Forgot your password?
typodupeerror
Cellphones Cloud IT

How To Thwart the High Priests In IT 417

Posted by timothy
from the your-red-stapler-is-not-safe dept.
GMGruman writes "You know the type: They want to control and restrict any technology in your office, maybe for job security, maybe as a power trip. As the 'consumerization of IT' phenomenon grows, such IT people are increasingly clashing with users, who bring in their own smartphones, use cloud apps, and work at home on their own equipment. These 'enemies' in IT are easy to identify, but there are subtler enemies within IT that also aim to prevent users from being self-sufficient in their technology use. That's bad for both users and IT, as it gets in the way of useful work for everyone. Here's what to look for in such hidden IT 'enemies,' and how to thwart their efforts to contain you."
This discussion has been archived. No new comments can be posted.

How To Thwart the High Priests In IT

Comments Filter:
  • by Improv (2467) <pgunn@dachte.org> on Sunday December 18, 2011 @04:58PM (#38419264) Homepage Journal

    While some people get the policies wrong, in general the idea of IT policies is a good one; the only way to support business policies is to allow for sensible IT policies to exist. If the IT policies don't serve the business policies, someone's not doing their job right, but that's not a problem with the idea of policies existing at all. If you want to "thwart" your IT people, you'd better have a damned good reason.

    • by BlakJak-ZL1VMF (256320) on Sunday December 18, 2011 @05:00PM (#38419282) Homepage

      ^ This. The IT dept's worst nightmare are employees who *think* they know better.

      • by Anonymous Coward on Sunday December 18, 2011 @05:14PM (#38419394)

        Actually it's the job of IT to support the employees who are designing the products that bring in the revenue. It isn't the role of IT to dictate what those employees can use.

        We had an IT guy for a while who thought he was a dictator. He lasted about a week before we replaced him with a guy who realized his job was to make OUR jobs easier. He's quite good at it, too - he actually does make our jobs easier, which makes everyone more productive. If he was going to tell us, "Sorry, you can't use X or Y", he'd be out of here in a week too.

        • by Anonymous Coward on Sunday December 18, 2011 @05:26PM (#38419476)

          Actually it's the job of IT to support the employees who are designing the products that bring in the revenue.

          Right and wrong. IT's job is more than just facilitating the ability for engineers to do their job (not all companies even have engineers). It's about corporate security, regulatory compliance, and SLA compliance.

          A good IT department will make compromises between all of these things. The business needs to be flexible enough to allow engineers, salesmen, etc. to be agile so as to be competitive in the market, but not to the point of anarchy where an untested/uncertified smartphone gets lost and results in sensitive data going into the wrong hands due to the lack of remote management of said devices, resulting in regulatory fines or competitive disadvantage. Similarly, any sane IT department is going to have a supported platforms/devices list. You cannot provide an SLA to the business on a device you've never seen and done any interop testing with.

          Sorry, it's obvious you don't understand the challenges of a real business.

          • by lakeland (218447) <lakeland@acm.org> on Sunday December 18, 2011 @05:57PM (#38419678) Homepage

            Well yes, but I think you're implicitly overestimating the typical cost of "resulting in regulatory fines or competitive disadvantage". When was the last time you heard of a company getting fined or giving data to a competitor as a result of a data leak from a lost piece of computer equipment? When was the last time you heard a salesman say they lose time to IT policies.

            I personally have had two clients because it's easier for them to outsource the work than it is to get their IT enabling that work to be carried out internally. As you say it's all about compromises, but in my experience the way those compromises fall depends much more on the political clout of IT than on any intelligent assessment of the risk and benefit.

            • by Anonymous Coward on Sunday December 18, 2011 @06:25PM (#38419840)

              When was the last time you heard of a company getting fined or giving data to a competitor as a result of a data leak from a lost piece of computer equipment?

              First of all, that was just a singular example of IT security. There are numerous other attack vectors that IT has to enumerate, assess, and control.

              Second of all, the reason why you don't hear about it is, firstly, it's rarely a front page news story when $RANDOM_COMPANY loses a harddrive full of customer account information (unless it's a particularly large breach). Secondly, the actual fines (which are, for the most part, a recent legislative creation) are incentivizing companies to actually implement the proper IT policies such as device encryption and remote wipe / disable. So the problem is starting to be solved.

              When was the last time you heard a salesman say they lose time to IT policies.

              Not the first time I've heard "It's IT's fault" from underperformaing salesmen. I'm not going to say IT is always innocent, but I've been around long enough to seen the patterns.

              I personally have had two clients because it's easier for them to outsource the work than it is to get their IT enabling that work to be carried out internally

              Specific examples? I'm not saying you're lying, but I can't argue with vague generalities.

            • SOX Compliance (Score:5, Informative)

              by sycodon (149926) on Sunday December 18, 2011 @07:16PM (#38420130)

              And I'm not talking about Hanes.

              If you are dealing with the feds, the meeting the requirements of the Sarbanes-Oxley act is a fact of life. Failing to deal with the requirements can essentially mean the death penalty for the company because the feds won't do business with you if you are out of compliance.

              The Act essential deals with setting up security and policies that prevent someone from being able to game the system. A Buyer can create a PO, but cannot perform A/P functions do pay the PO and cannot receive the product. Just a simple example.

              But in my company, many, many people got their panties in a twist when we started taking away their ability to do things and requiring them to abide by policies and procedures. It can be a big culture shock to small to mid size companies that grow into a larger markets with the Feds.

