Slashdot Mirror
Unlock Internet or Risk Losing Staff?
Dan Warne writes "People don't want to work for employers who heavily restrict internet access, a senior Microsoft executive said in a keynote speech at the opening of Tech.Ed 2006 Sydney today. From the article: 'These kids are saying: forget it! I don't want to work with you. I don't want to work at a place where I can't be freely online during the day," said Microsoft Senior Design Anthropologist Ann Kiera. She dubbed internet-wary employers "digital immigrants" and said the new wave of younger workers were "digital natives".'"
Nothing for you to see here move along...
Damn work filters.....I'm quiting
Aye, there's no way I'm working without my porn site access. Can't get a single thing done without it!
That and all the chat channels, the streaming music videos, and all those flash sites.
Now this statement isn't true at all. Anyone who has ever worked in network security realizes what a complete nightmare this is and that "technology" is having a hell of a tough time keeping up. This article is completely dismissing security as the reason for blocked websites. Leaky browsers and constantly exploited new technologies have made security a serious priority. (I'm not even gonna go into the irony that these comments were made by Microsoft execs...)
A company I had worked for recently had systematically blocked most popular online services over the past couple years. Myspace, hotmail, AIM, gmail... And I see the reason behind it considering we were in a sensative compartmented information facility that restricted external communication (not even allowed to have a cell phone). The company couldn't afford to have a large-scale information leak caused by viruses and/or non-secure communication.
However, there were always ways around. I could still check my old college email through their website, which was not on the restricted list. There were endless forums that were also left unrestricted (they left slashdot alone, thank god). And there was recently an incident within the company recently where someone was fired for pornography. So the general frustration stemmed from the fact that people could still spend all day on forums and looking up porn, but I wasn't even allowed to check my gmail, update my myspace, or send an IM. However, I'm sure the company would've like to block every forum, porn site, and web-based email site if they could. It's just not something that is in any way possible.
At any rate, I don't think most companies are blocking these sites because they are seen as unproductive, but rather for the risks that they pose.
--
"A man is asked if he is wise or not. He answers that he is otherwise" ~Mao Zedong
Capitalism: When it uses the carrot, it's called democracy. When it uses the stick, it's called fascism.
2) WTF from TFA:
*shakes head* Child abuse?
3) It's Anne Kirah, not Ann Kiera. I know she works at MS and has a ridiculous job title, but at least try to spell one of her names right.
There are shills on slashdot. Apparently, I'm one of them.
Go waste somebody else's money. I don't want a bunch of slackers "working" for me, taking my money, and doing other things when they should be productive. I don't ask my people to work overtime becuase we schedule so that things get done in the alloted schedule. If you are so addicted to the internet that you can't put in 4 hours before lunch and 4 hours after lunch without access to all of it, you're not going to do what I need you to do.
Oh, and you'd better not spend a bunch of time on your cell phone in my office either. Everybody has emergencies...nobody has them so often that I should know which ringtone your girlfriend is.
Oh, and get off my lawn you damned whippersnappers.
Is it just my observation, or are there way too many stupid people in the world?
The issue of internet access at work and its use is a curious one. We have been allowing people to use the telephone at work for years in a limited fashion. As long as it didn't invade the work day too much it was sort of accepted. It also generally wasn't recorded.
Internet is just telephone communications. No different. Treating it differently isn't wise. The employers are right though if the use gets out of hand.
There is of course the problem of not knowing what browsing is legitimate anyway. This isn't easy to determine either. Remember that clicking on a link might be accidentally the wrong one or you might be searching a topic and get one of those trick sites listed for the Porn types. It isn't really a matter of any or filters, it is a matter of content and time.
Never Politically Correct ~ I prefer the facts If you don't like what I say, get a life, or comment yourself.
In the US, the labor market is a buyer's market - there are more people who need work than employers willing to hire them. Because of this employers are able to impose annoying rules on their employees because they know their employees don't have anywhere else to go, since the employee's only recourse is to quit. If people would start wielding this power to their advantage it would benefit everyone.
On the other hand, unfettered internet access is frequently not a good idea, especially for security reasons - people downloading malware, etc.
rooooar
First there was Chief Hacking Executive, now Senior Design Anthropologist? What next? Chief Chair-Throwing Gorilla? Oh wait...
