Slashdot Mirror
Consumer Technologies Driving IT
fiannaFailMan writes to point out The Economist's reporting on the way consumer-driven software products are increasingly making their presence felt in the corporate world. Some CIOs are embracing the influx while others continue to resist it. From the article: "In the past, innovation was driven by the military or corporate markets. But now the consumer market, with its vast economies of scale and appetite for novelty, leads the way. Compared with the staid corporate-software industry, using these services is like 'receiving technology from an advanced civilization,' says [one university CIO]... [M]ost IT bosses, especially at large organizations, tend to be skeptical of consumer technologies and often ban them outright. Employees, in return, tend to ignore their IT departments. Many young people... use services such as Skype to send instant messages or make free calls while in the office. FaceTime, a Californian firm that specializes in making such consumer applications safe for companies, found in a recent survey that more than half of employees in their 20s and 30s admitted to installing such software over the objections of IT staff."
I love'em all, but you can't trust them to stay away from their computers. All are running under very limited users accounts on a domain and they still cause problems?! I for one would be glad for someone to sanitize CE software so I could even consider it.
Maybe that skepticism is there for a reason. Technology developed by the military, universities etc.. is usually focus on security, stability etc... Thats something thats not always true for consumer technology where short development cycles and high profitability drives the technology.
The best test environment is production. - Me
chrome://browser/content/browser.xul
The Economist's reporting on the way consumer-driven software products are increasingly making their presence felt in the corporate world. Some CIOs are embracing the influx while others continue to resist it.
When you lock down the machines, of course people are going to be driven to web services like the apps that companies like google offer (mail / office / etc ) .
Push Button, Receive Bacon
It's been going on (with occasional Slashdot posts about it) since the late 90's.
Best Slashdot Co
I can see many companies might have issues with the security of their documents or data being held by 3rd party companies but once that hurdle has been jumped it seems to me to make sense so long as you ( the company ) can still have the same control you would were you hosting the service yourself.
Really this is just outsourcing particular aspects of your business to specialists which is something a lot of companies now have a lot of experience in.
For example the company I'm currently working for develop software for their own warehouses and distribution network because the success of this directly affects their ability to compete in the market but they also have a team of people managing their mail servers and providing support for office applications which they could certainly benefit in not doing themselves provided the alternative was cheaper and as effective.
What is really accomplished by the draconian means IT organizations are going through these days? Viral outbreaks are way down, mainly due to better edge practices - ie frequent AV definition updates, forced scanning of all inbound e-mail for viruses, better firewall configurations, near real-time forced patchings, etc. With those left out, the vectors for infection drop dramatically and end up being removable media (USB drives), portable media (CD/DVD), etc. Again with proper real-time on-access antivirus scanning on both file servers and PCs, where do viruses come from?
And if the reason for locking users out of their PC configuration is configuration management and not protection, then why not just let them at it... have a standard PC configuration, a standard image, and partition their drive. All user files are on the 2nd partition, and all system on the first. If they dork it up instead of spending hours troubleshooting, just image the primary partition and move on.
That way you reduce the overhead of your IT group and allow users the freedoms we expect. I'm not talking utopian - I'm just talking simple things like being able to install a firefox major version update without calling the helplessdesk, or installing any other app I need to do my job (not wanted things like IM clients - real job needs). Instead I have to call the helpless desk wait a damn week while I play phone tag and then sit there for an hour as some monkey figures out how to double click "setup.exe".
It all seems so unnecessary to me. Get a clue and a plan and have a modicum of control - not the communist variety of control.
1979: Hiding that Apple ][ with VisiCalc that the MIS staff has forbidden because users can't be trusted to produce accurate reports without someone with a Masters doing the coding. 1984: Sneaking PCs into an all-mainframe shop by having the customer buy them as parts, on seperate POs. 1985: Networking those PCs peer-to-peer over 1MB coax so they could share a "big" 40 MB hard drive and a "fast" 6PPM laser printer. That was the last generation of revolution. Now comes the software revolution, where disposable widgets take the place of $450 office "productivity" packages. It's a glorious dawn, and I'm laughing at all you young turks thinking you're going to control it. Embrace and control it, lads. Never forbid anything unless you have something better.
