IT Departments Fear Growing Expertise of Users 499
flatfilsoc recommends a long article in CIO magazine on users who know too much and the IT leaders who fear them. Dubbing the universe of consumer technology the "shadow IT department," the article highlights the extent to which the boundary between users' workplace and home have broken down. It notes the increasing clash — familiar to anyone who works in a company with an IT department — between users' home-grown productivity boosters and IT's mandate to protect corporate data. The inherent tendency of the IT department to want to crack down and control technology that it doesn't supply should be resisted at all costs, according to CIO. The article outlines strategies for co-existence. It just might persuade some desperate CIO somewhere not to embark on a career-limiting path of decreeing against gmail and IM.
Yeah, what he said.... (Score:5, Insightful)
Some people/groups really need a sandbox to work in, without interference from good intentioned IT departments.
A virus spread wildly throughout my company recently because IT had thought to conveniently map some not so useful drives for everyone... guess how that virus spread?
IT needs to learn to provide and protect without being so intrusive as to hinder real work being done.
Sighhh
Re:Yeah, what he said.... (Score:5, Insightful)
Re:Yeah, what he said.... (Score:5, Insightful)
Then again, if it's a small shop and you're not really dealing with protected information on the network (say, medical records for example), then you may be fairly lax as to what users can/can't do at the workstation.
*IF* however, you have federal and or state guidelines you MUST follow with regards to protecting identity and health information, then sorry pals, your workstation is locked down. Nope -- no unauthorized memory sticks. Nope, no internet access -- other than white listed work related sites. Nope, no access to install software.
I've had users ask me for permission to install some "app" they like to use. The simple answer is "no" and I don't want to waste my breath re-hashing the same reasons. So I say "No. Check your employee handbook, page 12 for why" and walk away. I'm not going to have anyone of my guys jump through paperwork hoops to keep CAP or CLIA or MediCal happy so someone can have their computer go "ding" at a certain time using their favorite software.
Re:Yeah, what he said.... (Score:5, Insightful)
Morale.
This is a tricky thing and different for different types of work. A long time ago when I worked at a research lab, they tolerated my Linux boxes going onto their corporate network, which was a mix of Solaris and Windows. I even managed to interfere with their routing infrastructure by doing experiments with gated. They might have been upset about it, but in the end good work got done and the creative people were happy. If their policy had been draconian, the said good work would have been done at a competitor.
Re:Yeah, what he said.... (Score:5, Insightful)
And how would their morale hold up when their employer is either shut down, fined in to oblivian or loses their ability to bill medical or some critical private insurance (essentially, you go out of business) for not providing necessary safegards for indentity/medical history? I don't think that their morale will be that high when they get their last check...
A radio is fine. A tape deck. Even a CD player. Hell... even an MP3 player is fine so long as it's not hooked up (and unable to hook up) to a workstation.
Re:Yeah, what he said.... (Score:4, Insightful)
Why is data so unsecured that the receptionist who plugs in her iPod can somehow get access to identity/medical histories? That's not the fault of the iPod or the receptionist.
It's called "physical security". (Score:4, Insightful)
Because without physical security there is no security.
Locking down the PC so that the receptionist cannot move data to his/her iPod would also, logically, prevent the iPod from doing anything that s/he would want it to do.
Unless you configured an iPod specific rule. And security is broken by "exceptions".
Re:It's called "physical security". (Score:4, Informative)
Re: (Score:3, Insightful)
An iPod could have a virus/keylogger/spyware/whatever, and whatever information the receptionist (or data entry minion, or whoever has an iPod) works with as a part of her job can then be comprimised. It's not that she'd suddenly gain access to things she shouldn't, but that things that she does have and need access to need to be se
It's a question of misplaced priorities. (Score:3, Insightful)
I'm not saying that there aren't situations where barring anything that could carry data away is appropriate. It's just that IT types seem to hone in on the "security breaches" that they can shore up, to the greatest inconvenience of users, while ignoring glaring holes elsewhere. If yo
Re: (Score:3, Insightful)
I think it's more the case that you are focused in on the restrictions that effect you rather than getting a view of the "big picture". The trees are blocking your view of the forest.
Re:Yeah, what he said.... (Score:4, Informative)
Cut/Paste from APP -> text File -> IPOD HD.
Scan
You've obviously never worked with state/federal payors who are cracking down on fraud. Not only from the entity making the claim for service, but forcing the entity making the claim to police their own CLIENTS for fraud. There are volumes of various types of regulations and procedures that CAP/CLIA/Medi require and we are regularly inspected for compliance.
Sucks to be in IT in the medical field sometimes.
Re:Yeah, what he said.... (Score:5, Insightful)
The problem most of the time isn't theft. The problem is users who THINK they know what they are doing but really don't. I have worked in several offices where everyone felt they could do whatever they felt like to their own computers and only called the admin when they were at a loss of how to fix it.
Some noteable moments:Show me a way in advance to know what users can be trusted and I'll consider letting users have more control. Until then I'll demand that users don't' mess with anything for no other reason that I end up with more work every time they mess up.