              One of the biggest headaches was enforcing the use of standard cell phones and disallowing the storage of data in the phones. Anything that comes onto premises, had any kind of connectivity with the network and then left the premises is now tightly controlled and locked down. All the laptops have encrypted hard drives and even USB drives are automatically encrypted when they are connected if they are not already. If you have dealt with sales people, you know they don't like that one bit. Shit, I can't even install and use iTunes or any other mp3 players.

              So to the feds, this is a Big Deal and people can and have lost their jobs for trying to game the system because otherwise, the whole company could be dead, figuratively speaking.

              • There's always a way to get the data out. If you work with people most of them will work with you most of the time. If you set yourself up as an impediment, people will humour you with lies and work around you.

                You may occasionally catch one, but most will keep it out of your sight.

                • by rabbit994 (686936) on Sunday December 18, 2011 @10:47PM (#38421170)

                  Maybe you have never worked with stupid requirements that Feds enforce but I have. This stuff is life or death to company. People can and will get fired instantly for breaking it. So like others have said, it's not that we want to impede the user, we have no choice.

                • by ArhcAngel (247594) on Monday December 19, 2011 @02:00AM (#38421972)
                  And if they get caught they will be fired...if they are lucky. Working around IT policies put in place to comply with government regulation for any reason looks suspicious. If the feds notice the results can be much, much worse. When I see violations to SOX or corporate policy I make it a point to inform the person violating the policy and their supervisor. I also send an email to my supervisor with the details of my observations and subsequent actions so there is a record that I did not turn a blind eye to the infraction. How it is handled from there is up to the person violating the policy and their superiors. I can't speak for other IT "dictators" but the way I look at it is if you get this office shut down it affects my job too @ss hole. As it happens I can see the old Enron building (now owned by Chevron) from my office. A constant reminder of just why SOX exists in the first place.
              • by AmiMoJo (196126) <mojo@NOspAm.world3.net> on Monday December 19, 2011 @06:43AM (#38422862) Homepage

                Shit, I can't even install and use iTunes

                You can't really blame them for blocking malware...

              • Re:SOX Compliance (Score:4, Insightful)

                by rnturn (11092) on Monday December 19, 2011 @03:57PM (#38426804)

                Not that I completely agree with everything that IT management decides to do but...

                If folks are using a network that doesn't belong to them and computers that don't belong to them either why aren't they just using the equipment that the company supplies and do the job they were hired to do? It is going to be extremely rare for someone's job to require the ability to install iTunes and manage music on MP3 players? (One has to wonder what will be the next "right" that's being denied to employees? Surfing for pr0n using the corporate network?) The monthly malware/patch meeting I attend has this discussion nearly every time it convenes. One has to wonder what business need is being provided by iTunes. It never fails to amaze me that people think that all the toys that they own need to work flawlessly on the corporate network. Stop calling that thing in your cubicle a personal computer. It ain't. Their workplace, their rules. Deal with it.

                I can still remember when having one's briefcase/purse/bag/etc. inspected going into and when leaving the premises was standard procedure. A camera would have been confiscated immediately and removing anything required a manager's approval. (I needed to borrow a keyboard one weekend after mine had croaked and needed my manager's and his manager's approvals on the form that I needed to present to security on the way out of the building. All for something as benign as a keyboard.) Imagine the squawking that would occur nowadays if they started enforcing a policy like that with smartphones with cameras and/or multi-gigabytes of memory and having the ability to get onto the corporate network. Yeah, this was at a defense-oriented company but I've worked at financial firms with just as strict security.

            • by mbkennel (97636) on Sunday December 18, 2011 @08:54PM (#38420658)

              "Well yes, but I think you're implicitly overestimating the typical cost of "resulting in regulatory fines or competitive disadvantage". When was the last time you heard of a company getting fined or giving data to a competitor as a result of a data leak from a lost piece of computer equipment? "

              Where I work, the prospective clients insist on various security audits of procedures in our company before they are willing to buy our products or share their data with us (necessary for the work we do). This is standard.

              Loopholes == losing huge deals.

          • by Hognoxious (631665) on Sunday December 18, 2011 @06:02PM (#38419708) Homepage Journal

            I'm inclined to agree. GP comes across as the kind of feckless twat who equates making everyone's job easier with doing everything they say and no questions asked.

            I'll tell you whose job it doesn't make easier - the one who has to clean up the inevitable wreck that occurs when you take understanding the users (a good thing) a step too far and let them run the show.

            • I'm inclined to agree. GP comes across as the kind of feckless twat who equates making everyone's job easier with doing everything they say and no questions asked.

              I'll tell you whose job it doesn't make easier - the one who has to clean up the inevitable wreck that occurs when you take understanding the users (a good thing) a step too far and let them run the show.

              Ahhh. but isn't that about setting expectations, not necessarily letting them run the show. The role of IT is to enhance the productivity of *ALL* employees in a company, not just the engineers, not just the bean counters, not just the execs, not just the IT department. Employees have different jobs and different needs and IT needs to be flexible in helping ALL employees be more efficient WITHOUT sacrificing security or regulatory compliance. How do you do that? By having periodic meetings with departmen

          • by kdemetter (965669)

            Similarly, any sane IT department is going to have a supported platforms/devices list. You cannot provide an SLA to the business on a device you've never seen and done any interop testing with.

            Sorry, it's obvious you don't understand the challenges of a real business.

            There's another concept : IT provides you with the best tools, so you don't have to look for it. So you gain time.

            Say for example you would have to communicate with each other, and there is no standard company way to do it :
            - Some people might use gmail
            - Some people might install skype
            - Some people might install live messenger
            - Others might use facebook to communicate with each other.

