Slashdot Mirror
IT Departments Fear Growing Expertise of Users
flatfilsoc recommends a long article in CIO magazine on users who know too much and the IT leaders who fear them. Dubbing the universe of consumer technology the "shadow IT department," the article highlights the extent to which the boundary between users' workplace and home have broken down. It notes the increasing clash — familiar to anyone who works in a company with an IT department — between users' home-grown productivity boosters and IT's mandate to protect corporate data. The inherent tendency of the IT department to want to crack down and control technology that it doesn't supply should be resisted at all costs, according to CIO. The article outlines strategies for co-existence. It just might persuade some desperate CIO somewhere not to embark on a career-limiting path of decreeing against gmail and IM.
and there are always groups of individuals in every company that DO NOT fit the one-size-fits-all software/security model.
Some people/groups really need a sandbox to work in, without interference from good intentioned IT departments.
A virus spread wildly throughout my company recently because IT had thought to conveniently map some not so useful drives for everyone... guess how that virus spread?
IT needs to learn to provide and protect without being so intrusive as to hinder real work being done.
Sighhh
Support NYCountryLawyer RIAA vs People
Has always been the user who *thinks* he knows too much, and is out to prove it - usually causing problems, havoc, and destruction in so doing. You know, the kind of guy who gets pissed when you won't give them root/Administrator priveliges because he thinks he's a real big-shot. I've heard arguments as silly as "Well, I'm learning Linux on my own at home, so sooner or later, I'm going to know how to use it whether you give me root or not." Yeah, good for you.
It seems that every company I've worked for has had one. Maybe it's a small part of my personal castigation for the things I've done wrong. Who can say...
Oh, you're not stuck, you're just unable to let go of the onion rings.
I've met uncountable numbers of idiots when it comes to understanding technology. Guess what... many of them were peers in IT. In retrospect, it makes sense. I'd anticipated my move from college to a "real" job as a release from the world of idiots in the CS curricula. Finally, I'd get a chance to work shoulder to shoulder with people who knew.
Not so much.
I'd never considered where the rest of my university peers had to go -- into the same work force I entered -- duh.
In the non-IT universe I discovered many were also clueless around technology, as I'd expected. What I hadn't expected was there were many non-IT people who got it, who understood technology, and worked with it adeptly. Many "got it" more than my peers. Some of the most profound ideas and innovation I've seen in IT have come from nontraditional non-IT people.
I agree (without reading the entire article) with the summary and gist of the article -- IT does itself no favors ruling by fiat and instead should collaborate with users.
This doesn't dismiss bad things happening and messes created by users left behind for IT to clean up. People who mess up should help clean up, but my experience has been many IT people are equally inept and likely to make messes.
A degree and title in IT and CS means only that one has a degree in IT and CS, nothing more. It doesn't mean they're anointed and it doesn't mean they know more about technology than users.
It takes a lot more than "I know how to build a computer .. and i play WOW all the time so i'm leet" to run an IT department. I welcome the smarter users; as long as they arent all wearing my tinfoil hat.
I don't work in the IT dept at my current employer, but I spent a number of years in the trenches before working here. Just today, I was causing fear, loathing, angst, and gnashing of teeth to one of our local IT folk. I told a young lady that I was going to ghost the hard drive from a little used computer onto a USB stick. Then take the hard drive and add it to my PC since I needed more space for my music collection. She was very nervous and thought I might actually do it. I was just giving her crap, but then again; if I need space I might...
Using the Freedom of Speech while I still have it.
http://www.cio.com/archive/021507/fea_user_mgmt.ht ml?action=print
Kilroy was here.
I'm sick and tired of IT departments that try to control everything I do when I know perfectly well that WeatherBug and WinFixer are the right tools for the job. I am a smart and knowledgeable IT consumer, and I've been using these fine products at home for some time now. Why not at work too?
What, you mean like when I brought my own google search appliance to work at my last job because the corporate intranet search capability blew chunks?
IT lost this fight when the USB memory stick became popular. Besides, no matter what they do, they can't stop me from creating a knoppix cluster from my coworkers pc's after they all leave for the day.
But I did always wonder why more departmental firewalls were present in all the places I've worked. I mean, does the CTO's pet project development team really need access to the production CRM cluster?
You are checking your backups, aren't you?
I admit, I have an unauthorized Wireless Access Point running. I've got it locked way down, and I doubt they will ever know about it. I'm also reading Slashdot outside of the corporate proxy... thanks to a friend named Putty.exe and SSH port tunneling. The same stuff lets me access my IMAP mail through Outlook... all things forbidden by IT. Short of shutting down our access to SSH, I don't see how they can stop me.
Here's one. Working at a community college, we have 3.5 separate departments/groups of people who "know" computers. Theres ITS - including network ops, mainframe ops, all the servers, connectivity, etc. Then theres Academic Technologies - all the student labs, computers, etc. Then theres the CIS/ITE staff, teaching things like programming, networking, etc. And then the .5 group is the business degree folks, but they offer classes in F/OSS software (ITE doesn't, except a Linux admin class), etc.