Well isn't it the business's network? That means they should be able to do what they want with it. Whether completely open it up or block certain sites/ports. Like it or not, they have good reasons for it. Employees for one may be more likely to sit around browsing the web rather than doing the work they're assigned. Security threats from spyware/adware could increase. Yes, you can block those certain sites, but those sites tend to be less likely be accessible from a network with some kind of surf control. I work in a help desk and the spyware/adware problems went down tremendously once we implemented our surf control system. Yes there are some sites I wish I could go to, but its not that big of a deal to me...I can still get to slashdot. People have to grow up and realize that they're getting into the real world, and the real world does not revolve around any one person. I don't mean to offend anyone by saying that, but its how the world works fortunately or unfortunately. Besides, most companies will unblock a site if it's blocked but is needed for work.
What's the matter, James? No glib remark? No pithy comeback?
With a name like "ip_freely_2000" I kind of figure you're joking. However, I gotta say that that post sounds almost word for word like what my previous boss would have said on the issue.
That strong-armed attitude is definitely very prevalent in the business world and is exactly the kind of thing that demoralizes employees.
When I first started at that previous employer, I had a different boss... one who gave me room to do what needed doing. The result: I would regularly put in 60 to 80 hours per week (on salary). When the new boss (the one who I said sounded like your post) came in, he made it very clear that he was very much against comp time, telecommuting, and flex time. He wanted everyone there the same times... roughly for the reasons you mentioned. I went from 60 to 80 hours a week to watching that clock. I was in at 9:30 and out at 5:30 every day. If there was an emergency that required extra hours, my attitude and thus my performance were most definitely negatively affected.
If management treats their employees like children and creates an environment of monitoring and restrictions, they will find that morale and productivity decrease over-all. That kind of environment will not attract creative, energetic people, it will drive them away. Even in non-creative jobs, a bit of online shopping or visits to the DMV site or aonline bank sites keep people from having to take time off (cough, cough, I'm sick today) to take care of personal tasks that can't be done off-hours.
The Digital Sorceress
The quote was taken out of context. Here is the full exchange.
Employer: Of course we have Internet, but our firewall restricts access to "inappropriate" sites during working hours.
Kids:Forget it! I don't want to work with you. I don't want to work at a place where I can't be freely online during the day. I'll just move back in with my parents and use their DSL.
Parents: Sure, OK. What do you think would be a fair rent?
Kids: Rent? Where are we suposed get the money to pay rent?
[parents and employer exchange significant glances]
Parents: Umm, honey, I don't know if they explained this in school. "Work" is the eight hours out of the day when you do things you'd rather not be doing so you can pay for things like food and rent.
Employer [taken aback]: Eight hours?
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
What I think is funny is that most people here are posting from work.
I have worked for two ends of the extreme, one company that was very restrictive with internet access and one that was wide open.
Working in IT I found the overly restrictive company made repairs and troubleshooting increasingly difficult since many times I had to research a problem at home and then fix it at work. I remember one incident where we had a scsi backplane go bad on a server that was out of waranty, they had a couple of lower techs hammer against it for 3 days before passing it to me. I looked at the error logs, ran some diagnostics and looked up some error codes, had the problem isolated in 10 minutes, but ended up getting written up for "using the internet" on company time. I found that after a while I did the bare minimum required not be fired since half the time I was doing busy work at home and the real work at home anyway.
The other company was a telco provider we had unrestricted access, it was great troubleshooting and repairs had an amazing turnaround time, but there were people that abused the priviledge. Eventually they weeded themselves out through poor performanace reviews or being called out for slacking off. Basically it comes down to what kind of employees you have, if they are responsible and take their job seriously internet access isnt a problem, its a matter of trust. If you dont trust your employees you either need better ones or perhaps need to find out what you may be doing that causes them to have no dedication to the job.
I see this all the time at my company, and in the long run, it leads to burnt-out employees. We've had much more success with staff retention and productivity my asking that employees do not work from home (to the point of canceling almost all of our GotoMyPC accounts), do not stay late (with exceptions, of course). If employees want to get their work done, they've got to do it during the work day. If they don't, well, they face the same situations that most employees who fail to meet their objectives face...
Work is work. As an employee (and this is the part of the legal definition according to the IRS, btw), your employer has the right to tell you how and when you do your job. If you want to work on your own schedule, you should be freelancing or consulting.
"Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
As a sysadmin myself, I was put in charge of our Internet security and web site filtering strategy.
Initially, they implemented a Squid proxy that was set up so either you were granted "completely unrestricted" access, or "restricted" - which meant you could *only* visit web sites in an "allowed" list. The "unrestricted" access was, of course, originally only intended to be used for the sysadmin himself, and perhaps the owners of the company.
What ended up happening over the years (before I ever worked for them) was "key" people in many different departments received "unrestricted" access, because they threw huge fits or became too big a drain on the admin's time - asking for access to slews of sites needed for puchasing, getting price quotes, etc.
After looking at a number of options, I ended up using Dansguardian site filtering combined with Squid. The cost of software licensing or subscriptions was zero - making it MUCH easier to get approval for. (And if it didn't work out, nobody was going to "force" me to keep trying to use a broken solution, just because we spent $$$'s on it already.)
Our goal was always to put the brakes on productivity losses (and even to prevent potential lawsuits stemming from someone viewing porn and another employee being offended at seeing said porn, or what-not). As has been proven time and time again, unless you completely deny someone Internet access, he/she can eventually find ways to get to sites you'd rather not have them using while at work. The idea is to implement a solution that stops as many "grave offenses" as possible, while appearing pretty much invisible to regular Inet users.
I've found that a nice "side benefit" of doing this is the fact that you also tend to screen out some of the biggest contributors to loading spyware and other nasties on people's PCs. (Porn sites are a big offender in this area, for example.) But no, we didn't get into the site filtering as primarily a "computer security" issue at all.
>Why do people expect to be given free internet access at work?
They also *gasp* make personal phone calls sometime. Sometimes to the babysitter or their spouse! We must implement a whitelist for the phone immediatly.
Seriously, work is a compromise. You want humans to work for you, then be prepared to meet them halfway on their social needs. Or watch yourself get a reputation for being an arrogant boss and a 'fascist company.' Talent will never come knocking at your door and you'll be stuck with people who love or can tolerate harsh policies. People who dont use the web as the resource that it is, people afraid to make a personal call, and people who end up in a stokholm-symdrome-like way defending these silly policies. Not to mention how competitive is a company with these draconian policies? In my experience its crappy little small business with paranoid micro-managing bosses who demand hardcode filtering.
Also, professional work is rarely sitting at a machine and putting in x amount of work like a typical blue collar job. Its collaberation and social skills. Its finding out new things. That means you need tools to communicate. That means there will be slow periods and downtimes. That means using the internet with as little restriction as possible.
Also, there's a real difference between a technological and social problem. If someone slacks on their job because of the internet (or any reason) it becomes obvious after a while. If this happens its not because you lack a decent filtering system its because you lack a good employee.
Lastly, if security is such a concern, I believe very few, if any, popular windows exploits work when the user doesnt have admin access. A simple security change like this, which is something that hsould have been done long ago, makes the web very safe. Blaming poor security practices on the web is just being silly.
I'm an ICT teacher, and recently went to a conference where there was a presentation about so-called Digital Natives (today's kids) and Digital Immigrants (adults).
/. crowd) a 'Digital Native', despite my age. Plus, for every kid with 'techno-joy', there will be another with 'techno-fear' (to paraphrase Mr. Izzard).
Apparently, the fundamental difference between us old-fart teachers (I'm 25, by the way) and today's kids is that they have grown up surrounded by technology to such an extent that their methods of working and interacting with others are totally different to ours.
For example, today's children are likely to be much better multi-taskers. They are used to an environment where the television is on, they are typing to friends using IM, chatting to other friends on the phone whilst simultaneously using Wikipedia to research that night's homework. That feeds back into today's classrom environments, because some kids can't cope without a busy, multi-tasking environment. Their idea of hell is to be sat in silence for an hour trying to revise, or working solidly on a piece of coursework without taking time-out to do something else every other minute.
All in all it was an interesting presentation, but I felt the speaker's idea that the dividing line is purely age based was nonsense. I'd consider myself (and I' d imagine a lot of the
I think it depends what you major in and what kind of skills you have.
It also depends on how picky you are in terms of what kind of work you'll do, or where you want to live. People who only want to work in a particular city (e.g. NYC, Boston, DC, etc.) or only want to do a particular sort of work, may well have the limited options that you describe. But such was not my experience, or that of other people I know. Granted it was a while back and the economy was a bit different then, but I definitely had a choice of places to work when I graduated college. But then again, I didn't have a lot of other requirements besides a paycheck: I was willing to relocate and travel, and my skills were fairly general.