Re: (Score:3)
I agree completely. The term that I've heard for it is, "Knowing just enough to be dangerous." It is especially prevalent in the Windows world where everything is so "easy" and "simple". There are those users who want to do it all themselves and they think they are the best thing since sliced bread, but as soon as their house of cards comes crashing down around them, it's "All IT's fa
Re:Yeah, what he said.... (Score:4, Funny)
Also add to this the other tool who plugged in another WAP with the internal DHCP server turned on and serving addresses in the same address range as his office network.
A little knowledge is a dangerous thing? Just look what a *lot* of it can do...
Re:Yeah, what he said.... (Score:4, Funny)
During a routine maintenance job (clean workstations/mice/keyboards), one of my guys found a post-it under a plebs keyboard. It read: "Do you think I'm foolish enough to keep my password here? HAH! I use my birth date so I don't have to!"
I found the note hillarious. It was a HS kid working as a data entry drone. Now she works for me while going to college earning twice as much.
Re:Yeah, what he said.... (Score:4, Informative)
Re: (Score:3, Funny)
Because it's an important plot device so the hero can save his family. Duh.
Re:Yeah, what he said.... (Score:4, Insightful)
And how the hell do you roll out new software packages? Cause you have no idea what state the individual machine is in, I'm guessing you don't have a mass deployment tool, so do you put it on a file share and say go for it in an e-mail?
Re:Yeah, what he said.... (Score:5, Insightful)
A good net admin is flexibile. If there's a good reason for it, any rule can be bent. I'm going to treat you like an adult and explain why your actions are potentially risky and are against policy -- I'll ask you to work with me to find a less risky way to accomplish the same goals.
If you're doing network experimentation for a legitimate reason (work-related, not just being a dick), it's easy enough for me to vlan you off from the rest of the network. I'll even give you a gateway to the internet if you need it, but you'd better believe that your gateway is going to null route anything that's attempting to hit my servers or your co-worker's machines. My job may be to enable your research, but it's also my job to protect everyone else's data and productivity from your experiments should they go wildly wrong.
I'll make sure you can do your work, but you may not be able to go about it in the way that you originally wanted to; my flexibility must be matched by yours. If you crash your own machine in the process, that's a risk you chose to take. I just have to make sure that everyone else on the network has the same choice and isn't subjected to yours.
Re:Yeah, what he said.... (Score:5, Informative)
Having only one, centrally managed, desktop image has a lot of appeal as well!
Re: (Score:3, Insightful)
Re:Yeah, what he said.... (Score:5, Insightful)
This is the type of attitude that gets us into the game of "If I rename the extension to
Of course, it is probably all moot because you had to give everyone local administrator priviledges so they could run the ActiveX time-sheet application your IT department mandated.
This is the mysterious "IT guy" who thinks he knows the fixed-length list of things that each and every person in the company needs to do their job. They create a blacklist of everything they think you could do on your computer that is bad, and use some 3rd-party product to scan everything you do and disable those actions. They already know better than you every tool needed for every position in the company. Really, this person could just do your job.
Trying to monitor every application used on every PC is a modern version of micro-management. Do you look at every tool that is on someone's desk? Do you approve each stapler? If you don't let people visit web sites, can they bring in books and newspapers? Do you blacklist/whitelist the phone numbers they can call and receive calls from?
This will probably get modded as a troll. But I bet every person with mod points on this system has had to deal with the likes of you. I'm glad I got to find you and finally say it.
Re: (Score:3, Interesting)
It's basically a tacit acknowledgment tha
Re:Yeah, what he said.... (Score:5, Insightful)
You've never heard so much screaming and whining. Goes all the way up to the top. CEO gets involved, wants to know the problem. We explain the problem, which was reasonably unsolvable at that point (no money for bigger pipe).
Then we provided the logs. We were pretty pissed off, so we provided all the logs.
Result? 3 people fired for what we'd consider "real" violations, and 11 people given warnings about the proper use of work equipment.
To this day, we have the most viruses, the most spyware, and the most user-caused problems from that department. The people who work there are not tech savvy, they are not problem solvers. But each and every one of them believes that their position is by far the most important position in the company, above and beyond the people who actually produce the product.
Now I understand that you want a certain type of person for sales, and I understand that by and large, the kind of person who works in sales needs to have certain character traits to be a good salesperson, and that that sort of person isn't usually over-supplied with introspection.
But take this to heart: IT is there to keep things working. IT is there to introduce, after a period of testing, new software. IT is there to protect company data from malicious outsiders...and malicious insiders, and to maintain critical systems, and to fix technical problems.
The purpose of IT is not to do whatever you want them to do; they have to take care of the whole organization, and the needs of the organization as a whole come first. It's not to bend the security guidelines for every program that one person thinks he needs. It's sure as hell not to mindlessly support every whim of every middle manager who is desperate for his department to have something to blame for his failure to meet sales goals.
Some users we trust with elevated permissions. Some users we allow to install their own software. It may even be as high as 8 or 9 percent of our user base. Percentage in finance, for example, is like 60%. The percentage in the advertising department? Maybe 1 in 100. They are non-technical users who have a poor appreciation of security risks, and are incapable of not clicking on a pop-up if one pops up in front of them.