Don't blame me, I voted for Kodos
As a software developer outside of the IT department (I'm under direction of the Engineering group), I get this all the time. I get the run around, exclusion from important meetings, no say in things I have a large stake in, put at the bottom of the priority queue, and sometimes even people working to throw roadblocks in my way.
I've always been a fan of decentralized IT - a core group working to "keep the lights on" and seperate groups providing services embedded in the groups they're providing services to, responsible to the managers of the groups who use the tools. Meetings still happen with the needed staff, but someone is a few cubes down the hall or at least on the same floor to answer questions and get feedback.
The Doormat
If you're not outraged, then you're not paying attention.
I would be 7 kinds of mad if anyone was using gmail and IM in my office.
We work with NATO restricted data. *Everything* requires appropriate handling. E-mail is carefully fenced and the IM service is encrypted.
But even if you aren't a company with such a strong need for data protection... well actually there is no such thing. At the very least you have financial data and client information on your systems. Losing some of that stuff is considerably more harmful than restricting people to company provided communication tools.
Anyone placing data that hasn't been cleared for release (even by the very informal process of being sent out on purpose) onto services run by people with whom you have no contract and no reasonable expectation of integrity is, frankly, no better than the idiots who don't back up their data and are then surprised to find out that MTBF is not a guarantee. After all if your employees are using gmail et al you don't even know what data you *have* let alone what steps you need to take to protect it.
Beep beep.
Working from home isn't a bad thing (if you can handle it and can prioritize life/work appropriately). I believe an IT department, if the organization is so structured, should allow people who can handle the access to work from home. To do this, WE will provide YOU with the necessary equipment to do this task. This allows standardization (as much as can be afforded) and redundancy (I would imagine an inventory of at least one backup device).
To have someone who just arbitrarily says "I'm going to work from home!" and then attempts to use his 12 year old virus infected PC with his dialup access to go through the VPN and start downloading a 20MB Powerpoint is as ludicrous as it is dangerous. Even worse is the stink he raises when you finally have to tell him that he either can't work from home with his current gear, or has to go through the proper channels to get approval/funding for the correct gear.
Not to mention the fact that you sometimes get suckered into supporting the home network. That of itself is all kinds of hell.
People who think they know what they're doing are far more apt to screw up their computer up than an avowed newbie who is scared to do more than check e-mail and type Word documents. I don't think the IT department is going anywhere soon.
"Ask not what your country can do for you." --John F. Kennedy
...approximately 600 million computers are connected to the Internet, and that 150 million of them might be participants in a botnet--nearly all of them unwilling victims. (http://arstechnica.com/news.ars/post/20070125-87The simple fact is most users think they know what they are doing, but the lack the skills to adequately assess the risks of their actions. That is why they need to have rules around acceptable use and security policies to protect them from their own idiocy.
The only reason some people get lost in thought is because it's unfamiliar territory.
If you want complete control put the dumb terminals back. Otherwise let the creative users solve their problems and stand back. Sysadmins can still control access to sensitive data. If a user screws up a machine, slap the standard install image back on and try try again. There really is no reason for a PC "support" position
"IT lost this fight when the USB memory stick became popular. Besides, no matter what they do, they can't stop me from creating a knoppix cluster from my coworkers pc's after they all leave for the day."
Why do you think centralization, and thin clients are coming back?
But apparently slashdot is totally kosher...
Is the day hundreds of callcenters close down their Level 1 support. I always thought it funny to have columns and rows of people that do nothing but open the documentation the users have and read it to them over the phone. Since the phones are still ringing, I think this announcement is still quite a bit premature.
CIOs and IT departments limit and control software on their computers by taking 2 months to install MS Office on my desktop. I've had IT departments take 3 weeks to "install" software on my workstation, when all they had to was add shortcuts to my start menu and map the path to software on remote servers. It makes you wonder if they spend more time reading my email and slashdot posts than actual IT work.
I can't speak to the IT profession as that is not my field of expertise. I am, however, an aircraft structural engineer and have been one for a long time now. Most everything I know I learned after college and I'm still learning new stuff.
No...that degree is mearly your ticket to the starting gate...the good ones realize that.
A goal is a dream with a deadline
Man, I could hardly get through that entire article. BEWARE of the SHADOW IT -- sheesh what a bunch of junk. Users that can download a tool or two or know how to instant message does not an IT department make. That also doesn't make them exempt from my corporate IT usage policy. I don't know about everyone else, but from what I have seen in the past -- most of those TOOLS they like to download tend to be stuff like Weatherbug, and various toolbars. Yep, things that can make the Non-SHADOW IT department less productive.
I can't name a single situation in which I would be "scared" of the SHADOW IT department. I use a Cymphonix appliance to block viruses, spyware, toolbars, and a host of other malicious content -- it sits inline between my LAN and my Cisco PIX.
I would love to see the SHADOW IT department configure NAT and PAT on some Cisco devices. Oh noes. This article just pissed me off.
Be sure to let Jimbo Wales know he's an idiot for doing it that way.