Of course the users will ignore IT and our fascistic policies. At least until the crapware they've managed to install in spite of the technological restrictions we've put in place, and despite this violating the usage policy they signed at the start of their employment, borks their system to the point that they can't print their pathetically lame 200 slide PowerPoint presentation. Then they call my group, informing us how terribly important this is and we must get it fixed RIGHT NOW, complaining how unstable our PCs are, how much better their home system is, et cetera.
When our help desk guy finds out what they've done, and removes the offending stuff, and informs them that, yes indeed there is a reason that it takes significant time to vet and approve software for deployment in a corporate environment, they look at us as if we're speaking to them in Babylonian. Lather, rinse, repeat.
I need a nice long vacation. About 20 years ought to git 'er done.
Perscriptio in manibus tabellariorum est.
Some CIOs are embracing the influx while others continue to resist it.
;-)
As a member of a rather small "corporate" IT department, I can appreciate the difference between using certain programs at home vs at work. The number one rule people need to understand, don't expose the company to legal liability, ever. The number two rule, don't do anything that will risk bringing the network down (or critical servers, though most people don't appreciate the difference).
The order of those may change depending on the nature of the company, but those pretty much account for 99% of the "stupid" IT rules that people don't like following. Sure, you run BitTorrent at home and have never had a problem. Perhaps you even use it legally (riiiiight... But hey, I'll admit it could happen). Move that into a corporate environment, however, and your "just a tenth of my bandwidth, and low chance of getting caught pirating music", times 50 users, turns into "why does our network suck so much" and "I have the RIAA's lawyers on line 2...".
Additionally, most people absolutely suck at protecting their home PCs, and in my experience, they take even fewer precautions at work. Now, we run all the standard protections, such as AV, AS, mail and web filtering, and so on. But no amount of automated protection can ever suffice to stop determined insiders from managing to crash (or worse, compromise) their own workstations. Sure, you can fire the malicious ones after-the-fact (and the threat of that at least encourages some cooperation), but that doesn't undo the damage.
As an aside, I consider myself something of a "dark-grey hat". I will gladly teach my users how to do things so they stay juuuuuuust barely on the right side of the law. But even that doesn't always help... It lets people know that when I do give them rules, I most likely have a damned good reason for it; but you'll always have people who just don't "get" it, and don't understand why installing every toolbar, cursor enhancement, and systray bug they can find makes those fascist IT guys so annoyed.
As another aside, I've worked the other side of the fence as well, an engineer working as not part of the IT department. As for how to deal with that situation - Well, let's just say I thank Zeus that I don't have someone like myself as a one of my users.
... is being able to squeeze the cust^H^H^H^Hconsumer for the maximum amount of money while getting away with being able to provide a minimum of (or no) quality, service and support (or alternatively, charge ridiculous amounts for each of those three). This is possible because the individual "consumer" has very little leverage against the "producer" ('Not gonna buy your stuff anymore!'), compared to what a corporation could muster ('Not gonna buy several megabucks worth of your stuff anymore!').
FaceTime, a Californian firm that specializes in making such consumer applications safe for companies, found in a recent survey that more than half of employees in their 20s and 30s admitted to installing such software over the objections of IT staff.
In another recent survey, eye drop manufacturer Visine, has released a survey indicating that most marijuana users suffer from bloodshot eyes.
Your users "me" attitude can also get your company in legal hot water as well. Employee's "devil may care" attitude is responsabile for some leaks of data already. e.g. laptops going home.