            Now, if i need to reach everyone in the company, and make sure i get replied from everyone in the company, i would have to ch

        • by jaymz666 (34050) on Sunday December 18, 2011 @05:29PM (#38419502)

          Creating solid policies that protect the network and the company from intrusion of just plain failing should always come before Joe sixpack employee hooking his iPad to the network.

          It will often take some time to make sure that adverse affects will occur, or to sure up infrastructure. But very few IT people are gods on high, they want to help.

        • by BlakJak-ZL1VMF (256320) on Sunday December 18, 2011 @05:32PM (#38419532) Homepage

          Agree with the other response; you apparently have the wrong end of the straw.

          The IT dept support the _company_, not individual employees. If you want a tool that the company hasn't provided you, the right channel to go through is via management and the procurement process. Then your required tool gets a proper introduction-to-service and your IT guy is appropriate trained and ready to support it, rather than just having it shoved in his lap because it's the new toy you've just decided you 'need'.

          if it's a device that you need for business purposes, the business will provide it for you. (Or should, if it's a genuine need.)

          The influx of personal smart devices into business is great; but if you expect to connect them to my corporate network, you best be prepared to see them integrate into my corporate network requirements around security and support. I've seen policies from 'sure, but you support it' through to 'absolutely not' and the support guy's job is to enforce that policy. No more, no less. Oh and by the way, support guy rarely dictates policy, most especially in larger companies.

          • by jrminter (1123885) on Sunday December 18, 2011 @05:52PM (#38419652)

            if it's a device that you need for business purposes, the business will provide it for you. (Or should, if it's a genuine need.)

            In an ideal world, yes. I really wish I worked in one. I work in an organization under "severe budget constraints" (unless you are senior management, then it looks pretty cushy to those of us in the trenches.) If we don't buy and use our own stuff, we have to limp along with "stone knives and bearskins" (thank you, Leonard Nimoy and Star Trek). Our choice is to work around IT or get hammered at performance review time for "not getting the job done."

            • by BlakJak-ZL1VMF (256320) on Sunday December 18, 2011 @06:11PM (#38419768) Homepage

              This old argument... I know exactly what you mean, but if your productivity is being hindered by 'stone knives and bearskins' then surely this is something that management simply get to live with? When Management cease to support the employee, surely the employee should become a 'timecard-worker'....

              if your productivity is high, they're going to think all is well. Let your productivity slide and when they ask why, point out to them how they're screwing themselves over with their stone-age conventions?

              Sucks I know, but otherwise you're shooting yourself in the foot.

            • by Genda (560240) <mariet&got,net> on Sunday December 18, 2011 @07:10PM (#38420100) Journal

              I've been on both sides of this conversation and I understand the temptation for engineers and techies to just figure out a local solution, get the job done and be productive in the moment. Now just for a moment, put yourself in the position of an IT professional.

              They are responsible for: The whole intranet working, efficiently, cooperatively, and securely. You have 10-20 little network fiefdoms, with different hardware, operating systems, application software, security, network interfaces, proprietary services and infrastructure and degree of collaboration and shared resources. Now you have to make this mob of PCs, Macs, Linux/Unix servers, and personal devices, all singing, all dancing, while sharing consolidated storage and corporate resources. You have to have consistent access and availability to the internet. You have to provide intranet access to dozens or hundred of smart phones, tablets and laptops, while at the same time providing some semblance of security and application accessibility (have you got even the foggiest idea how easy it is to have a bluetooth device and use it to get into a corporate network?)

              You have to meet corporate guidelines, bring up ethical issues (should or shouldn't employees expect their email to be private when it runs through corporate servers?) and stay on top of the growing list of compliance to government regulation. The last item is an issue the keeps IT specialist up at night. The government is making it absolutely clear that it's willing to hammer large businesses that don't meet minimum federal standards for data security and compliance. Add to that laws which intrude into business operation (everything from HIPPA to DMCA) and IT has to be on top of nearly every byte comes and goes from an enterprise server.

              Then of course you have employees, accessing social networks, reading anything from funnies to personal email, streaming music and video on corporate servers and networks, playing games and doing any of a thousand things they probably shouldn't be doing on a corporate network. Laptops, pads and smart phones come and go all day, and expose your secure data to terrible threat. Anybody can now plug a 128 GB USB thumb-drive into computer and slurp off a ton of proprietary data.

              All those personal devices, with different OSs; IOS, Android, OSX, Windows, Blackberry, and all those devices with different apps some play nice, but whole bunch are shoddy slap-together security disasters. If you have recently heard about huge breaches in banking and financial institutions or massive government fine against corporations that didn't comply with new regulations in data security or proper operating practices, you're simply not been paying attention to the business news. All of this becomes even more critical for a start-up or small company. Lose you IP and goodbye company. Breach a serious government restriction and there goes your company and the penalties nowadays may not end with just fines.

              Play nice with your IT team. Yes, there are occasionally despotic little tinpot dictators protecting their little corporate territory (I find however, that is more often than not the fault of higher management, and that such fiefdoms abound in such an organization) bur for the most part, more often though, your IT professional are there to provide the best service they can inside the constraints of best corporate practice. IT just needs to find the best balance between the needs of the corporation vs the needs of the individual. Talk to your IT manager, come up with a clear procedure for submitting apps to IT for review, and if they don't violate corporate standards, can be integrated into the corporate environment.

              • by msobkow (48369)

                Lose you IP and goodbye [startup] company

                You mean there are still people naive enough to think that "secrecy" will protect their idea?

                Guess what -- ideas aren't new in 99.999% of cases. They were originated by science fiction authors and science journal pundits/researchers decades or even centuries ago. We still haven't implemented some of the ideas that creative minds like Newton or Jules Verne came up with, much less dealt with the practical side of the philosophical issues around artificial intellig

                • by sycodon (149926) on Monday December 19, 2011 @12:33AM (#38421542)

                  A process for regulating the discharge from a capacitor.

