it might be very reasonable to do what you want, but you have to ask so that we can see if we can do that without avoiding nasty code words.
Just remember my code words can and have cost companies many millions of dollars when someone blew them off and ignored the IT department.
Re:Wow, what a stupid post (Score:5, Informative)
Re:Wow, what a stupid post (Score:5, Informative)
I've been on both sides of this conversation and I understand the temptation for engineers and techies to just figure out a local solution, get the job done and be productive in the moment. Now just for a moment, put yourself in the position of an IT professional.
They are responsible for: The whole intranet working, efficiently, cooperatively, and securely. You have 10-20 little network fiefdoms, with different hardware, operating systems, application software, security, network interfaces, proprietary services and infrastructure and degree of collaboration and shared resources. Now you have to make this mob of PCs, Macs, Linux/Unix servers, and personal devices, all singing, all dancing, while sharing consolidated storage and corporate resources. You have to have consistent access and availability to the internet. You have to provide intranet access to dozens or hundred of smart phones, tablets and laptops, while at the same time providing some semblance of security and application accessibility (have you got even the foggiest idea how easy it is to have a bluetooth device and use it to get into a corporate network?)
You have to meet corporate guidelines, bring up ethical issues (should or shouldn't employees expect their email to be private when it runs through corporate servers?) and stay on top of the growing list of compliance to government regulation. The last item is an issue the keeps IT specialist up at night. The government is making it absolutely clear that it's willing to hammer large businesses that don't meet minimum federal standards for data security and compliance. Add to that laws which intrude into business operation (everything from HIPPA to DMCA) and IT has to be on top of nearly every byte comes and goes from an enterprise server.
Then of course you have employees, accessing social networks, reading anything from funnies to personal email, streaming music and video on corporate servers and networks, playing games and doing any of a thousand things they probably shouldn't be doing on a corporate network. Laptops, pads and smart phones come and go all day, and expose your secure data to terrible threat. Anybody can now plug a 128 GB USB thumb-drive into computer and slurp off a ton of proprietary data.
All those personal devices, with different OSs; IOS, Android, OSX, Windows, Blackberry, and all those devices with different apps some play nice, but whole bunch are shoddy slap-together security disasters. If you have recently heard about huge breaches in banking and financial institutions or massive government fine against corporations that didn't comply with new regulations in data security or proper operating practices, you're simply not been paying attention to the business news. All of this becomes even more critical for a start-up or small company. Lose you IP and goodbye company. Breach a serious government restriction and there goes your company and the penalties nowadays may not end with just fines.
Play nice with your IT team. Yes, there are occasionally despotic little tinpot dictators protecting their little corporate territory (I find however, that is more often than not the fault of higher management, and that such fiefdoms abound in such an organization) bur for the most part, more often though, your IT professional are there to provide the best service they can inside the constraints of best corporate practice. IT just needs to find the best balance between the needs of the corporation vs the needs of the individual. Talk to your IT manager, come up with a clear procedure for submitting apps to IT for review, and if they don't violate corporate standards, can be integrated into the corporate environment.
SOX Compliance (Score:5, Informative)
And I'm not talking about Hanes.
If you are dealing with the feds, the meeting the requirements of the Sarbanes-Oxley act is a fact of life. Failing to deal with the requirements can essentially mean the death penalty for the company because the feds won't do business with you if you are out of compliance.
The Act essential deals with setting up security and policies that prevent someone from being able to game the system. A Buyer can create a PO, but cannot perform A/P functions do pay the PO and cannot receive the product. Just a simple example.
But in my company, many, many people got their panties in a twist when we started taking away their ability to do things and requiring them to abide by policies and procedures. It can be a big culture shock to small to mid size companies that grow into a larger markets with the Feds.
One of the biggest headaches was enforcing the use of standard cell phones and disallowing the storage of data in the phones. Anything that comes onto premises, had any kind of connectivity with the network and then left the premises is now tightly controlled and locked down. All the laptops have encrypted hard drives and even USB drives are automatically encrypted when they are connected if they are not already. If you have dealt with sales people, you know they don't like that one bit. Shit, I can't even install and use iTunes or any other mp3 players.
So to the feds, this is a Big Deal and people can and have lost their jobs for trying to game the system because otherwise, the whole company could be dead, figuratively speaking.
Re:Wow, what a stupid post (Score:5, Informative)
"Well yes, but I think you're implicitly overestimating the typical cost of "resulting in regulatory fines or competitive disadvantage". When was the last time you heard of a company getting fined or giving data to a competitor as a result of a data leak from a lost piece of computer equipment? "
Where I work, the prospective clients insist on various security audits of procedures in our company before they are willing to buy our products or share their data with us (necessary for the work we do). This is standard.
Loopholes == losing huge deals.
These people suck at a very base, scientific level (Score:2, Informative)
Here's an idea: I thwart your use of esoteric shit (esoteric, defined as "not controlled by me and my team" in this case) for the following reasons:
* I have limited time and limited resources. Supporting your so-called smartphone, tablet, or other personal device costs me time, which in time costs me money. This isn't time I'd otherwise dedicate to your office-supplied machine; it's time spent above and beyond that, because it's different and requires manual settings.
* IT Professionals don't just use random shit, typically. We select our gadgets and tools on technical merit not how cool it is. That means we're rolling out laptops with a standard image which we have QA'd to some degree and know how they will perform. We do this so we don't have to deal with things like, for instance, Apple products which can't retain a wireless connection to save their lives or be managed centrally.
* Your crap introduces security problems above and beyond what is possible to regulate, short of running Snort on every switch port. In the past month, I have seen Android phones, Apple laptops, and Windows 7 systems which are "fully up to date" etc. running on 'secure' networks - and having malware of one form or another on them. In one such case it was a VIP's personal laptop, and the malware was both very intrusive and undiscovered by any of half a dozen antivirus/malware tools used to remove it. (I still need to isolate that forensically and submit it to 'the authorities' for inclusion... yet something else I'd not have "had" to do if it wasn't allowed).
* It usually goes like this: User wants to use Shitware Uberspunk to perform $office_task. They get manager approval, and everything goes fine. Then one of your (thoroughly planned) server/application/etc. rollouts breaks their very important program (or vice versa), and they're no longer able to "get work done". They bitch up the chain of command, and since stink flows towards IT when people don't want to deal with it, you ultimately need to find a workaround for their stupidity, even if the expectation was "no IT support" from the start. (Quickbooks crashing due to using Google Talk within IE is a good example of this, but there are a myriad others.) FWIW, shit 'cloud' services fit this mold pretty well, too.
I can understand that people want to have their cake and eat it too, but that's been the desire since forever. Cloud computing, mobile devices, etc. don't change this desire any, or make it any more obtainable: things still break; things are still incompatible; users still do stupid shit. The closest you're going to get is with a virtualized environment and remote desktops of some sort, allowing people to connect to them from a portal or mobile applications. We still can't do the modern equivalent of supporting Bonzai Buddy - on the contrary, we're more overworked now than IT has ever been before, and extra burdens often mean having to pick between "patch important systems for security" or "replacing aging hardware".
People who write shit like this (and think like this) should just stick to tort laywering and politics.