In the corporate arena standards are for other people and the result is that you get hundreds of disconnected so called standards. Moreover the executives get their own infrastructure and support and are so disconnected from the sweaty minions that they truly have zero concept of how well or poorly the rest of their infrastructure works. So hells yeah, let's have Google impose standardization on us. The fact is, there really isn't much of a support overhead for all those canned apps. The fact is that those are not the key security holes. It's all the other shit they implement. And that's not going to change.
users in general must not be trusted with the slightest bit of control over their computer systems. i am completely opposed to desktops in any business, and i mandate the use of terminals where ever i have the power to do so. why? this is exactly why. why the fuck should i spend one single second chasing down why remote office A can't send emails when it's some tard in the office with limewire installed downloading porn, strangling their adsl conection all the while blaming me for being incompetent. if you let users have any control, they wil fuck it up i promise you. a perfect example was a certain office manager i worked with who wanted excel. i wanted to know why, she went over my head and got it forced on me. a month later she released this big fancy spread sheet she claimed would run the office and tell people when to fart. pity it required people to enter things into the same cells at the same time resulting in a sharing violation. if this bitch had of stuck to her job instead of dabbling in IT she wouldn't have wasted a month of company time on this crap. naturally she demanded i fix it. i resigned with a big fuck you.
You are looking at the problem wrong. It's not that I mind you installing Firefox but what about the next person who asks, or the person after them? At what point do you say no? I can't just make up arbitrary numbers and say X number of users can install Firefox. A lot of things in IT are all or nothing for that very reason, not because they just want to be nasty.
We like to work, we like to play.
COMDEX is dead. CES now rules in terms of innovation because people now have technology in their hands. Consumer demand means US, not the MIS directors of old, whose high and mighty mainframes and pitiful minis used to rule the black art of 'data processing'.
So much the better.
---- Teach Peace. It's Cheaper Than War.
"And if the reason for locking users out of their PC configuration is configuration management and not protection, then why not just let them at it..."
Pay attention audiance. The poster din't say it was the companies PC configuration. It's their (meaning the employees) configuration.
I worked as a desktop support tech in several environments, with policies ranging from draconian to nonexistent.
In the locked-down world, our firm charged for repairs to "non-standard" machines: anything with user-installed software, even if it wasn't the cause of the problem. We were forbidden to use the terms PC or computer, instead calling every desktop and laptop a "workstation." People who downloaded stuff from the Internet often found themselves explaining the $300 repair charge to their boss, and were subject to termination at the company's discretion. (As desktop techs, we were very powerful... one guy I worked with actually received "personal services" in exchange for not reporting a young woman in the call center).
In the open environments, stupidity flourished. People would install Kazaa (with its load of spyware) and put their shared folders on the servers. Executives would download GoToMyPC and use their names as the password. During downtime, I would use PSList to remotely check computers for spyware, and remotely delete anything I didn't like. A few people complained about losing their Webshots and other crap, but the CIO was an old friend of mine and fully backed my efforts.
One day, I claimed in a weekly meeting that spyware and adware were consuming 50% to 70% of our Internet bandwidth. The head of the network group immediately heaped scorn upon that statement... until the CIO asked him to check into the claim. He had to stand up the following week and say that I was wrong: the figure was closer to 90%.
[Puts down nail gun. Stops fragging n00bs.]
Users? Real admins don't have users.
--BOFH
Well, there's spam egg sausage and spam, that's not got much spam in it.
Well I would guess that it has something to do with Fedora being free and Redhat not.
I use to be a network admin. It was fun. I was the captain of the freedom boat. Generally everything was "okay" except for streaming music and foreign laptops connecting to my network. I was generally liked. Except when I stepped on people's Internet freedom!!
I am not sure what freedoms you "expect" but when you play in someone else's yard, you play by the rules. I am not sure if you are spoiled or greedy, but either way, when you are using someone else's equipment, during time they are paying you to preform a task, there are certain things expected of you.
You must understand: You want it both ways. You want the freedom to install/abuse your system AND you want the protection of IT fixing it FOR you. That's just greedy.
Even in the most LIMITED corporate enviornments, where "freedoms" are squished, people can still do their job. If you have to wait a week to get an application installed, well, than that's the wait. If someone wants you to have it "now", then you'll get escalated. It's how it has always worked. It's a different meme.
I have a sign on my office door at work that says:
"Sometimes my job will require me to limit the amount of fun you can have today to make sure you can have fun tomorrow."
I like the people I work with, and they usually are not stupid, so I don't put any more rules on their computer use than I have to. But as the IT support guy at a small department, about 40 computers, I think pla has it right. There is a big difference between users home computers and my computers they use when they are at work. (They are my computers because I get yelled at when they are broken) Install this crap on your home machines, not my machines at work. Deep Freeze or Ghost can be a beautiful thing, screwed up your computer, didn't save your work on the central file server, the one I keep two backup systems on?