I'm not advocating Wiki methods for a nuclear missle silo, but I think a lot more companies can profit from a Wiki-type approach to (some) data than those that can beneift from an NSA "everything is top secret and must be locked down at all costs" approach.
Crow T. Trollbot
Sure they can. They can fire you.
QUOTE: It just might persuade some desperate CIO somewhere not to embark on a career-limiting path of decreeing against gmail and IM. UNQUOTE
Sorry, that is not the case. Where I work, the word "email" is not even allowed in a URL anywhere. They block it period. Career-limiting my foot. I am sure any company with more then a couple of hundred people tends to be the same.
whether you like it or not.
In the US, Sarbanes-Oxley places some strict requirements on data retention for publicly-traded companies. Employees choosing to use IM and gmail, could cause those requirements to be circumvented.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
I've been a user that is locked into crazy setups. The traveling consultant at client sites who's PC is setup to be managed from the corporate network. At one point, I got tired of the insanity, took a ghost image of the machine they gave me, and installed linux on the machine (and then restored the ghost image in a vmware session).
But here's the thing, I don't ask for support from the IT department because I'm the odd guy. I know they can't support me. What annoys me (as the one who helps other IT departments manage lots of PC's) are the people that install various applications that cause our automated installs to fail. 90% of the machines are managed with little to no effort. It's the 10% that cause days of work while we try to figure out which of the 20 apps you installed is breaking our install tool.
And for all those against IM and email lockdown, I've been to trading companies where that's the law. They get in trouble when they don't have logs of what people said on IM, email, phone calls, etc because that's how they catch insider trading. Of course for every sensible rule, I've seen 10 that make no sense at all. As has been said before, the USB key should force companies to reevaluate their policies.
It just makes sense to centralize your IT if the IT department has to be responsible for what happens. The more centralized I make the company I work at the easier to support and roll out new features to the network. I don't mind connecting from home but you have to really plan that kind of deployment out. What vpn router are you gonna use? Is it gonna be a software client? etc.. I will tell you that our use of macs over pcs has helped tremendously with the spyware and virus stuff. I get comments from my users all the time that they tried to install the smiley toolbar and such and were unable too. I shed a tear of joy not having to worry about cleaning workstations all day.
This is kind of interesting, from the article:
"When you find that people have broken rules, the best thing to do is try to figure out why and to learn from it."
Sorry, no. When you find out that people have broken the rules, you write them up or you fire them, depending on the severity of the situation. What if the rule that was broken was someone carting around an unencrypted "backup" of a customer database on a thumbdrive, which he lost? Where I work, that's three major rules broken right there. If that happened, that person would be fired immediately.
Corporations aren't stupid. Hidebound, maybe, and slow to change, but if something is forbidden, there is usually a really good reason for it. Also, IT does not run the company, in most cases. Follow the chain of command up high enough, and you'll find IT's bosses. If you have a tool that you need or want, then petition for change. Don't do an end-run around the guys that are trying to keep you working, you're only going to hamstring yourself in the end.
The major problem is, people are making their decisions based on commercials or salesmen that promise an easy, 100% reliable solution to an existing problem. Then they run to IT to complain when the product doesn't perform the way it was supposed to. This makes extra work for an IT department that is probably already overworked. You want to play with toys, play with them on your own gear, not the corporate gear.
That said, a wise CIO is going to pay attention to what the employees say they need to find out:
a): If they really need it
b): If there isn't something better or already in-house that can fill that need
c): Is it safe to use, and what are the support requirements.
The important thing then is to tell the end user, No, you can't have that because of: ___, and give them an actual reason, instead of just telling them "against policy"
psmylie's dictionary: Godzillion (noun) Any number large enough to destroy Tokyo
1. "My hard drive is howling like a panther passing a kidney stone. Every time I run chkdsk I lose a few more sectors. I've backed up all my work to the network drive. When you get a chance can you come and fix my computer?"
2. "My computer won't start. It's been making this squealy noise for about two weeks and then all of a sudden it just died. You have to come right now and fix it because all the annual budget files are on my desktop."
Which call would you rather get?
None of them can see the clouds; The polished wings don't care.
Most system admins and network admins have always felt that their systems would run just fine except for all of those pesky users.
And a lot Mac users feel that system admins like Windows to make sure that system admins are needed.
Yes, most corporate users surf the web at home.
Yes, most of their home machines are horribly infected with spyware, viruses, and other things I grow weary of cleaning up. I have friends who make their livings cleaning up home PC's. Most of them have "regulars".
I have no problem helping my advanced, capable users be more productive through technology. I will even grant local admin when warranted.
I have major problems letting my users chat with their friends on IM while surfing porn, watching last nights CSI on YouTube, and unwittingly sending out spam on behalf of a botnet (while trying to infect the rest of the network). Whenever we (and by we I mean management) loosen the reigns, this is what I find all over my network.
Giving your users admin/root (i.e. ticket to ride) trying to make your life (or their life) easier only tends to make both of your lives harder later on.