Validation and Regulation (Score:5, Insightful)
This is a general observation that can be made regarding 'regulatory' departments that are concerned with security and legal compliance. Generally the rules are written down by someone senior, who uses common sense to reach what seems, at the time, a reasonable compromise and a practical approach. Next, they are handed down to a team of juniors, who enforce without understanding, because that is what they have been told to do. Through habituation, the regulations become Holy Writ and nobody is allowed to touch them --- a situation the original author(s) would probably have regarded as silly and dangerous. Finally, everybody formally adheres to the rules while circumventing them by any means possible, making a total nonsense of the original purpose.
This is by no means limited to IT. It also applies to finance or health care, or for that matter the US Constitution. It seems to a general human phenomenon. But it just seems that IT departments are more prone than others to the extreme aberration that I would call IT fascism: The belief that the ideal organization is regimented, uniformed, homogeneous, goose-stepping, controlled, and obedient; and that any exceptions need to be eliminated. Maybe the use of binary code stimulates binary thinking.
Of course, for any commercial organization, this can be a real killer in the long run. I've seen creativity and innovation totally stifled by regulation, until most people were so marinated in the status quo that they became completely incapable of independent decision-making, and the creative minds got frustrated and left. It's pretty much the reason why, if I were to make a SWOT analysis of our firm, I would classify much of our IT department under 'threats'. It's not because these people are of ill will, but the idea of trying, stimulating, or even supporting something new has become alien to them.
They are taking care of the daily business, according to present regulation, and they just can't imagine that there might be more to the job than that. To be fair, most of them are so far from the "frontline" that they no longer hear the din of the battle for survival.
Sometimes it "has to fit" (Score:5, Informative)
In the US, Sarbanes-Oxley places some strict requirements on data retention for publicly-traded companies. Employees choosing to use IM and gmail, could cause those requirements to be circumvented.
Re:Sometimes it "has to fit" (Score:5, Informative)
I'm more liberal than CostCo with my employees (Score:3, Insightful)
1) It's my property (well, the owner of the company is my boss, but I manage this data center)
2) On my property, it's my internet usage rules, as long as I'm fair about it.
3) I bear the full responsibility for stuff going boom (physically, financially or legally), so I have the full right to monitor and control network usage.
4) You can always go home and use IM and gmail if you want. I have no control over that (though one jackass company in Michigan certainly would want to).
I support SOX, t
You're missing the point (Score:4, Insightful)
The point of the article is not that you should or shouldn't try to lock things down. It is that that no matter how much you try to lock things down, your users will find ways to open it up to get their work done.
If you're smart, you'll figure out ways that you can both get what you want: Your security and manageability, and their productivity and ease-of-use. Handing edicts from on high is a pretty stupid idea. The point of the article is that you're not shutting down what they call "Shadow IT," you're simply driving it underground where it's harder to see and deal with.
But, you know, it's your property and your rules, so by all means, do with it what you will, and good luck with that.
Re: (Score:3, Informative)
It's a whole lot easier and less expensive to just block access to external email or IM than it is to monitor and record them.
Re: (Score:2)
Re: (Score:2)
Well, there's that, and then there's IT departments that use one-size-fits-no-one software. We develop our software using XEmacs 19.13 (September 3, 1995) because IT doesn't want to tweak a more modern version to work with our RCS.
My personal nemesis... (Score:5, Insightful)
Has always been the user who *thinks* he knows too much, and is out to prove it - usually causing problems, havoc, and destruction in so doing. You know, the kind of guy who gets pissed when you won't give them root/Administrator priveliges because he thinks he's a real big-shot. I've heard arguments as silly as "Well, I'm learning Linux on my own at home, so sooner or later, I'm going to know how to use it whether you give me root or not." Yeah, good for you.
It seems that every company I've worked for has had one. Maybe it's a small part of my personal castigation for the things I've done wrong. Who can say...
Re:My personal nemesis... (Score:5, Interesting)
But seriously. My IT department guys were kind enough to give me admin privileges on my workstation and on my colleagues workstations in my department. I didn't ask for it, but they obviously trust me to some extent and i've built that trust over time. I'm not a sysadmin and have never been one.
It could have something to do with the fact I'm overseeing a highly technical project involving setup of IT systems of sorts. This leads me to the same problem the article mentions. Our system must stay isolated from the world - physically and connectively (no inter-tubes for you!). The problem is its users 'think' they know better and think its ok to put in a CD, or plug in a USB drive to play MP3's or whatever because they can at home. (I don't think I need to tell
Re: (Score:2)
Re:My personal nemesis... (Score:5, Insightful)
My laptop at work continuously reboots. I ran a memtest on it and narrowed it down to a bad memory chip. IT wants me to send in my laptop. I'm sorry. I don't have time to deal with that down time, so I just put up with it restarting.
The most annoying one is when they redid a few dozen internal webservers. All of a sudden the redirect didn't work (If you went to an internal site and it had been X minutes it redirected you to Corporate Web Login).