Too bad.
Refuse to follow IT policy? I can't fire you, I probably don't want to, but if you are inconvenienced because I do care about the confidential data on our computers?
Too bad.
Installed that IM program you "need" for work to chat with your significant other etc. and had your machine reformatted back to the template?
Too bad.
At work they are not your computers, they are your employers, computers, if you don't like it, quit.
The users, even the users you like, always lie, if you give them an inch they will try to take a mile unless you keep them inline with the classic BOFH tools, superior skill, superior ruthlessness and a complete lack of pity. It is for the users' own good, your good and the good of your employer.
Now I just need to find a PFY for an assistant....
I had some questions about implementing Gmail on an enterprise basis. What about local backups of the email store? Delegating? SoX compliance? Working offline?
What a bonus to be rid of Exchange! All the expense and overhead for supporting that pig and the added pleasure of giving Outlook the boot. Replace the office suite with OpenOffice or a hosted service and you could kiss Windows b-bye, except maybe a few kiosks scattered around for Windows only applications.
But just try getting in touch with a real person at Google. You'd think they'd want that to be easy.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
I would like to point out a recent meeting within our company...
Some of the managers of certain departments would like to install an instant messenger client for more responsive communications within the company between buildings. It was explained that a user could have more then one conversation (like a telephone) at a time and also save cost.
The upper management insisted that we do not install this program because it would "subtract" from productivity.
Even after explaining to them that I could enforce the system to only accept internal accounts, and the conversations are all logged, they still denied the project.
Our company is full of younger users that are simply more comfortable shooting a text to someone then picking up that nasty influenza infected phone to call someone.
They'll come around sometime.
What many people forget about Enterprise networks and systems is that they are purposely standardised and purposely not bleeding edge because we cannot afford to have outages on such systems - boring, reliable and when they work we leave them alone. Sure we could cut call costs by using Skype on desktops, but the telephone system works, doesn't cost us a fortune and is easy to support. When we have muppets bringing in their toys and gadgets they not only screw up their company assigned desktops, they also expose our networks to traffic (malicious or otherwise) which may interfere with our carefully cultivated enterprise systems. Leave the toys at home.
From reading the article, it definitely sounds like Mr. Sannier leans heavily towards the "adopt new technologies, even if it sacrifices some security" end of the scale. That's fine if you are running your own shop and can take the heat if it all comes crashing down. But then he went on to disparage the security concerns as a ploy by those older IT managers to scrape some job security. I beg to differ:
(1) Older IT types are more likely to have little if any concern about data and communications security. I used to work under a CIO who thought that the entire company, which spanned five physical locations in two different timezones, was protected by a single switch that said "Security On/Off". He was not in the least concerned about data security, despite the fact that our payroll, production data and even manufacturing equipment controls are networked.
(2) While it is definitely exciting to see Google doing what Microsoft has struggled to do, namely perceiving the new paradigm of implementing software as network services, the practice of outsourcing vital organizational functions (email, collaboration, etc.) has liability and intellectual propery issues that the article did not address. For many organizations, the idea of letting corporate secrets reside on a server not physically present within the four walls can be unnerving, and that is understandable given privacy concerns, for example. Just because an IT director has these concerns does not make him old-schooled or outdated; it means that, as a director, he sees a lot more than just what the technologies can do for him. He needs to see the risks associated with any technology-driven practice, and that is what a director should be doing.
Yeah, you can get around it - you have the expertise. But, it's not for you. It's for Sally the clerk or asst. analayst and everyone else who aren't necessarily in IT. It's to make sure that she can't email to her drunk b.f. or use someone else's account information to buy that big screen TV on eBay while at work. Or, download an entire customer list and emial that out. I bet the PCs don't have disk drives either.
Yeah, yeh, she can get around it by hand copying it, or if there are disk drives, copying the data to a floppy. But the damage isn't what it could be if there were a internet connection.
Just my thoughts.