Obviously, how much "say" a recent college grad has in where they end up working, changes radically depending on the economic environment. When companies are competing for new employees, as they were during the mid to late-90s, workplace perks become significantly more important than during a downturn, when the job itself is almost like a perk. And as I mentioned, the competition for employees differs radically from one region of the country to the other. A company in Boston might be beating college grads off their doormat with a stick, while one in Phoenix, Arizona might be desperately seeking young workers. It all comes down to tradeoffs.
I think that the internet access is similar to the attitudes companies had regarding dress codes a few years ago. Young employees saw suit-and-tie operations not only as personally restrictive, but also indicative of a corporate culture that they might not have liked; in response, a lot of places changed to "dress casual" over time. While we can argue about the merits of professional attire all day, there was definitely a lot of change as a result of companies trying to get rid of the stodgy appearance, and many of these improvments were aimed at recruiting new workers. Internet access could be similar: companies that don't restrict seem like they'd be better places to work, for reasons unrelated to the internet itself -- less overbearing management, more trust of employees, etc.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
It's not hard. You don't even need a separate subnet if you can do VLANs. Set up a Linux box with tagged VLANs and hook it up to a managed switch. Using iptables, redirect port 80 on each VLAN to Squid on a different port (8081, 8082, etc). You can create ACLs in Squid based on "Proxy Port" so that people connecting to 8081 get one set of ACLs and people on 8082 get another, etc. Of course you can also set ACLs based on client IP/subnet, but setting up VLANs is cooler.
If you want to add authentication to the mix, instead of transparent proxying you will need users to configure their browsers for your proxy on port 3128 or 8080 (you can still use the VLAN redirect thing for ports 8081 8082 etc). Use the msnt_auth plugin for Squid and now users can use their Windows domain login for web access. Only problem with msnt_auth is it only allows up to 12 chars for the password and some characters are not allowed, so users with wacky passwords may need to change them in order to get online.
DRM 'manages access' in the same way that a prison 'manages freedom'
Are better off without them.
As an integrator, VAR, developer, security consultant, and chief cook and bottle washer for many firms, I advise my clientele with respect to their internet connectivity, and the expense and disbursement of the same. Given the strict liabilities of corporations, it is unfeasible to permit unrestricted access. Furthermore, I don't find it surprising that this discussion is coming from Redmond, which offers one of the most difficult Operating Systems on the market, in that it's increasingly difficult to secure Windows of any description and therefore it's probably just more cost effective to give free reign than it is attempt to limit the corporate liabilities presented by the deployment of M$ products.
It should also be painfully obvious that internet access is not free, but must be paid for by the corporation, and unfettered access in ANY environment could prove unnecessarily costly. In these difficult economic times the onus is on upper management to ensure that the operation of the company is streamlined in such a way as to ensure both maximum productivity and profitability.
In the Canada there are PIPEDA legislative restrictions in place that must be met with respect to user/customer privacy, and as such, in even a well considered M$ environment, it is not possible to grant unrestricted internet access and comply with the rules. Granted it may be possible to provide a properly cordoned internet access, but this should only be available to employees on their break times.
As the by-line suggests, productivity is still the bottom line, and employees (digital natives or any other such ludicrous monicker) should not be the defining force behind internet access policy. It is widely held that a measured approach is preferable. One that can enable all stakeholders without potentially compromising any corporate/consumer data, and maintain operational efficiency to ensure that at the end of the month the company can still afford to honour the paycheques they pump out.
if I claimed I was emperor just because some watery tart lobbed a scimitar at me they'd put me away!
we restrict Internet access, but in a smart way. All parts of the Internet are available before work, after work, during breaks, and during lunch. The firewall restricts access to many sites at other times. However, the firewall shuts off 15 minutes before any break starts and kicks in 15 minutes after the break is over. So employees know it's not allowed to waste time online during work hours, but they still have a sense of responsibility about it. If you're 15 minutes into work time and the connection craps out on certain sites, you know you've broken the rules. It isn't usually a problem.
I am a little surprised. I don't think I saw anyone admit that they recognize their own surfing habits cost them. It seems many recognize "other" people can have issues with it.