Top down corporate stragedy types really don't need to be worrying so much about individual users. Good IT staff with sufficient decision making authority renders this entire "concern" moot.
This sig was generated randomly by one million monkeys with Speak 'n Spells. . .
When I come across someone who I find reasonably able to fix problems, I sometimes
enlist their help on assisting their computer neighbors. I also find that people
who think they know a lot quite often mess up their computer even more and consequently
require my help more - That is okay, it keeps me employed. It is changing though
with users losing admin rights. They really cannot do anything as a standard user.
On UNIX computers, The users tend to be more technical (I find) but still require
assistance sometimes. Especially when they do not have root.
...we do fear "Expertise". The technical ignorance among users, for wich Microsoft is very much responsible for... the "It looks cool and it seems to work" attitude where the part about security is just an irritating detail wich blocks the "Experts" access to cool features.
I am very lucky and I do have support from our management to say what is and what is not allowed... but many places the worst "Expert" is somone from management.
We should love smart users. If they come up with their own solutions to problems, they're de facto developers. If the business is run well, good workers will succeed and advance while poor workers fail and leave the company. In time, we'll have evolved a class of competent users, even experts, and have application development in the hands of everyone, along with the skillset to actually make decent software. It's a long way off, and maybe a pipe dream, I know, but don't squash the dream. Please.
You see? You see? Your stupid minds! Stupid! Stupid!
...back in the early 90's when I managed single DEC MicroVAX minicomputer with over 60 connected VT terminals and 25 printers. System Management was easy, centralized, and completely controllable--users only had access to what we gave them and absolutely nothing else. OK, so character-based Word Perfect, Lotus 123, Pine, and Lynx could be difficult at times, but people were honestly very productive, and things hummed along nicely.
Enter the mandatory Windows world, and that's when things really went to Hell....
My mom always said, "Jim, you're 1 in a million." Given the current population, there are 7000 of me. God help us all!
Wherever these advanced users are at, please send some my way. As an R&D programmer and backup admin, I get hit by unskilled users twice. Users that manage to get a completely dumbed down interface wrong, or a user that wonders why they can view a PDF after deleting acrobat reader (only God knows why).
In our company, everyone who has any amount of talent on the computer becomes a part of IT at least in some small way. And I know we certainly wish we had more people we could trust with more responsibility. We only have one dedicated IT man for 7 servers, 75+ users and 4 plants connected over a VPN pipeline.
It all comes down to trust. In our case, we don't trust their abilities. It's not that we don't trust their motives. We wish we had users that were more advanced. If you do and look at it as anything other than a blessing, you have a serious problem and should really be looking into why you have users you can't (or refuse to) trust.
They're the same exact gimps who ask me why they're getting spyware at home all the time.
Just like a new hire into the IT department; I don't know these people from anyone else. Anyone can claim any amount of knowledge they like but as long as I'm responsible for the systems they're working on I'm not real comfortable letting these people do as they will in the hopes that they really know what they're doing.
Unlike the new hire into the IT department; I have neither the time nor the authority to monitor their activities. I can't go and "slap them upside their head" for doing something stupid and that's if I even notice what they've done before something goes seriously wrong.
The kind of relationship that needs to exist between senior IT members and the people who work with the machines simply can not take place in a real world environment. It's not like I'm slapping the concept of working with these people down but I can't simply take it for granted that they know what they're doing and that they know when to draw the line.
I haven't even bothered to take into account the types out there who are looking to cause trouble... Anyone who works in IT should already have the picture of what I'm talking about when even good intentioned users go astray.
Nor does this mean that everyone who isn't IT should be dismissed as idiots. It's just that I'm responsible for the well being of these systems. Not to be over dramatic but are you going to let strangers watch over your children if their credentials are "I've babysat before"?
Dedicated Cthulhu Cultist since 4523 BC.
Letting users do whatever they want on company computers is a great way to have a lot of things go wrong very quickly. When you are at work, you are there to be working, not playing around on the internet, talking to your buddies, exchanging ims and emails an whatever else you could possibly be doing that has absolutely nothing to do with your job.
At my work, our computers are completely locked down and we cannot change anything, no matter how mundane. I personally thing this is great because I know that whenever I go to the computer, it will just work. If we could change things, I have no doubt a few of the employees would just have to screw with things and then when it didn't work, it would then screw up my job and cost the company a lot of money, not to mention cause my workers and I unneeded stress.
All this comes from someone who has several computers running from home with various operating systems doing various tasks. I could probably improve things at my work in regards to how tech is handled, but it is not my job. If I want to play sysadmin, I can do it with my own gear, on my own time.
There was a lot of interest in thin clients at RSA 07, or at least there were lot of people crowding the Citrix, Sun, and Oracle booths ("booths" being a relative term, these booths were the 1/2 the size of a tennis court.)
This technology goes in and out of fashion like anything else, primarily because the clientware bloats up in each generation to the point of making it painful. But all the hoo-hah over SOX, etc, probably is going to justify the pain for a lot of people. Who says the minframe isn't dead? It's the only was to control users, give them a 3270 terminal if you have to.