I did some research on my own and found that when they upgraded to the newest webserver someone forgot to bring along the configuration. All the redirect websites were being sent out as plain/text. Firefox correctly rendered it as... plain text. When I e-mailed IT about it I got a nice form letter about "Firefox isn't supported, we use IE, etc".
I then copy and pasted curl -v logs of all the websites that were broken. I didn't just tell them what was broken, I told them HOW to fix it. I never got a reply back and everything magically worked within a week.
Sometimes there ARE users out there who know what we're talking about. I'm not asking for admin rights or root access. But I do want to be able to do my job and when your fuckups impede that, it does tick me off. The IT people I know are the ones that seem to have the hardest time saying the two 3 word phrases that every engineer (in my opinion) must learn before leaving college: "I don't know." and "I was wrong."
In the mean time I wrote a greasemonkey script that when it saw the redirect page it sent me to the correct website.
Re: (Score:2)
Re: (Score:2)
Re: (Score:3, Insightful)
My rules for employees are simple, do your job well, or I will fire you. The rest I don't care about. I'm not paying to have a pet around that only does what I say while attached to a leash. I'm hiring someone to do a job, a job they are agreeing to do.
Employees are just vendors that are permanent (for a period of tim
IT title does not an expert make (Score:5, Insightful)
I've met uncountable numbers of idiots when it comes to understanding technology. Guess what... many of them were peers in IT. In retrospect, it makes sense. I'd anticipated my move from college to a "real" job as a release from the world of idiots in the CS curricula. Finally, I'd get a chance to work shoulder to shoulder with people who knew.
Not so much.
I'd never considered where the rest of my university peers had to go -- into the same work force I entered -- duh.
In the non-IT universe I discovered many were also clueless around technology, as I'd expected. What I hadn't expected was there were many non-IT people who got it, who understood technology, and worked with it adeptly. Many "got it" more than my peers. Some of the most profound ideas and innovation I've seen in IT have come from nontraditional non-IT people.
I agree (without reading the entire article) with the summary and gist of the article -- IT does itself no favors ruling by fiat and instead should collaborate with users.
This doesn't dismiss bad things happening and messes created by users left behind for IT to clean up. People who mess up should help clean up, but my experience has been many IT people are equally inept and likely to make messes.
A degree and title in IT and CS means only that one has a degree in IT and CS, nothing more. It doesn't mean they're anointed and it doesn't mean they know more about technology than users.
Swap and profession for "IT" and it's still true.. (Score:2)
No...that degree is mearly your ticket to the starting gate...the good ones realize that.
IT Titles and IT BS (Score:3, Interesting)
At the company, many of the users were technically savvy, and more importantly, the process associated with IT was prohibitively complicated. It would
Re: (Score:3, Insightful)
dont think so... (Score:2, Funny)
Scare them! It's fun! (Score:2, Funny)
All in one page (Score:2, Informative)
IT Isn't Master of All (Score:5, Funny)
I don't see a problem (Score:2, Interesting)
IT lost this fight when the USB memory stick became popular. Besides, no matter what they do, they can't stop me from creating a knoppix cluster from my coworkers pc's after they all leave for the day.
But I did always wonder why more departmental firewalls were present in all the places I've worked. I mean, does the CTO's pet project development team really ne
Re:I don't see a problem (Score:5, Insightful)
Lock down usb ports.
Besides, no matter what they do, they can't stop me from creating a knoppix cluster from my coworkers pc's after they all leave for the day.
They can fire you.
See, not so hard.
Re: (Score:2)
I don't know how things work on your job, but where I work, the IT security department doesn't make the rules, they just implement them. If you try to go behind their backs, you'll probably get fired when the security officer complains to your boss about it.
Re: (Score:3, Insightful)
Re:I don't see a problem (Score:5, Insightful)
Re:I don't see a problem (Score:5, Insightful)
Just a few days ago I ran an entire meeting of 12 Powerpoint presentations from my USB drive because the network drive went down the very morning the VIP showed up to have his apple polished. I thought ahead, realized that our network goes down all the time is about as reliable as the Iraqi army, so I had the foresight to copy the files to my personal USB drive. No longer--now I'll just shrug my shoulders and the organization looks only as competent as we really are for a change. I'm actually ecstatic when they lock the computers down a bit more. Already my workplace has cut off webmail, much to the joy of all the workers who now can't be held responsible for not knowing about (and completing the tasking from) an email sent out at 10PM Friday. Lock everything down, please. Could you please take my printer? Who knows what sort of shenanigans I might get up to with that.
Give me a diskless workstation that only works during business hours, and make sure it's the only place from which I can access company data, and I'll buy you lunch for a week. Don't forget that company cellphones and blackberries and PDAs are also the spawn of Satan. Keep up the good work! We love you!
Problem solved (Score:2)
Sure they can. They can fire you [wikipedia.org].
Re: (Score:2)
Uh. They make an ipod ac adapter so you can plug it right into the wall.
Try education.... (Score:2)
I experience this every day... (Score:5, Interesting)
I've always been a fan of decentralized IT - a core group working to "keep the lights on" and seperate groups providing services embedded in the groups they're providing services to, responsible to the managers of the groups who use the tools. Meetings still happen with the needed staff, but someone is a few cubes down the hall or at least on the same floor to answer questions and get feedback.