- PHB
Must be pretty cool because I can browse /. using FF (not IE, the standard install) all day lon... NO CARRIER
Don't come crying to me when you have to pull everything offline for a week to rebuild it. The users don't own their machines, therefore they don't get Admin or the right to install arbitrary bits of software. Add a dusting of policy on top plus some random sampling to catch out smart-arses who try running binaries from their home directories -- you may have to nail up a few of the slower sales droids outside reception before the message sinks in; there's nothing like a decaying corpse to remind people of your AUP -- and you're done.
Everything I needed to know about life, I learnt from Blake's Seven
"1984: Sneaking PCs into an all-mainframe shop ... buying parts, on seperate POs."
I did the POs for everything except the case. I got the monitors, power suppies, motherboards, disk drives, keyboards, mice, and cables no problem. But if I tried to get a case, red flags would have flown. With amber monochrome monitors they didn't draw too much attention. The other montors (from Data General and IBM) were all green screens. The MIS dweebs were clueless. (Management Information Systems - now called "IT")
A buddy of mine made wooden cases for the PCs. We put them under our desks. We were gods.
Only problem with your story is that's not exactly how it happened. Of course you'll get a book and movie deal out of it, and slashdot will rip it to shreds for historical inaccuracies. In the mean time you'll be laughing all the way to the bank because most of your audiance didn't grow up in those eras.
Some organizations make there works buy laptops from them and it that case they should be a full local admin
I work in IT at a liberal arts college. Just the other day someone called complaining of having too low virtual memory errors. I checked his CPU and a weather ap he had downloaded was using most of his RAM. Luckily, the ap wasn't full of spyware and adware and was easy to remove. The problem is that when staff download and use programs that we don't provide for them we can't support them if something goes awry. We don't forbid people from installing other programs, but if their computer is having problems and we notice it's full of non-supported software, we can get rid of it. The computers are ours, not theirs.
For super secure applications, sure. We have a few people that deal with large amounts of very sensitive data.
However, for most people, what's the point in having a powerful machine with incredible software that can do everything, if all the functionality is locked out? It's like buying satellite TV and then locking out all the channels.
Having IT be a gatekeeper for determining what users "need" can do enormous damage to productivity. With few exceptions, we give staff admin permissions because we don't understand what they need their machines to do as well as they do. Nor do we have the time to dink with their setups until they are perfect -- that is their responsibility.
However, we make it crystal clear there is zero tolerance for proprietary software that we can't provide license information for or running rogue servers. They know they will be in big trouble if they install recreational software that interferes with the operation of their machines or which launches an attack.
We will rebuild a machine once, but if it was due to failure to follow policy, the machine gets totally locked down. People seem to "get it," problems are extremely rare, and the admin load is less than it would be for strong security. We find that people are much more open with us and don't subvert policies if we work with them.
This "service" gives google a very noteworthy competitive advantage. By offering "free" webmail to Universities, Google now has a very unique database for culling the best talent that it wants to hire. They can now not only identify potential candidates before they are ready to graduate, but also screen them as well.
Honestly, that the other search engines and mail services aren't offering this "free" candy to Universities just shows how they are seriously missing a superb data mining opportunity.
Arcnet rocked. Twice as fast as silly ol' 1-mbps ethernet.
Clear, Dark Skies
This happened when when broadband became widely available to consumers. My network is, and has been for some time, faster at home than at work. This creates the shift in the online technology playing field. Developers aren't stupid. Well, not all of them anyway.
Terrible karma and aiming lower, which in this environment of one-sided reason, is higher.
It's been going on (with occasional Slashdot posts about it) since the late 90's.
Before that we did not exist, as the matrix had not finished updating the virus definitions as part of the boot process.
Ross Youngblood
>FaceTime, a Californian firm that specializes in making such consumer applications safe for companies, found in a recent survey that more than half of employees in their 20s and 30s admitted to installing such software over the objections of IT staff."
Fine, install away. What I don't understand is why these apps would work in any sane company without the complete cooperation of the IT department. Surely in this day and age no company larger than a mom and pop setup would have any routes from any PCs directly to the Internet. A default route for IPs outside your local network range that passes a snort box and some other traffic monitoring to a dead end stops much of this and tells you asap that something untoward is generating traffic on your network, also logging non resolvable DNS requests made to your internal DNS server usually tells you when something is up.