Give a man a fish and you have fed him for today. Teach a man to fish, and he'll say "WHERE'S MY FISH, YOU IDIOT?"
I've worked in corporate R&D labs with relatively high security that still provided wireless access on the grounds of the lab. This is a security risk, perhaps, but one that was mitigated to an extent deemed acceptable, given the value it provided. Another company I worked for, with far less to worry about from a data protection perspective, denied our numerous requests for wireless access on grounds of "security". In other words, they were too incompetent to mitigate the risk involved to provide a valuable service to us.
As an IT tech, I have known users who knew their stuff, maybe 0.5% of the employees of any given company. And I have know techs who did not know their stuff, maybe 60%.
But all in all there are reasons why computers are locked down and there are reasons why IT mandates that "thou shalt not". Too many times there have been licensing issues where a know-it-all user with the ability to install software on their local box has brought in a package from home to install because they could get their work done better/faster/more colorfully with it than they could with the software that the company licensed. And when the project/document/spreadsheet that they created in that software can't be read or modified by any of the licensed software, they instantly become indignant and blame IT for not finding a way to convert their information. Contrary to popular mis-belief, IT does not have experience in EVERY piece of software out there. And when some disgruntled soul left the company they would let the anti-piracy folks know about the illegal installs.
And then there are the ones who download every bit of shareware/freeware/spyware in the known universe to their local box, turning their machine into a zombie or worse.
IT is usually mandated to keep the network running smoothly, virus and spyware free, and within the licensing agreements of the software that they have purchased. To do that they have to lock down the network, the computers and the user rights because the know-it-alls don't care about security, safety or licensing. They just want to run Weatherbug because they are too lazy to check into the WeatherChannel.
And then there are the users who listen to Internet radio (sucking down bandwidth), download illegal music and software (because it's faster than at home), and cruise the porn and game sites. Most users don't remember that the computer, network and internet connection still belong to the company that they work for and the aim of IT is to make sure that everyone can play and work together to the betterment of the company.
Give me a user who will work within the guidelines, request the software that they need to do their job and, at the end of the day, tend to their personal internet needs from their home computers.
I, for one, welcome our new IT Overlords. Also... In the IT department, the computer fixes you! :^)
The author has obviously never worked at a regulated and/or publicly traded company or a company that has experienced the embarrassment of a PII leak. Those decrees come from Audit and/or Legal. And it may be painful to admit this, but those departments are trying to look out for the company - yes, ignorance can cause a misstep or three, but it's naive to assume all their decisions are driven by fud.
And for all the down trodden cubicle jockeys that will post, "but what about USB drives, or floppies, or [insert other tech here]" there are plenty of ways to limit/remove that functionality as well. The one I'm most familiar with is giving users a locked down Wyse terminal that can/will only RDP to a very locked down terminal server.
Remember, you're on the companies infrastructure and they're paying for your time - you get to what they want and how they want you to. If you don't like it get another job. If you think these decisions are in the hands of the CIO, get a clue.
I'm curious to hear how other Slashdotters are able to make use of wiki's within the corporate firewall. I have seen some companies where really useful wiki's begin on someone's desktop and are subsequently subject to push back, mostly based on security concerns.
Why is it that people feel they have a right to do the work of or intefere with the work of their IT departments? It is my responsibility, not yours to run IT. I don't go around other peoples desks mucking about with their jobs because I know a bit about finance, or sales or whatever.
I see a few examples of people proudly demonstrating how they have circumvented what they perceive as some form of restrictive IT policy - it my opinion you should be sacked. The most common problem I have seen of late is wireless APs. A company bans wireless for legitimate reasons, smart arse users install a "secret" AP, company gets owned. I also cannot count the number of times I have had to respond to a problem that has been caused by users who are otherwise very IT competent but don't understand how their little change or improvement affects the big picture.
Many complaints about IT are of course completely legitimate as are complaints about any other area of business. If there is a problem with your IT groups or you need some tool or change to IT operating practices then use the right channels. Talk to your IT group and your management team. We are also annoyed by limitations with IT systems but we have budgets and responsibilities to the company just like users do and can't always make things work the way they should.
Just wait until a green CIS Computer Information System management graduate marries your bosses daughter and takes over your IT department. Answering questions like, "What is this Apache thing? Can you get rid of it, I don't like Indian named things?" gets real old real fast.
At the company, many of the users were technically savvy, and more importantly, the process associated with IT was prohibitively complicated. It would take too long to get an IT project approved, and so people would use readily available tools (Excel and Access were the big ones) to develop solutions that met the need.
I'm sure everyone knows that in the health insurance industry, data privacy is extremely important, so yes, the IT department had some valid concerns about meeting government regulation, but to be fearful of an educated and motivated user that needs something and is willing to invest their time to get it...that's stupid.
This type of alarmism is your typical FUD that arises when a bunch of established people get jittery about where their paycheck will come from when they feel that someone is threatening the usefulness of their job by doing the things that they used to do. I have one response to that.
The model-T Ford.