                  The formula for a doping compound that increases the efficiency of solar cell to 80%

                  A list of your customers and their feed back on your service or their future purchasing plans.

                  A spreadsheet of assay results from two years of mineral sampling.

                  All kinds of companies have I.T. departments and not all valuable information is source code.

                • by ghostdoc (1235612)

                  Lose you IP and goodbye [startup] company

                  You mean there are still people naive enough to think that "secrecy" will protect their idea?

                  Yes. There's a perfectly valid form of IP protection called 'Trade Secrets' that relies on the thing being protected being kept secret. Companies relying on this protection, and there are a lot of them, must take very careful steps to ensure that the secret being protected is actually protected, and document that protection.
                  The archetypal example of this protection is the Coca-cola recipe, which is unpatented, still secret and still protected.

                  The protection that Trade Secrets gives is that if someone in you

              • My last big company IT job had 3 major departments, all of whom had their own IT ideas, and at least one with their own IT person who did some purchasing and install and config of PCs.

                There was a lot of time where dealing with resource competition and fighting the departments over standards was such a distraction, I told my boss we should just not bother -- cut up the PC budget among departments and let them figure it out on their own.

                IT would provide LAN for free, but internet would be metered with costs b

          • by ArhcAngel (247594)

            If you want a tool that the company hasn't provided you, the right channel to go through is via management and the procurement process.

            I recently encountered a situation where a dept. director (who happened to be friends with the VP) managed to get a project green lighted to create a MS Access DB for her group. She even got permission to hire a dedicated MS Access programmer. The company has likely spent millions on our Oracle system but the director had used Access in a past job. The first IT ( me ) heard about the project was when I received the request to install Access on ~40 systems so the DB could go live! The director (who I am frie

        • by epyT-R (613989)

          actually, sometimes the best way to support these people is to say 'no.' in other cases, saying 'yes' creates problems down the line that you are blamed for, and these people don't want to hear how their demands caused them.

        • by Tanuki64 (989726) on Sunday December 18, 2011 @05:56PM (#38419676)

          I am so glad I don't work in system administration anymore. Tools like you really were a pest. My first job was system administration. The person I replaced was a really good administrator. If good administrator means that he was liked by the rest of the company. Ok, when I examined the server I discovered a rootkit, some unknown outside party had access to this company's servers for month, but hey, shit happens. This is only a small problem as long as the employees were able to surf their porn sites. I built a firewall, cleaned the servers and all computers in this company and generally closed a whole bunch of security holes. What happened? Did I get thanked? Bah, a few weeks later I had a very inconvnient talk with the boss. Sure, I was the BOFH and the mobbing started. Everything worked under the old administrator, why can I idiot not keep everything as convenient as my predecessor? For instance he never forced anybody to use scp instead of ftp to get their files. And really all websites worked. I quit after about three month. Don't know what happened. Perhaps they were able to get their old, good administrator back. At least for a while. Because what I know, is that this company does not exist anymore.

        • Nope... (Score:3, Insightful)

          by Anonymous Coward

          Excuse the rant. Realistically, IT has a number of jobs:

          1: Keep stuff running.
          2: Keep stuff accessible by users.
          3: Keep stuff secure. Yes, this can inconvenience someone, but better a teed off muckety-muck than a wholesale breach where all the goodies are stolen to an offshore firm.
          4: Comply with regulations.

          Do you know how many fscking regulations an IT department in a midsize company has to deal with? In a typical organization, you have to deal with Sarbanes-Oxley (either because your firm or one o

        • It isn't the role of IT to dictate what those employees can use.

          Any good IT staff (especially IT Management) is there because they know exactly how to balance between usability and other business concerns that may include overhead costs, support costs, service levels, security and actual business cases. It IS THEIR JOB to dictate what devices are housing proprietary company data and which devices are allowed to connect to the cororpoate network. Management had mandated that they do that. They are not coming up with it out of a hat, or a desire to be a dictator (to be

      • by Z00L00K (682162)

        As working in IT the simple way when someone comes with a new model smart phone or gadget is that we can sure provide information about server addresses and similar but the user will be on his own to make it work in practice.

        Since devices comes new every week there's a challenge to keep up with everything new all the time.

        It's not to be evil that IT departments doesn't support every potential device on earth - it's just to keep the nose over the water. Unfortunately some IT managers goes the obnoxious way o

    • by swright (202401)

      +1

      Some policies are lame yes, and some in charge of them are stupid, but for the most part these 'enemies' are just trying to protect the bigger picture.

      Probably the biggest part of this is security. All the things quoted in TFA are a nightmare to ensure are secure, and to support!

    • by Anonymous Coward on Sunday December 18, 2011 @05:03PM (#38419310)

      it's not just a stupid post, it's a dumb shameless plug, look at the submitter and the article editor...

      very, very lame.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      In college, our home directories (using Linux) for the CS department were kept on NFS mounts. To distribute the load, the IT staff spread our home directories over numerous separate partitions, and to keep us within our allotted amount of space, so that we don't go, and fill up our accounts with junk (since we were using an old -- even for the time -- version of Slackware, "junk" could include Firefox, GNOME, and anything else that wasn't FVWM2.) the IT staff had turned on quotas.

      If you think about it, ther

    • by serverglitch (2534516) on Sunday December 18, 2011 @05:37PM (#38419562)
      The submission appears to be by the same guy who wrote the article just trying to stir up attention with nonsense directed at a mostly tech community. Professional trolling from someone that wants more hits on his website.
    • by DragonTHC (208439)

      agreed, the worst security threat to any business is the user, like the original poster.