And why not? (Score:5, Interesting)
We work with NATO restricted data. *Everything* requires appropriate handling. E-mail is carefully fenced and the IM service is encrypted.
But even if you aren't a company with such a strong need for data protection... well actually there is no such thing. At the very least you have financial data and client information on your systems. Losing some of that stuff is considerably more harmful than restricting people to company provided communication tools.
Anyone placing data that hasn't been cleared for release (even by the very informal process of being sent out on purpose) onto services run by people with whom you have no contract and no reasonable expectation of integrity is, frankly, no better than the idiots who don't back up their data and are then surprised to find out that MTBF is not a guarantee. After all if your employees are using gmail et al you don't even know what data you *have* let alone what steps you need to take to protect it.
Irony (Score:2)
But apparently slashdot is totally kosher...
"Idiots" data that hasn't been cleared for release (Score:3, Insightful)
Be sure to let Jimbo Wales know he's an idiot for doing it that way. [wikipedia.org]
I'm not advocating Wiki methods for a nuclear missle silo, but I think a lot more
Re: (Score:2)
The impression I got from the summary was about restricting their use for personal use or things where a layer of abstraction is desirable. An example of the latter would be if I have a question regarding Jython but for whatever reason do not wish to directly associate my company's n
Re: (Score:2)
I would be 7 kinds of mad if anyone was using gmail and IM in my office... But even if you aren't a company with such a strong need for data protection... well actually there is no such thing.
Welcome to this decade. IM has been a vital sales tool for many years now in some industries. That means non-encrypted communication with the outside world using AIM or something. It is no more dangerous that unencrypted e-mail which is, sadly, still a requirement for doing business with most of the world.
Anyone p
Re: (Score:2)
Or is it more of a "do as I say, not as I do" policy?
Re: (Score:2)
-Eric
the "spontaneous telecommuter" (Score:2)
To have someone who just arbitrarily says "I'm going to work fro
I'm not worried about my job (Score:2)
Most users are experts at being idiots (Score:3, Insightful)
The simple fact is most users think they know what they are doing, but the lack the skills to adequately assess the risks of their actions. That is why they need to have rules around acceptable use and security policies to protect them from their own idiocy.
Re: (Score:3, Interesting)
The simple fact is most users think they know what they are doing, but the lack the skills to adequately assess the risks of their actions. That is why they need to have rules around acceptable use and security policies to protect them from their own idiocy.
Where I work is probably not representative of the industry as a whole, but IT and their policies result in less security and functionality than letting the users run amok. We started out as an engineering organization, a start up. Think a couple of n
Re: (Score:3, Interesting)
You sound like you have an IT department that is run by the muppets (wrong 1)
From what I've seen, this is about 85% of IT departments, who think Windows is all there is and wouldn't know real security if it bit them.
Your team then go and implement IT solutions that are outside of your mandate and that do not follow corporate standards or processes (wrong 2)
It's not so much that we go outside our mandate, we just keep using resources that were set up before we had an IT department because they work, u
Re: (Score:3)
Its worse than that. Its not that they can't assess risks, its that they aren't even aware of what is at stake. Nor do they understand the priorities of corporate IT in terms of cost and maintainability.
Examples:
We frequently rotate units and staff aroun
The day this is a reality (Score:5, Funny)
Huh, disagree (Score:2)
Sorry, that is not the case. Where I work, the word "email" is not even allowed in a URL anywhere. They block it period. Career-limiting my foot. I am sure any company with more then a couple of hundred people tends to be the same.
For every rule, there are exceptions (Score:5, Interesting)
But here's the thing, I don't ask for support from the IT department because I'm the odd guy. I know they can't support me. What annoys me (as the one who helps other IT departments manage lots of PC's) are the people that install various applications that cause our automated installs to fail. 90% of the machines are managed with little to no effort. It's the 10% that cause days of work while we try to figure out which of the 20 apps you installed is breaking our install tool.
And for all those against IM and email lockdown, I've been to trading companies where that's the law. They get in trouble when they don't have logs of what people said on IM, email, phone calls, etc because that's how they catch insider trading. Of course for every sensible rule, I've seen 10 that make no sense at all. As has been said before, the USB key should force companies to reevaluate their policies.
Interesting article... (Score:3, Informative)
This is kind of interesting, from the article:
"When you find that people have broken rules, the best thing to do is try to figure out why and to learn from it."
Sorry, no. When you find out that people have broken the rules, you write them up or you fire them, depending on the severity of the situation. What if the rule that was broken was someone carting around an unencrypted "backup" of a customer database on a thumbdrive, which he lost? Where I work, that's three major rules broken right there. If that happened, that person would be fired immediately.
Corporations aren't stupid. Hidebound, maybe, and slow to change, but if something is forbidden, there is usually a really good reason for it. Also, IT does not run the company, in most cases. Follow the chain of command up high enough, and you'll find IT's bosses. If you have a tool that you need or want, then petition for change. Don't do an end-run around the guys that are trying to keep you working, you're only going to hamstring yourself in the end.