Yes, all those horse and buggy people were pissed. The smart ones just rolled with it and became mechanics and made fortunes in the automotive industry. And here, too, all that is really required is to say, "OK, what are the new services that we can provide now that we have successfully built tools easy enough that the end-user can use them productively for basic development and analytic tasks?" Guess, what? There will be many more jobs that grow out of millions of educated users all over the world learning to use Excel and Access, etc.
At the health insurance company, what I could clearly see that our VP of IT could not, was that the efforts of our business people were doing an amazing job of forcing the IT process to become more efficient and less complacent. In other words, it demanded that IT actually earn their paycheck, and that IT explore the new responsiblities that they could take on with their considerable technical skills, in order to better serve a new and more educated customer (technically knowledgeable business users).
Fear arises because people are God damn lazy. "But I like doing what I've always done. Doing new things is hard. I have to actually learn to do new things. Oh, I just can't possibly see what we will do now that users can do things with data. Oh, why! Why did we give them a power tool that empowers them to go to Home Depot and then rennovate their house themselves, oh why???" Well carpenters haven't gone out of business and neither will IT people...not the proactive ones at any rate.
The tools will get better and the end user will be able to do more, which means there will be more new business requirements that need specialists to assist the business user, and so on. It's been this same process for generation after generation, and every there are a bunch of alarmists crying doom, and every time new opportunities arise from the changes and the economy experiences a net positive growth.
Yet these are organization's tools, not an extension or a portal of entertainment devices.
Because we require so much work of people, at seeming all hours (read Crackberries, constant email/mobile/cell/IM/texting) the blur is difficult to define the boundaries of work and home life. It's no fracking wonder why people believe that their office PC is just another portal to iTunes.
And along with credit card numbers, SSNs, (SINs in Canada, etc.), notebooks, memory devices, and so on are compromised on seemingly a daily basis. No fracking wonder there, either. It takes a decidedly cogent (not reactive) culture to guard against misuse and data theft/compromise.
Most data security is laughable. Even good news-scare stories make no difference in cultural attitude. It's going to take a big organization going down (and hard) to shake up how people view office technology. And those were the people with good intentions.
---- Teach Peace. It's Cheaper Than War.
Somebody says they are an 'expert user', we have them take the Trancender 70-270 practice test for Windows XP. If they can pass it with an 80+ score, we give them local admin rights or put them in an approved OU.
It is part of our SLA, and if anyone bitches, we just point them at the contract.
Having seen the hundreds of various ways an enduser can fuck up their data, this is one thing we DO NOT bend on. I have never had a CEO or CIO complain about this clause, and to date, out of maybe 20 users testing, NONE passed with even a 50 score.
User says they're expert? Make them prove it.
Most IT departments try to control what people do on the corporate computers. By locking down the corporate environment so that people have to come beg to install something new, they keep their stranglehold on the corporate environment. By maintaining that power, they justify their existence.
IT's mandate to protect corporate data
Here we have the single point that makes this entire FP one big strawman...
Yes, IT takes some measures to protect corporate data, both from inappropriate access, and from erroneous (or malicious) deletion.
The bulk of this "clash", however, involves two points - Maintainability, and the difference between personal and corporate liability.
Maintainability... Given a network of dozens, or even hundreds, of users, homogeneity means everything. If it takes an extra 15 minutes to solve a five minute problem because each user has their own bizarre configuration and preferred tools, you've wasted three quarters of my time vs just using the tools provided. And speaking of "provided", IT simply doesn't have the time to check each and every machine daily for pirated software. "Oh, but just fire anyone that has pirated software"... Yeah, sure, at up to 50k per violation and the need to replace a presumeably qualified (if careless) employee - Not an option as a default policy.
And I haven't even mentioned that people expect support from IT on anything and everything they can find on their machines... Guess what? I don't know everything. I can fix and teach Outlook, ThunderBird, Netscape, Eudora, Calypso, Elm, Pine, and perhaps a few dozen clones thereof, but I still won't have a clue how to fix your problem with FooMail; and even if it works similarly enough to one I do know that I can walk right through it, I won't know that until you've already wasted the time it takes me to visit your office (times two, since presumeably neither of us will get anything else done in the meantime).
As for liability, take the GMail example... In many companies (anything healthcare related, anything publically-traded, and just a good idea in most cases) you have legal minimum retention times for email; On top of that, since those emails count as a liability, you want to enforce that same period as a maximum retention time as well. GMail makes both impossible - You can't guarantee the legal minimum, and you can't automagically delete mail after that time. For that matter, you can't even guarantee that you'll ever again have access to a terminated-for-cause employee's email five minutes after security escorts them out.
You also need to worry about the motivation for using third-party email... If a company provides its own email server with no unreasonable content or size filtering, why would employees use GMail for work-related material?
The same applies to IM (though admittedly far fewer companies host their own IM than host their own email).
I (and most IT workers) don't seriously give a rat's ass what you do on your office computer - Your productivity only matters to you and your manager. I really don't care if you want to play Solitaire all day long. So this has nothing to do with control. But when I get reprimanded (or worse) for letting a random user get the company fined tens of thousands of dollars or under criminal investigation for unknowingly hosting kiddie porn, yeah, you can bet the farm I'll choose "lock your machine down" every time.