    • The same "we could be more efficient" could be said of many accounting policies. Gee wouldn't it be faster if the person who issued the PO could approve the receiving document and authorize payments?

      Why do we really need to have competitive bids, I'm sure my brother-in-law will give a good price.

      We don't need risk management to authorize credit for this customer--I'm sure they're good for it.

      We can value these incredibly complex securities at a $1 billion.

      Yes, lots of IT rules and requirements are PIAs, but

  • Sour Grapes (Score:5, Insightful)

    by MaskedSlacker (911878) on Sunday December 18, 2011 @04:58PM (#38419266)

    Sounds like the article was written by a tool with no understanding of how enterprise IT works, and no grasp of what bringing alien, unknown systems into contact with critical infrastructure can lead to.

    • by pankkake (877909)
      But I want to browse Facebook on my iPad!
    • Re:Sour Grapes (Score:5, Interesting)

      by girlintraining (1395911) on Sunday December 18, 2011 @05:50PM (#38419642)

      Sounds like the article was written by a tool with no understanding of how enterprise IT works, and no grasp of what bringing alien, unknown systems into contact with critical infrastructure can lead to.

      Yeah... then there's my job, where somebody recently pushed out a GPO update that was supposed to make internet explorer "more secure" by preventing downloads. It's been five days now, and our company is at a virtual standstill... it's costing tens of millions every day, probably more. Bonus: I work for a major health insurance provider in the US.

      The problem is when you get people who just start adding restriction after restriction with no understanding of what it does not just to productivity and worker morale, but in some cases to the very applications they support.

      It's like how they've encrypted my whole drive and then added 3 antivirus scanners to it, running constantly... and now they're planning on upgrading to Windows 7. The only reason the system works at all is because it has 4GB to run XP ... and a couple web browser windows. It chokes on anything more.

      No, IT policy is often both foolish and stupid, and getting around it is the only way to get work done. Unless you don't care about that sort of thing, in which case, yeah... feel free to do nothing until they fire you and replace you with someone who does bypass the policies. IT has become like marketing that way -- sure, it's probably against policy, but if you want to make quota, you better ignore them too.

      • No, IT policy is often both foolish and stupid

        And often, it is not. Sounds like you have idiot IT managers and practitioners.
      • Yeah... then there's my job, where somebody recently pushed out a GPO update that was supposed to make internet explorer "more secure" by preventing downloads.

        Yep. There are a lot of incompetent IT people out there.

        The problem is that most of the non-IT people are even more incompetent at IT tasks.

        And management is not very good at managing.

        The problem is when you get people who just start adding restriction after restriction with no understanding of what it does not just to productivity and worker morale,

    • Sounds like the article was written by a tool with no understanding of how enterprise IT works, and no grasp of what bringing alien, unknown systems into contact with critical infrastructure can lead to.

      Or maybe he knows EXACTLY what the result will be.

      Most networks/systems have "evolved" over time in an "organic" fashion. That is, things were added and then fixes where added to get everything to play together in a minimally acceptable fashion.

      Now, if you can convince non-IT people that they're just as know

  • Don't care supporting home made IT solutions, just get the boss to buy it all for me so I know how to use it

  • by Tanuki64 (989726) on Sunday December 18, 2011 @05:00PM (#38419280)

    Nothing more to say.

  • by Anonymous Coward

    Management make the rules, if management say no iphones, and you then thwart them.... you've gone against management wishes.... which can be disastrous for a job you like.

    Of course Iphones in this example was simply that.

    • The article is about dealing with IT admins to whom management has punted the responsibility of making the rules. Such punting results in the IT department becoming a self-reinforcing institution interested more in preservation of its own power than in serving the company's needs. When research and development spends weeks waiting for procurement authorizations while payroll cuts checks to them to sit on their hands, management has become mismanagement.
  • The whole point of restricting devices is to prevent any conflicts that block productivity, and that's from the network ops side. From the security side, devices are blocked to prevent extrusion attempts as well as to prevent vulnerabilities from being introduced.

    It has nothing to do with power tripping; it has everything to do with making sure the network doesn't fall apart. It has everything to do with making sure no one breaks into the organization and runs away with trade secrets or, worse, PII.
  • Overhead (Score:5, Insightful)

    by Scutter (18425) on Sunday December 18, 2011 @05:04PM (#38419312) Journal

    IT is overhead. It's a cost center. It generally does not generate revenue. Maintaining an infrastructure costs the company money. Every time you want to bring in your personal equipment, we have to figure out how to support it and that raises the company's overhead. Instead of making IT justify why we don't want to support your Widget Of The Day, why don't YOU justify to the company why you're increasing costs and then work to have that increase added to IT's budget so that we can actually afford to support your crap without having to divert funds away from things that the company has already approved?

    • You have a problem because your funding model is broken.

      Set up an IT shop where people can buy tickets which entitle them to support for standard computers as well as tickets which entitle them to support on the non standard latest widgets. Money comes out of their budget and goes to IT budget. Problem solved. They will have to justify to their own management why their widget is costing $2k per year to support vs $20 for an XTerm.

      Same goes for network storage, backups, large email inboxes any resource. Let

  • by geekforhire (300937) on Sunday December 18, 2011 @05:06PM (#38419322)

    I certainly understand that users want to use what is easy for them but they need to understand that they don't set policy. I listen to any reasonable requests and if they fit within our policy (or if it makes sense to change the policy to allow it) I will authorize their request. However, understand that I have been working in IT for over 20 years and know a thing or two that you probably don't. Its not a power trip, its my job, it is what they pay me to do. Employees need to understand that its not personal. If their request was denied I had a very good reason to do so. Get over it, move along.