By having no external routes, all traffic which requires Internet connectivity must be proxied. Sure many of these apps can now use http proxies instead of direct connections but things like chat, telephony, etc generate huge numbers of hits and simple log monitoring will indicate where and when new apps are installed. If its proxied, its easily controllable.
Of course none of this is material unless you have a clear policy which has been communicated to employees about acceptable use of work computers. Playing whack a mole through technical measures is pointless. If using IM chat is against company policy (for whatever reason) and this is communicated to employees and some people persist in hunting down every web based IM proxy designed to circumvent the no IM chat policies then HR is in a much better position to act than IT.
And if policies become outdated and new consumer software makes business sense then simply review the policy and change accordingly.
If the IT department can't easily ensure compliance with an acceptable use policy then either the IT department is incompetent or the policy is deficient.
I used to have the same attitude. That is until I took a CISSP CBK review course and learned the reasons why information security professionals insist on those types of policies. Since increasing my experience and knowledge of information security is my career goal (passed the CCIE Security written, didn't take the lab yet, probably will take the CISSP next quarter) I'm subscribed to a bunch of web zines on security topics. I used to have the opinion that most of the articles were from security "experts" that didn't have the technical expertise; from management know-nothings that received questionable certifications and were viewed in much the same manner as the pointy haired boss. Now I understand the reasons behind why it is necessary to have these policies and everything involved in assuring that information security is functioning as it is designed. However, I also understand that most companies that have these types of policies usually don't understand themselves the complete aspects of all domains. Financial institutions would probably be the exception, but I can tell you from experience that, despite HIPAA, healthcare institutions generally don't have a clue.
It was really an eye-opener for me, and I've been doing security for years. If you're interested in finding out the why behind some of these policies I'd suggest you pick up a CISSP book. It's a quite different approach and mind-set than the more technically oriented certifications such as the CCIE Security.
Try this one: "All those cutsey cursors and taskbar bugs are giving your computer extra work to do. That will make your computer slow and irritate you."
Everyone hates a slow computer.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
As a user of IT services, I have to say that I have absolutely no problem with a policy like that. Makes life easier for everybody. If my PC ever gets hosed, whether or not it's my fault, I just want it up and running ASAP. Reimaging it doesn't take much of your time or mine.
They don't grade fathers, but if your daughter's a stripper, you fucked up. --Chris Rock
for existence.
IT exists to make a company more efficient. One way it does this is by making it possible for users to hook up with the services required to permit users to communicate with each other and with the outside world and to gather information. Some of the new technologies used for this are not well understood by IT departments. Figuring them out and how to secure them is part of a sysadmin's job description. At least if that sysadmin wants to keep working.
If industry pros are using, for instance, an IM network to communicate business related things, it's IT's job to make sure they can do so safely. If a top salesperson's using an IM network and a sysadmin locks it out, who's going to have more leverage when the salesman complains to the VP of Marketing? And that's as it should be, the network exists to make the company money, not serve as an isolated node of network purity.
If IT "pros" are so busy locking down "their" networks that they forget that end users have legitimate purposes for using the company network, when the time comes to discuss offshoring their gigs to Bangalore, don't expect anybody you've gone Stalinist at to support you.
If you don't like "whiny user complaints", find another career.
Tech Public Policy stuff
more efficient and profitable?
If you don't know, if they were public, go to http://www.sec.gov/ and check their filings via EDGAR (something every IT pro needs to get a clue about. . . if you're dubious about a vendor. . . or about the future, if any, of the place you're working at. . . this is one place where companies are compelled to tell the truth.
It isn't about network efficiency, it's about the bottom line. Show that a company with draconian IT policy is more profitable, if you can. If anarchy is more profitable, it might be more cost-effective for a company to simply add to network bandwidth and hire a few more IT pros to clean up the messes.
A place where an IT pro can get "personal services" for not reporting mistakes made with a company computer is obviously a place where the balance of power is way off. If an ITer can't get a date, the company doesn't exist to solve that problem.
Tech Public Policy stuff