The prior poster has seen the light and [his butt has] been saved!
In no way am I suggesting that 70-270, or any other MCSE training makes one an expert.
It sounds all fine and dandy to allow the user to install all kinds of stuff on there machines. And without a company mandate with some teeth ( termination or write ups ) most people will install things on their own anyways. We have prevented people from having root access, but generally they figure out what the password is or someone in IT tells them.
The only problem with these sorts of users is the support they require when it turns out they don't know what they are doing. Any boob can install iTunes, but even the smarter ones start having problems trying to figure out why there machine crashes afterwords. Then IT is called and blamed.
I'm fine with having these users install whatever they want, just as long as they realize that when they have a problem of any kind of size ( word won't start ) I'm going to blast the machine. If they are smart enough to install all the extra software they are smart enough to put their data on the network or at least in one folder where I can copy it. If they say I lost all my MP3's I'm not going to have a problem telling them tough.
These same people don't have to sign the invoices for their expensive laptops, I do. It is company property and companies should have every right to tell individuals what they can and can't install. At the same time they cannot be so stubborn as to not allow for newer software to get added, even if it does pose some sort of risk. Instant messenger and those types of programs can greatly increase productivity if used correctly. If the employee is chatting with his wife, I'd rather he do that then go in the hallway and call him on his cell...chances are he is actually doing something in between the chat lines.
That said the company still has the right to monitor the person for any traffic going over their network. If the guy gets in trouble and they find that he chatted with his wife all the time it should be admissable in determining his dismisal. Everyone out there knows when enough is enough, those that don't usually end up without a job.
and I still say:
1) It's my property (well, the owner of the company is my boss, but I manage this data center)
2) On my property, it's my internet usage rules, as long as I'm fair about it.
3) I bear the full responsibility for stuff going boom (physically, financially or legally), so I have the full right to monitor and control network usage.
4) You can always go home and use IM and gmail if you want. I have no control over that (though one jackass company in Michigan certainly would want to).
I support SOX, though I admit we're not a publicly traded company...
--- Grow a pair, liberals... stop letting the Republicans bully you!
Because without physical security there is no security.
Locking down the PC so that the receptionist cannot move data to his/her iPod would also, logically, prevent the iPod from doing anything that s/he would want it to do.
Unless you configured an iPod specific rule. And security is broken by "exceptions".
From the time people started bringing their PCs into work because the IT department ruled the minicomputers, this has been happening. The users are usually the first to start the revolution, and the entrenched "experts" are the last to figure it out. I remember how hard corporations fought against Apples, Commodores, and PCs in the '80s, until they learned to embrace them.
The *only* way to lock down information is to go back to the old idea of centrally-managed systems. Even that doesn't stop users from printing hardcopies, of course, but it helps cut down on the loss of massive amounts of information.
But, if you want to know why Microsoft is having no problem pushing DRM'd documents, look no further than corporate control of information. Never mind that the only way it will work is to turn every PC into essentially a dumb terminal, and not allow people to use anything other than Microsoft-approved hardware and software. Corporations want to put the genie back in the bottle, and Microsoft has given them the promise they wanted to hear.
In the end, corporations will spend a lot to curtail this, only to turn around and embrace it later. If your business methods don't hold up to the reality of evolving technology, it might be your business methods that are wrong, not the technology.
Of course, I'm just a dumb-ass IT guy. What the fuck do I know?
Microsoft is to software what Budweiser is to beer.
And if you don't do what the patient wants,... they sue you.
the NPG electrode was replaced with carbon blac
Ask an old-timer to bring in his 1980-vintage computer magazines. Notice all the opinion columns worrying about how the high priests of the mainframe glass house could "maintain control" as users brought in their own computers.
How do the large corps handle the dichotomy of selling high tech products .. and then crippling them at work?
I'll start: I brought my laptop into work with me because I'd done some work on it at home and figured it be easier to copy data over than to burn a CD or use a USB key. Another point was that I wanted to make a point of keeping my work computer and laptop in sync so I could work from anywhere if I needed to.
So I bring the laptop in and ask the IT department which of the several wireless networks I should connect to and how. They said I can't, it's against company policy.
So here's the deal, given an internet connection at home, I can VPN into my companies network at will. I simply can't bring the laptop in and connect it while I'm at the office.
Genius. Keep in mind that I do understand the problem, but I also know there is a DMZ I should be able to connect to, which will then let me VPN into the local network, they just won't let me.
Stupid sexy Flanders.
This is not a new phenomena. The shadow IT department is the reason small computers are so dominant. Without their influence we'd all be using great big, centrally controlled, physically isolated, IBM brand mainframes.
You think it was the IT department that made Microsoft ubiquitous?
To me, the funny thing is that very few open source linux loving slashdotters with their subversive anti-monoculture, free-IP loving, idealistic anti-MS ways understand this and therefore where the real disruptive power is located.