The major problem is, people are making their decisions based on commercials or salesmen that promise an easy, 100% reliable solution to an existing problem. Then they run to IT to complain when the product doesn't perform the way it was supposed to. This makes extra work for an IT department that is probably already overworked. You want to play with toys, play with them on your own gear, not the corporate gear.
That said, a wise CIO is going to pay attention to what the employees say they need to find out:
a): If they really need it
b): If there isn't something better or already in-house that can fill that need
c): Is it safe to use, and what are the support requirements.
The important thing then is to tell the end user, No, you can't have that because of: ___, and give them an actual reason, instead of just telling them "against policy"
The power user vs the not so power user (Score:5, Insightful)
2. "My computer won't start. It's been making this squealy noise for about two weeks and then all of a sudden it just died. You have to come right now and fix it because all the annual budget files are on my desktop."
Which call would you rather get?
Re:The power user vs the not so power user (Score:4, Interesting)
When I called up to tell them that my co-workers computer was denying Groupwise proxy rights via a VBA Access module for a single proxy account and not any others, they ignored me for *four weeks*.
When I call up and say, "my computer doesn't work" they show up in minutes and do whatever it is that they need to do.
Re:The power user vs the not so power user (Score:5, Funny)
This is an old story (Score:2)
And a lot Mac users feel that system admins like Windows to make sure that system admins are needed.
But for the I-D-Ten-T (Score:2, Insightful)
Yes, most of their home machines are horribly infected with spyware, viruses, and other things I grow weary of cleaning up. I have friends who make their livings cleaning up home PC's. Most of them have "regulars".
I have no problem helping my advanced, capable users be more productive through technology. I will even grant local admin when warranted.
I have major problems letting my users chat with their friends on IM while surfing porn, watching last nights C
Why fear when you can enlist their help. (Score:3, Insightful)
enlist their help on assisting their computer neighbors. I also find that people
who think they know a lot quite often mess up their computer even more and consequently
require my help more - That is okay, it keeps me employed. It is changing though
with users losing admin rights. They really cannot do anything as a standard user.
On UNIX computers, The users tend to be more technical (I find) but still require
assistance sometimes. Especially when they do not have root.
IT is there for the Users to use (Score:4, Interesting)
Re: (Score:3, Insightful)
Perhaps more importantly, smart users should love you. IT departments suffer because they don't forge relationships outside their department. While everyone else has friends and advocates at budget time, IT workers are viewed as interchangeable, even redundant. If you snub or ignore technically smart users, you're alienating the one outside segment that's even capable of understanding why you're needed.
Man, it was so easy... (Score:2)
Enter the mandatory Windows world, and that's when things really went to Hell.
Yeah, right (Score:2)
Wherever these advanced users are at, please send some my way. As an R&D programmer and backup admin, I get hit by unskilled users twice. Users that manage to get a completely dumbed down interface wrong, or a user that wonders why they can view a PDF after deleting acrobat reader (only God knows why).
In our company, everyone who has any amount of talent on the computer becomes a part of IT at least in some small way. And I know we certainly wish we had more people we could trust with more responsib
I love my shadow IT department (Score:2)
Just like a new hire into the IT department; I don't know these people from anyone else. Anyone can claim any amount of knowledge they like but as long as I'm responsible for the systems they're working on I'm not real comfortable letting these people do as they will in the hopes that they really know what they're doing.
Unlike the new hire into the IT department; I have neither the time nor the authority to monitor th
Work tech. is for WORK (Score:3, Insightful)
At my work, our computers are completely locked down and we cannot change anything, no matter how mundane. I personally thing this is great because I know that whenever I go to the computer, it will just work. If we could change things, I have no doubt a few of the employees would just have to screw with things and then when it didn't work, it would then screw up my job and cost the company a lot of money, not to mention cause my workers and I unneeded stress.
All this comes from someone who has several computers running from home with various operating systems doing various tasks. I could probably improve things at my work in regards to how tech is handled, but it is not my job. If I want to play sysadmin, I can do it with my own gear, on my own time.
The good, the bad and the dumbass (Score:3, Insightful)
But all in all there are reasons why computers are locked down and there are reasons why IT mandates that "thou shalt not". Too many times there have been licensing issues where a know-it-all user with the ability to install software on their local box has brought in a package from home to install because they could get their work done better/faster/more colorfully with it than they could with the software that the company licensed. And when the project/document/spreadsheet that they created in that software can't be read or modified by any of the licensed software, they instantly become indignant and blame IT for not finding a way to convert their information. Contrary to popular mis-belief, IT does not have experience in EVERY piece of software out there. And when some disgruntled soul left the company they would let the anti-piracy folks know about the illegal installs.
And then there are the ones who download every bit of shareware/freeware/spyware in the known universe to their local box, turning their machine into a zombie or worse.
IT is usually mandated to keep the network running smoothly, virus and spyware free, and within the licensing agreements of the software that they have purchased. To do that they have to lock down the network, the computers and the user rights because the know-it-alls don't care about security, safety or licensing. They just want to run Weatherbug because they are too lazy to check into the WeatherChannel.