    • by jbolden (176878) on Sunday December 18, 2011 @06:25PM (#38419838) Homepage

      Except that your job and your policies can interfere with their job. By your logic they can break your policies, because it is their job and it what they get paid to do, its not personal; and you should get over it and move along.

      Or maybe you need to try and figure out what unmet business need is driving the desire for a new device and meet the need so they don't even want the new device.

  • by gtirloni (1531285) on Sunday December 18, 2011 @05:08PM (#38419342)
    Just saying.
  • by pla (258480) on Sunday December 18, 2011 @05:10PM (#38419360) Journal
    Seriously? We don't want uncontrolled portable devices on our networks because we don't control them. We can't force-install AV software (if it even exists for your favorite no-name phone/player/tablet/whatever), we can't even do basic cleanup of them without your cooperation.

    And that only describes them as a potential vector for attack. We also can't control who else has access to them, can't wipe remotely without your permission, can't keep you from leaving it, complete with the latest super-secret corporate strategy on it, in the bar at a random trade show.

    Dislike of portables has nothing to do with controlling you, and everything to do with controlling and protecting what the company pays us to - Their IT infrastructure and digital IP.
    • by tepples (727027)

      We can't force-install AV software (if it even exists for your favorite no-name phone/player/tablet/whatever)

      If antivirus software doesn't exist for a particular platform, then that platform probably has no viruses to speak of either.

    • by myrdos2 (989497)

      I develop software for a small company, and it sounds like you administer a large one... but when you say: "Dislike of portables has nothing to do with controlling you", I think you are lying. You would like to force me to install AV software (you can't, I develop in Linux), clean up my machine (whatever that means), wipe it without my permission, stop me from taking it with me, and generally have control over everything I do on the system.

      I can imagine this making a certain amount of sense if computers con

  • by ErikTheRed (162431) on Sunday December 18, 2011 @05:10PM (#38419368) Homepage

    It's the sort of stupid article you'd expect from an organization that is supposedly all about information technology, but is so backwards that they're endlessly pestering me to take a free subscription to their dead-tree edition. If their web site isn't even worth visiting for free articles, why would they think I want to spend the effort moving their magazine from my mailbox directly to the trash?

  • Dear GMGruman... (Score:5, Insightful)

    by Richard_at_work (517087) <richardprice AT gmail DOT com> on Sunday December 18, 2011 @05:14PM (#38419402)

    Dear GMGruman,

    Go fuck yourself.

    Yours sincerely,
    Pretty much every sysadmin anywhere that's been tasked with providing IT services to keep a business running as productively and profitably as possible, in spite of people like yourself.

  • by bigsexyjoe (581721) on Sunday December 18, 2011 @05:15PM (#38419408)
    The article starts by saying there are good IT people who help you and bad IT people who make things difficult. From there he just whines and whines about nothing. His only advice about "thwarting the high priests of IT" is to complain to the CIO. Of course everyone complains to the CIO about the tech staff, but he or she will apparently be dazzled by your insight that some IT workers are good and some are bad.

    The only non-obvious thought in this article is referring to bad IT workers at the "High Priests of IT." However, it is only non-obvious because it is really stupid. And if you actually go around saying "the High Priests of IT" then you are a bigger dickhead than almost any IT guy ever met.
  • by russotto (537200) on Sunday December 18, 2011 @05:19PM (#38419436) Journal

    IT is often the "prevention of information services department". User figures out a better way to do something, IT blocks it. Prescribed methods of doing things don't work well; user goes around them, IT blocks or complains to management. User wants something done, IT demands business justification and signatures from at least two executive VPs. User does it himself, IT finds out and makes him stop.

    • by Culture20 (968837)

      IT is often the "prevention of information services department". User figures out a better way to do something, IT blocks it. [...] User does it himself, IT finds out and makes him stop.

      No duh. Opening up your desktop firewall to the world and setting up your C drive as a share writable by Everyone is not a better way for your team to share data. Rooting your box doesn't make you l33t, it makes you a headache and potential legal problem. Go through proper channels, make your case logically. Worst case scenario, get your boss to talk to my boss.

  • by Culture20 (968837) on Sunday December 18, 2011 @05:28PM (#38419490)
    This was probably written by the dude who routinely roots his box (calls Dell to get the BIOS reset code, uses a bootcd, et voila) so that he can install PC anywhere because it's VITAL for his side business and he knows IT will say "no".
  • It's already been covered how stupid it is to think a company only has IT policies as a power trip. But beyond that, do you really think it's appropriate to view your coworkers as "enemies" who need to be "thwarted"? It's bad enough that the "CRUSH KILL MAIM!" rhetoric has broken into politics, do we really need it in the workplace next?

  • ...services but refuse to follow-through after the fact?

    I am the network admin/server admin/helpdesk manager for a small online-based college (not private but part of a state system). Our department is moving to a new building in February or March so, of course, I wanted to order a single server to provide file, print, antivirus, WSUS, DHCP, and other necessary services for our office. We are well-positioned to grow in the next five years (which is our lease period for the new place) so a single server shou

    • You could leave. The ultimate reality of this situation is that the BUSINESS thinks that the IT department they have fulfills their needs, not yours. If it doesn't fulfill your needs, go up the proper business channels explaining why they don't. If nobody listens or cares, then find another job. At this point it's the company's loss if you leave, not yours.
  • by dave562 (969951) on Sunday December 18, 2011 @05:33PM (#38419538) Journal

    The article is complete flamebait, and many other posters have pointed that out.