Full unfettered access destroys my productivity at times. I follow a thought and boom an hour has gone by. I would definitely prefer to be subject to whitelisting/blacklisting. First things to block: Slashdot and digg of course.
I know I would be doing a much better job if aimless surfing could be eliminated. But it is just so easy to click a link and read stuff, or comment on stories on slashdot. Our buisness communication depends heavily on our internal web so we all have contstant connectivity and at times external access can be handy, but I would be 100% in favor of restrictions.
I really think productivity would go up quite a bit. Most of my friends all admit to surfing too much on the job (we are all techies).
I am an info junky and always have been, even before getting Fidonet, I used to read tons of magazines about technology/science etc. In an environment with unfettered access is like a kid in a Candy store. Look: Shiny new Mazda roadster with retractable hardtop, planets 8, 9, 12 or 50?, New rumored Canon 400D DSLR, New ATI Radeons (damn I got sidetracked while writing this to read about new Radeon). You get the idea.
So Yes please, bring on the filtering. Some of us just can't handle unlimited access to information.
I used to work for a company that had pretty serious Internet filters, and they monitored the Internet access at the company in real-time. It was not unknown to get a call from the people monitoring security at the company if they noticed something funky going on your computer. They had good reason though...the former management team had been found in some serious ethics violations costing the company hundreds of millions of dollars and almost landed the execs in jail.
I really had no problem with the "normal" filters they had on most of the time, but once in a while, they put the Uber-Super-Anal filters on that would restrict your access to basically read-only Internet. During these "outages" you couldn't go to any online shops, incl. tech bookstores like Bookpool.com (Amazon.com was blocked as well). Some tech resources were also restricted for some reason. The "super siikrit probations" were never announced in advance, nor were we told when they ended. You just noticed, all of a sudden, that half the Internet is gone. And then hours or days later, it was back.
It was definitely one of the reasons why I quit that job.
In Soviet Russia, I ruled you
Heres how it is. While you are employed by the company towards a specific end, during those hours the company is putting money into your pocket, you work to meet those ends. If you need to make a personal phone call, use your own phone, on your own time, unless its an emergency and you have no alternative.
You do not get to use company equipment, company internet access, company phone calls, or company time for your own personal needs.
That kind of attitude from an employer only works if you're paying by the hour for unskilled labor.
Personally, I take home the same pay if I work 30 hours or 70 hours a week. I get projects assigned and I have deadlines, and those things come due no matter where I am. If I have to leave in the middle of the day to take care of something personal, I might work from home that night or over the weekend to make sure my projects get done. The end result? I probably work more hours a week (and am more productive) than someone who works straight from 9 to 5 but never a second over. Plus, I'm happy doing it.
From a business point of view, company equipment, company internet access and company phone lines are dirt cheap compared to an employee. For a medium sized company, those other expenses wouldn't even comprise 1/10th of a single employee's salary. (I know; I pay all of those bills for a medium sized company) As long as that employee is getting their work done on time it doesn't matter if they're sitting on IM all day talking to their wife, occasionally unwinding on slashdot, or calling their doctor.
Sounds like you've bought into the factory/robot mentality.
Working in a factory or in telephone support is different from working in a job which requires thinking, creativity, and problem-solving. People can't invent new solutions for things for 8 hours straight, with only a rigidly-timed lunch break. Our brains don't work like that.
Sure, if your job is flipping burgers and refilling soft drinks, it doesn't take much brain power to do that, and there's no reason to be goofing off on the job. Just turn your brain off and follow the routine, day in and day out. But if you're trying to devise creative solutions to complex problems, this simply isn't going to happen according to a rigid plan, timed to the minute.
I currently have all non-work related internet access shut off in my company. This is not because I wish to, or because management is paranoid or whatnot. It's becuase of the Payment Card Industry Cardholder Information Security Program. It states that if any company that accepts/processes/stores/handles credit card information HAS to lock down interent access. Failure to comply with this program could lead to losing your merchant account or fines of up to %$500,000 per instance of fraudulent credit card use. I would love to let my employee's check the news/e-mail/slashdot, but unless this regulation is modified or done away with completely, I can't afford to take the chance. For more info on this see www.visa.com/cisp. BTW, my company actually does enough credit card volume that we have to have security audits, even though we've never had an instance of fraud. Open internet access would fail me on the audits.