And then there are the users who listen to Internet radio (sucking down bandwidth), download illegal music and software (because it's faster than at home), and cruise the porn and game sites. Most users don't remember that the computer, network and internet connection still belong to the company that they work for and the aim of IT is to make sure that everyone can play and work together to the betterment of the company.
Give me a user who will work within the guidelines, request the software that they need to do their job and, at the end of the day, tend to their personal internet needs from their home computers.
"a career-limiting path of decreeing against..." (Score:2)
The author has obviously never worked at a regulated and/or publicly traded company or a company that has experienced the embarrassment of a PII leak. Those decrees come from Audit and/or Legal. And it may be painful to admit this, but those departments are trying to look out for the company - yes, ignorance can cause a misstep or three, but it's naive to assume all their decisions are driv
How about Wiki? (Score:2)
One big logical flaw... (Score:3, Interesting)
Here we have the single point that makes this entire FP one big strawman...
Yes, IT takes some measures to protect corporate data, both from inappropriate access, and from erroneous (or malicious) deletion.
The bulk of this "clash", however, involves two points - Maintainability, and the difference between personal and corporate liability.
Maintainability... Given a network of dozens, or even hundreds, of users, homogeneity means everything. If it takes an extra 15 minutes to solve a five minute problem because each user has their own bizarre configuration and preferred tools, you've wasted three quarters of my time vs just using the tools provided. And speaking of "provided", IT simply doesn't have the time to check each and every machine daily for pirated software. "Oh, but just fire anyone that has pirated software"... Yeah, sure, at up to 50k per violation and the need to replace a presumeably qualified (if careless) employee - Not an option as a default policy.
And I haven't even mentioned that people expect support from IT on anything and everything they can find on their machines... Guess what? I don't know everything. I can fix and teach Outlook, ThunderBird, Netscape, Eudora, Calypso, Elm, Pine, and perhaps a few dozen clones thereof, but I still won't have a clue how to fix your problem with FooMail; and even if it works similarly enough to one I do know that I can walk right through it, I won't know that until you've already wasted the time it takes me to visit your office (times two, since presumeably neither of us will get anything else done in the meantime).
As for liability, take the GMail example... In many companies (anything healthcare related, anything publically-traded, and just a good idea in most cases) you have legal minimum retention times for email; On top of that, since those emails count as a liability, you want to enforce that same period as a maximum retention time as well. GMail makes both impossible - You can't guarantee the legal minimum, and you can't automagically delete mail after that time. For that matter, you can't even guarantee that you'll ever again have access to a terminated-for-cause employee's email five minutes after security escorts them out.
You also need to worry about the motivation for using third-party email... If a company provides its own email server with no unreasonable content or size filtering, why would employees use GMail for work-related material?
The same applies to IM (though admittedly far fewer companies host their own IM than host their own email).
I (and most IT workers) don't seriously give a rat's ass what you do on your office computer - Your productivity only matters to you and your manager. I really don't care if you want to play Solitaire all day long. So this has nothing to do with control. But when I get reprimanded (or worse) for letting a random user get the company fined tens of thousands of dollars or under criminal investigation for unknowingly hosting kiddie porn, yeah, you can bet the farm I'll choose "lock your machine down" every time.
When they need your help (Score:4, Insightful)
The only problem with these sorts of users is the support they require when it turns out they don't know what they are doing. Any boob can install iTunes, but even the smarter ones start having problems trying to figure out why there machine crashes afterwords. Then IT is called and blamed.
I'm fine with having these users install whatever they want, just as long as they realize that when they have a problem of any kind of size ( word won't start ) I'm going to blast the machine. If they are smart enough to install all the extra software they are smart enough to put their data on the network or at least in one folder where I can copy it. If they say I lost all my MP3's I'm not going to have a problem telling them tough.
These same people don't have to sign the invoices for their expensive laptops, I do. It is company property and companies should have every right to tell individuals what they can and can't install. At the same time they cannot be so stubborn as to not allow for newer software to get added, even if it does pose some sort of risk. Instant messenger and those types of programs can greatly increase productivity if used correctly. If the employee is chatting with his wife, I'd rather he do that then go in the hallway and call him on his cell...chances are he is actually doing something in between the chat lines.
That said the company still has the right to monitor the person for any traffic going over their network. If the guy gets in trouble and they find that he chatted with his wife all the time it should be admissable in determining his dismisal. Everyone out there knows when enough is enough, those that don't usually end up without a job.
Business will always win (Score:3, Interesting)
At a previous company we were very flexible and provided everything we could for users, especially remote users: OWA, VPN, wireless, SSL-VPN, Terminal Server for those legacy apps that no one could do without, etc. et al. We held a pretty secure ship, filtered only what was legally necessary and monitored traffic/e-mail only when requested by HR.
Regardless we still had this Shadow IT. Typically it was the guy who ran his own network and Exchange server at home telling us how we should run things, how he should have two monitors even though no one else had that and that he should be allowed unfiltered internet because it made him more productive.
Then there was the time the top salesman left his laptop at home, connected to our VPN, his son used it and it began attacking our firewall with a SQL slammer worm. One time can be forgiven, but this was the third time in a year that this occurred.