    The solution to home brew IT and people wanting to use their own devices is simple. Setup Citrix VDI or something similar. The Citrix receiver runs on everything.. iBlah, Android, web browsers, etc. The "cutting edge, tech savvy users" can use their lame devices, and all of the application code and information stays safe on the corporate network.

    To flip the author's logic back around him, he suggests that users using their own devices are making things easier on corporate IT. They are empowering themselves at their own cost. Good for them. Let them pay for their Citrix licenses and infrastructure costs. If they really want to "partner with IT" and be an "IT ally" (to use the idiotic author's verbiage) , they can go ahead and come up with some funding. Nothing makes friends like throwing money around.

  • by onyxruby (118189) <onyxruby&comcast,net> on Sunday December 18, 2011 @05:34PM (#38419548)

    All right, Mr Gruman you have trolled and since I'm one of your bad guys I'm going to respond and enlighten you:

    They want control, and users who want to choose their technology tools are apostates to be crushed.

    I have best practices that tell me to control these things that you want to let roam free. I also happen to have laws, and some of these laws have very large financial penalties or the possibility of jail time.

    Mr Gruman, how many attorney generals have you had conversations with after someone went ahead and did what you wanted done? I'm willing to bet it's not as many as I have had and that you've never had to deal with the results of your company making the international news because someone decided to bypass IT.

    When you come across an IT pro stupid enough to use the "toys" epithet, complain to your CIO. Send the IT person back and ask for someone who actually respects you. Marginalize and isolate these IT staffers before they do it to you.

    Your insight into how to play dirty politics to get your "Toy" into the office shows your complete lack of an understanding of how the enterprise works. Is your department going to pay for the budget for the time needed to support your toys?

    Instead, you hear the code phrases, involving "security," "governance," "compliance," "risk," and "efficiency." These code phrases (the middle three are often referred to as a group via the acronym "GCR") boil down to "if you do it, it will be bad; if we do it, it will be good."

    These code phrases are code for things like "mutli-million dollar fines", "angry attorney generals", "class action lawsuits", "criminal negligence", "security clearance", "ethics", "privacy" and other such things.

    You see this is what happens when some petty ass whiny twit such as yourself goes to the CIO and says I want my toy and the IT department won't let me have it. The CIO comes to the IT department and says, "why won't you let this twit have his toy" and we're going to come back with something like "federal law, accountability, public relations disaster".

    You know what Mr Gruman, I have never, ever lost that argument. When you take into account that regulation is only increasing the odds that I might lose that argument drop even further.

    Now Mr Gruman, instead you should try the tactic of saying "IT Department, I want to use this toy for business purposes and not just as a toy, can you please look too see if we can?". You might have a perfectly legitimate case, and it might be very reasonable to do what you want, but you have to ask so that we can see if we can do that without avoiding nasty code words.

    Just remember my code words can and have cost companies many millions of dollars when someone blew them off and ignored the IT department.

    • Bravo bravo, very well put.

      I'd like to add a small tidbit.
      If a user comes to our department with a request for a certain piece of software that does X, we might deny that request and offer an alternative since we already have a license for software Y or we researched it and found that software Y is easier to use, has fewer problems, etc. This goes for hardware too.
      I consider it a point of principle to give the best service possible within the framework of our IT policies.
      We do have to say no on a regular ba

    • Look at his biography over on Infoworld. He ran a desktop publishing company. He wrote some books about it. He's a journalist. But he has no real IT experience. He's clueless about what it really takes to manage thousands of users in a regulated industry. He's just an armchair quarterback.

      --
      .nosig

  • by Angst Badger (8636) on Sunday December 18, 2011 @05:39PM (#38419572)

    ...but I stopped counting how many times the author recommended trying to cost people their jobs for actually doing them after the third time. I'd like to offer something more insightful in response, but I'm afraid I'm left with "What a smug asshole."

  • (This is my second comment to criticize this article. But I can't help it, because this article sucks.)

    Okay, so he's saying that if IT doesn't you to do something they are bad "High Priest of IT", you should complain to the CIO.

    His advice represents a horrible deficit of office political savvy. For example, hasn't it occurred to the author that policies are usually set by the CIO himself? So if the CIO is an asshole, he'll just agree with you that the person you are complaining about is bad and do no
  • I know how to break into one in about five seconds. They're an enormous security risk, and I'm not an "enemy" because I don't think they belong on my network. If Apple wants to made a ruggedized iPad designed to hook safely into a domain based corporate network, then I'll consider that a business machine, but until they do, I'm going to call the iPad what is is - a toy. Period.
  • ...and I am sure I don't have to explain to anyone here why.

    I get the feeling that this article was written after Galen Gruman (the author if you didn't take a look at the article) brought in some "shiny new toy" couldn't connect to the network or some network resource and the expected IT to come rushing to his side to support a technology that they are not supposed to and don't have the time to and so they didn't. The enemy? Seriously now. I would suggest anyone and everyone here worth their salt in IT wr
  • by MasterOfGoingFaster (922862) on Sunday December 18, 2011 @06:06PM (#38419740) Homepage

    A better headline might be: "Writer get pissed that IT guy called his new gadget a Toy."

    While I'm sure he's got a good point that IT people should not talk down to other employees, he needs to hear a few horror stories to understand our concern about his new "toy".

    I was brought in to trouble shoot a network that was completely down, idling over 100 workers. Naturally, the CEO called everyone who had any IT experience, so we had a crowd of upset and confused people. In short - it was a packet storm. What caused it was an employee bringing in his own device and connecting it to the network.

