Slashdot Mirror
Consumer Technologies Driving IT
fiannaFailMan writes to point out The Economist's reporting on the way consumer-driven software products are increasingly making their presence felt in the corporate world. Some CIOs are embracing the influx while others continue to resist it. From the article: "In the past, innovation was driven by the military or corporate markets. But now the consumer market, with its vast economies of scale and appetite for novelty, leads the way. Compared with the staid corporate-software industry, using these services is like 'receiving technology from an advanced civilization,' says [one university CIO]... [M]ost IT bosses, especially at large organizations, tend to be skeptical of consumer technologies and often ban them outright. Employees, in return, tend to ignore their IT departments. Many young people... use services such as Skype to send instant messages or make free calls while in the office. FaceTime, a Californian firm that specializes in making such consumer applications safe for companies, found in a recent survey that more than half of employees in their 20s and 30s admitted to installing such software over the objections of IT staff."
What is really accomplished by the draconian means IT organizations are going through these days? Viral outbreaks are way down, mainly due to better edge practices - ie frequent AV definition updates, forced scanning of all inbound e-mail for viruses, better firewall configurations, near real-time forced patchings, etc. With those left out, the vectors for infection drop dramatically and end up being removable media (USB drives), portable media (CD/DVD), etc. Again with proper real-time on-access antivirus scanning on both file servers and PCs, where do viruses come from?
And if the reason for locking users out of their PC configuration is configuration management and not protection, then why not just let them at it... have a standard PC configuration, a standard image, and partition their drive. All user files are on the 2nd partition, and all system on the first. If they dork it up instead of spending hours troubleshooting, just image the primary partition and move on.
That way you reduce the overhead of your IT group and allow users the freedoms we expect. I'm not talking utopian - I'm just talking simple things like being able to install a firefox major version update without calling the helplessdesk, or installing any other app I need to do my job (not wanted things like IM clients - real job needs). Instead I have to call the helpless desk wait a damn week while I play phone tag and then sit there for an hour as some monkey figures out how to double click "setup.exe".
It all seems so unnecessary to me. Get a clue and a plan and have a modicum of control - not the communist variety of control.
Of course the users will ignore IT and our fascistic policies. At least until the crapware they've managed to install in spite of the technological restrictions we've put in place, and despite this violating the usage policy they signed at the start of their employment, borks their system to the point that they can't print their pathetically lame 200 slide PowerPoint presentation. Then they call my group, informing us how terribly important this is and we must get it fixed RIGHT NOW, complaining how unstable our PCs are, how much better their home system is, et cetera.
When our help desk guy finds out what they've done, and removes the offending stuff, and informs them that, yes indeed there is a reason that it takes significant time to vet and approve software for deployment in a corporate environment, they look at us as if we're speaking to them in Babylonian. Lather, rinse, repeat.
I need a nice long vacation. About 20 years ought to git 'er done.
Perscriptio in manibus tabellariorum est.
Heh. I was reading comp.sys.amiga.* on company time back in '88. Within weeks of Mosaic coming out, everyone in the office was trying it. My first exposure to online gaming was Doom over the company LAN - and the 4 of us in the company group ate so much of our internal bandwidth playing Doom that IT thought the routers were failing (the very first release of Doom was a real network hog). Then there was Pointcast. etcetera and so on...
Clear, Dark Skies
Some CIOs are embracing the influx while others continue to resist it.
;-)
As a member of a rather small "corporate" IT department, I can appreciate the difference between using certain programs at home vs at work. The number one rule people need to understand, don't expose the company to legal liability, ever. The number two rule, don't do anything that will risk bringing the network down (or critical servers, though most people don't appreciate the difference).
The order of those may change depending on the nature of the company, but those pretty much account for 99% of the "stupid" IT rules that people don't like following. Sure, you run BitTorrent at home and have never had a problem. Perhaps you even use it legally (riiiiight... But hey, I'll admit it could happen). Move that into a corporate environment, however, and your "just a tenth of my bandwidth, and low chance of getting caught pirating music", times 50 users, turns into "why does our network suck so much" and "I have the RIAA's lawyers on line 2...".
Additionally, most people absolutely suck at protecting their home PCs, and in my experience, they take even fewer precautions at work. Now, we run all the standard protections, such as AV, AS, mail and web filtering, and so on. But no amount of automated protection can ever suffice to stop determined insiders from managing to crash (or worse, compromise) their own workstations. Sure, you can fire the malicious ones after-the-fact (and the threat of that at least encourages some cooperation), but that doesn't undo the damage.
As an aside, I consider myself something of a "dark-grey hat". I will gladly teach my users how to do things so they stay juuuuuuust barely on the right side of the law. But even that doesn't always help... It lets people know that when I do give them rules, I most likely have a damned good reason for it; but you'll always have people who just don't "get" it, and don't understand why installing every toolbar, cursor enhancement, and systray bug they can find makes those fascist IT guys so annoyed.
As another aside, I've worked the other side of the fence as well, an engineer working as not part of the IT department. As for how to deal with that situation - Well, let's just say I thank Zeus that I don't have someone like myself as a one of my users.
... is being able to squeeze the cust^H^H^H^Hconsumer for the maximum amount of money while getting away with being able to provide a minimum of (or no) quality, service and support (or alternatively, charge ridiculous amounts for each of those three). This is possible because the individual "consumer" has very little leverage against the "producer" ('Not gonna buy your stuff anymore!'), compared to what a corporation could muster ('Not gonna buy several megabucks worth of your stuff anymore!').
I have had no user-installed programs since I started administrating the system here at a 3500-employee corporation. After a couple of books such as Windows NT Administration And More by Jonathan Briere (out of print), it was easy to pick up how to keep the systems locked down but not too much locked down. It just takes time and patience to go through it. From projections from "the Bobs" who came in to do some assessments of departments, they discovered that I am saving the company between $50k and $200k quarterly by keeping programs off and pushing employees to be more productive.
I've worked for many financial corps (writing webbanking applications), and most of them don't have Internet access *at all*! Try doing your web-based job without the www. (Okay, they had "internet stations" for research, but it was a hassle.) Especially as a consultant, you can be lucky if you can send email to the outside. Usually, it's internal-mail only.
The banks where I have worked that have Internet access, usually have heavy filtering. I still have the find a bank that blocks my own domain and thus my own webmail service, but yeah, for n00bs it's probably hard to survive without hotmail, gmail and yahoo.
Still, I don't understand banks. I was allowed to take my *personal* laptop inside and I worked late when every employee was gone. It was a no-brainer to put a cross-cable between my bank-desktop and my laptop. (Did that once for burning a CD - for the employees of the bank.... Nothing illegal, just "bending the rules"). Sure, the switches were MAC-bound, but if I can get all the info on my desktop and them copy it over to my laptop all security is gone at once.
For those suggesting USB sticks/harddrives: these machines were all NT4, for a reason.... *grin*
I would like to point out a recent meeting within our company...
Some of the managers of certain departments would like to install an instant messenger client for more responsive communications within the company between buildings. It was explained that a user could have more then one conversation (like a telephone) at a time and also save cost.
The upper management insisted that we do not install this program because it would "subtract" from productivity.
Even after explaining to them that I could enforce the system to only accept internal accounts, and the conversations are all logged, they still denied the project.
Our company is full of younger users that are simply more comfortable shooting a text to someone then picking up that nasty influenza infected phone to call someone.
They'll come around sometime.