IT was thrown under the bus on these accounts and others.
Mr. Know-it-all got his second screen and caused a chain reaction of others crying for them and costing the company a sizable chunk of change.He also won having the internet opened up for sports and games. IT watched productivity drop as non-business internet usage climbed.
Mr. VPN received a third "warning" in his HR file, but IT had it's hand slapped because we hadn't really educated him on how to use his laptop, the VPN or the update programs. This in spite of us producing a document signed by the guy that stated "I understand IT policy and proper use of issued equipment and the network."
Back and forth this struggle has continued for the past 20+ years I've been in IT. For a few years, we're heroes. We implement technology and methods that allow businesses to grow and profit at the speed of light. We save businesses from going under when disaster strikes because we backed up the data. Then for the next few years we're the villains. We don't implement the latest technology just because the CFO said not to spend any money. We're thrown under the bus because an executive sent an illegal e-mail and IT had the nerve to have it backed up and accessible for the legal system.
The longer I'm in IT, the more I wish I'd have learned a real skill like cooking or carpentry.
The nerdiness of IT warfare (Score:3, Insightful)
From the posts in this thread, one gets the impression that there are rather a lot of places where IT people and other employees are locked in a state of permanent warfare, or at best uneasily living together in mutual disdain.
The curious thing is that rather a lot of IT people seem smugly satisfied with this. They are confident that they have everything "locked down" and that nothing can go wrong as long as they don't allow the users to do anything important -- whatever that means.
To me this seems the ultimate in IT nerdiness. It gets pretty close to programmers who exclaim that they "didn't change anything" when their product suddenly starts to misbehave -- only applied to people, who are even more unpredictable than even the most chaotic software product.
The reality is that if people hate you, they will find a way to subvert your systems, and IT won't know. People are resourceful. I strongly believe that a security system that is not supported by the people who have to live with it, will be valueless in the long run. People are your major threat and your strongest vulnerability, but potentially they are also your best line of defense. A serious outside attack is not unlikely to have a strong social engineering aspect to it.
I've met IT technicians who blithely assumed that outsiders could never guess an internal password, because their systems strictly limited the number of login retries and required frequent password changes. It never occurred to them that someone might entice out a password by putting on a lab coat and looking official, that people are rather stimulated to write down passwords if they have to change them too often and any mistake brings about a clash with IT, or that the use of incremental suffixes permits any outsider to predict the new passwords years in the future. They sought refuge in strict IT rules, but their psychology (and their logic) was all wrong.
Apparently, there is this curious notion in some places that IT is about managing machines. Curious, because any engineer in another field could tell the IT staff that a big part of effective support is dealing with people, their needs, expectations, and perceptions. An IT group that is just busying itself with keeping the hardware and software in a good state and not positively interacting with and educating users, is an IT group that is failing in its job.
Of course it is much easier to concentrate on the machinery and ignore or crush the users. Machines are far more predictable and easier to work with, and sadly a lot of IT people are still conforming to stereotype and not blessed with great social skills. But at the end of the day they should watch out for their own interest --- there is no future in being a glorified window(s) cleaner.
Smart users; smarter IT. (Score:3, Insightful)
I'm an IT guy.. at an engineering firm. Pretty much everyone here is a 'computer guru' by todays' standards. So, for about 100 employees, the three of us 'IT guys' get to spend most of our time doing real engineering, programming, HMI design, drafting, etc. Our job is made much easier since we can give users full administrative control over their own computers/laptops (necessary in engineering anyway). We just 'lay down the law' in terms of what users are allowed to install and uninstall and we never have to take away privileges from people that know what they're doing.
So, for years, the entire network and seven servers is managed as a 1-10hour/week job for one of our three 'IT guys.' We secure the network and the servers.. and we don't even bother to secure the servers per user - we just have them making tons and tons of backups so if a user does remove/move files that are important, we just replace them with backed up copies from whatever date we want.
Having a smart userbase allows a 'smarter' IT dept. to spend less time on IT unless the IT dept. is a bunch of bumbling idiots who find it hard to stay ahead of the curve. It's really nice not to have users that need help just because they cannot map a drive.. or because they cannot install a different version of Industrial Software X because it is incompatible with Industrial Software Y.
Where's this guy been for 25 years.? (Score:3, Funny)
1982 called. They wanted to tell you that some people now have PCs and aren't using the mainframe like they're supposed to.
Re:IT dept's delay work. (Score:5, Funny)
Reading your email and your slashdot posts IS our actual work.
Signed,
Your IT Department
P.S. You're fired.
Re: (Score:2, Funny)
Re: (Score:3, Informative)
And if the "screwed up" machine was infected with a malware which keylogged and/or sent information (such as client personal information/transaction records/ssns/ccard numbers) or perhaps medical records to some PC in Denmark BEFORE you restored from that image?
Thin is in (Score:2)
This technology goes in and out of fashion like anything else, primarily because the clientware bloats up in each generation to the point of making it painful. But all the hoo-hah over SOX, etc, probably is going to justify the pain for a lot of people. Who says the minframe isn't dead? I