    The employee wanted a wireless AP for his laptop, because he didn't like the Cat5 cable. The IT staff said "no", so he install his own Linksys. You see it coming - no encryption, default password, etc. Well, it was slower than the wired connection, so he figured he could get twice the bandwidth if he connected TWO Ethernet cables. The port he selected was connected to a different switch, and soon a packet storm erupted.

    Yes, the IT manager made several mistakes, including buying non-managed switches. But the bottom line is the employee cost the company dearly for his "toy".

    What's funny? The guy was bragging to his buddies about how smart he was, not knowing the IT manager, CEO and I were standing behind him. Fired on the spot he was.

  • by sstamps (39313) on Sunday December 18, 2011 @06:32PM (#38419874) Homepage

    Every other department that uses IT pays for it. Those who use more IT services, or otherwise cost the company money from their IT fuckups, pay more. Eventually, they learn to work WITH the IT department to lower their overhead costs so they can meet their budgetary targets. That means doing the kinds of things that the idiots best represented by the author of that article abhor: the things recommended/enforced by those "High Priests" as best practices.

    I mean, yeah, there are bad IT people and departments out there, to be sure, just like there are bad users. Unlike bad users, though, bad IT people and departments don't last very long.

    • by Scutter (18425)

      Every other department that uses IT pays for it. Those who use more IT services, or otherwise cost the company money from their IT fuckups, pay more. Eventually, they learn to work WITH the IT department to lower their overhead costs so they can meet their budgetary targets.

      That's a great theory, except it doesn't work that way in the real world. In the real world, the users decide that since they can't bully IT into doing what they want for free, they'll just try to do it themselves rather than beg their boss for permission to spend budget dollars on the company IT department, especially when no one in the department has even gotten a raise this year. So when they need a new switch port activated, they don't call the help desk. Instead, they order a $20 piece of crap cabl

      • by sstamps (39313)

        That's a great theory, except it doesn't work that way in the real world.

        It works great in practice, too. After seeing it in action and being part of the "High Priesthood of IT" in a Fortune 100 company for a number of years, I can attest to the fact that it does work, and works well.

        In just about every case where another department/division of the corporation tried to "buck the system", they ended up paying significant portions of their budgets for IT to clean up their messes, which in turn led to more adherence to IT "best practices" policies.

        Never doubt for a minute that expr

  • by Bob9113 (14996) on Sunday December 18, 2011 @06:40PM (#38419910) Homepage

    Don't rise to this asshole author's bait. He's a troll or he is ignorant, and the right answer is neither that people should nor that they should not thwart IT, and the right answer is neither that IT should smack them down nor that IT should give them everything they want.

    The right answer is that the people who feel they need to thwart IT are a valuable resource. They are people who have a need that is not being satisfied. That need should be explored and a resolution found. Sometimes the answer is, "No, because it would not be safe / cost-efficient / legal." Sometimes the answer is, "There is already a way to do that, but not the way you are attempting to do it." Sometimes the answer is, "We should add that capability, because it will make the company more profitable."

    The idea that it is all X or all Y is fundamentally rooted in "us versus them" mentality. It is a bullshit, douchebag mentality which is, unfortunately, actively fostered by assorted self-righteous nincompoops and the kinds of people who watch the UFC not for the display of physical prowess and grace, but because they like to see people hurting each other.

    Don't rise to the bait. Users who are trying to thwart the system are a valuable resource. You want to plumb them to discover unserved needs, underserved needs, and opportunities to improve training. You also want to help them understand why they can't do certain things so that their frustration doesn't fester and become a morale issue.

    It is easy to see why the author is a writer. He clearly would not operate well in a more team-oriented context.

  • by MichaelCrawford (610140) on Sunday December 18, 2011 @08:20PM (#38420476) Homepage Journal

    My understanding is that Iran got the bad news from a personal flash drive.

    I used to work for an organization that took securit very seriously because just one quick glance at our upcoming product would have enabled our competition to getbthe jump on us. even so the it people were constantly battling malware brought in on personal flash drives.

    the solution another client used was to lock all the pcs in cabinets physically disconnected from the Internet. because I worked remotely I had to transfer a file to the clients network. I had to get someone who was trusted with the cabinet key to do that for me.

    everyone had a second computer for web browsing and personal email. our work machines used Ethernet KVM extenders.

  • by gweihir (88907) on Sunday December 18, 2011 @10:34PM (#38421124)

    Fearful underlings are, but far less often than most users believe. Many user requests for using their own devices are simply due to the users not understanding the problem. Example: Many industries have record-keeping requirements and data-retention requirements. When users store and process data on their own devices, these could be violated. Many industries also have data-security requirements. Except for users that are expert system administrators on their own devices, again, allowing users to process data on devices they administrate themselves is not a good idea and may even be illegal. That said, with a competent IT department, a user that is also a system administration/security expert will get added privileges. But these are the rare exception.

    Most users have no idea what the risks are and allowing them to do their own risk management is not acceptable. Case in point: I am a security expert, but I doubt I could really make a current Android/iOS/Win Phone device secure. There is not enough access, not enough stability and not enough experience with these devices. Surprises may happen at any time and are a lot more likely than, say, on a stable Linux distro. Hence I would not even ask to be allowed to put sensitive data on such a device. And anybody that does is very, very likely does not understand the problem.

    So, no, typically the problem is on the user side. IT departments could be more understanding and more clear about their policies, but that is also a staffing, budget and management problem. If IT always has to roll out the big guns to enforce a policy, it is not a surprise that they will get defensive.

How many Unix hacks does it take to change a light bulb? Let's see, can you use a shell script for that or does it need a C program?

Working...