They long to be the real shadow IT department with their cool toys that the end users don't understand. But they make the mistake of trying to convert the IT department and ultimately the company goes with what the ever-loving users chose instead.
Its interesting. I work in a large organization. My group is an officially sanctioned technical group (an apps development team). However, we're not the IT group that makes all of the decisions about Hardware, OS configuration, and the like.
So I've actually been on both sides of the coin at once. On one hand, I have registry scripts that I've built to eliminate roadblocks that the IT group has put in place to prevent the massive number of regular users from doing dangerous things to their PCs. Every time a new hinderance policy rolls out, I often find that I have to override it to do my job. Though I'd rather not override the policies, but I need to be able to see things like descriptive HTML error messages. You know, because developing web applications is part of my job. Kinda hard to fix anything when all you get is "There was an error. Peace out".
On the other hand, we have a number of Shadow technical groups floating around in other parts of the organization. Some of these Shadow groups have decided to build their own applications. Often these are Frankenstein monstrosities built out of an amalgam of Excel, Access, VB Macros, and other such "user friendly" tools. Often these same "applications" later become the bane of my existence when they attempt to exceed 15 users and they melt down like Velveeta on the planet Mercury. Luckily, when they come begging our group for help, I can rewrite them if its my prerogative, which it always is. Most often we don't even look at the original code and simply start with user requirements, just as we would do with any other project.
So I feel the pain of the IT group. Its hard to support thousands of users that are doing all kinds of crazy stuff that routinely breaks things or exposes the organization to harmful viruses/spyware/etc. At the same time, I feel the pain of the users, who sometimes need to get out from under the draconian thumb just to get stuff done.
Still, I wish there would be a day when all the Frankenstein applications were dead and gone, and only the clean, gleaming ivory tower applications remained. Unfortunately, it'll never happen because with each monster I kill, somewhere else in the labyrinth another aspiring Dr. Frankenstein creates his/her monster of their very own. They feed it data, and users; and it grows larger each day, inexorably marching towards the day when it too will become like as much melted cheese.
// harborpirate
// Slashbots off the starboard bow!
This is not fear we have. I certainly don't fear the Software Developer that has good Unix or Windows knowledge. Hell, I'll try and learn a thing or two from those folks. However, we in IT have a job to do and we're trying to do that job with a couple of things in mind.
1. Keep the Lowest Common Denominator employee productive and not constantly working on their system(s). If you're a hot shot techie at home, you have to realize that IT needs to make things work for the non-techie employees as well as you. Admin Assistants are a good example. They don't know about SysInternals or Slashdot or Linux and they don't care. They do care about office applications working then they need them for that presentation their boss (sometimes your boss) is about to give or whatever else is their important issue of the day.
2. IT is not interested in how you do things at home and telling us that's how we should do it at the office. We're running a business, we're not running your little computing playground you have setup in your house. Hell, we have them too, but those solutions are not business solutions, they are home solutions and are different solutions that employ some of the same technology. It's an apple and an orange. IT is not really interested in how you have your computers at home on a certain switch or how you do backups or you telling IT how they should setup their network and what their problem is. Personally, I'm interested in talking to you about that for stuff and comparing it to what I do in my home, but not the business I work for.
3. IT places restrictions for good of the business and so that IT can focus its energy on a limited number of products. If IT let everyone just run what they wanted on their systems, IT would be a nightmare and the company couldn't get good quality people to do the job well. Everyone has products they like and favor, even the IT people, I certainly wouldn't want to work for a company where I had to support every anti-virus software in existence or every Linux distribution because it was the whim of the person who's office the system was installed. I want to see a buisness reason for supporting multiple Linux distributions or anti-virus software. IT makes business choices based on best practices and industry leading technology products. Well, at least IT tries to do this, in most cases.
On the flipside of the coin, the company where I work now has in it's IT policy that checking your personal email (Gmail, Yahooo Mail, hotmail, etc.) is not allowed. I don't get this, personally, but that's the policy and everyone scoffs at it. Also, IM is not allowed/supported, but there is a way around it that everyone uses.
Policy and practice by IT is there for the wide abuser IMHO. For example, an employee who puts 8 different firewalls, 3 anti-virus programs, and a slew of other non-work applications on his company issued laptop that has the company anti-virus and firewall. This person has the balls to call the help desk and complain that his laptop is performing like crap. Genius, uninstall 7 firewalls and two anti-virus programs and I bet your laptop performs a whole lot better.
I think everyone in any company should spend two weeks working in the company's IT group as part of orientation and I think seeing and hearing the issues first hand from that side of the fence will generate a different set of articles from this one.
"...the shortest distance between two points may be straight line, but it is by no means the most interesting."
The point of the article is not that you should or shouldn't try to lock things down. It is that that no matter how much you try to lock things down, your users will find ways to open it up to get their work done.
If you're smart, you'll figure out ways that you can both get what you want: Your security and manageability, and their productivity and ease-of-use. Handing edicts from on high is a pretty stupid idea. The point of the article is that you're not shutting down what they call "Shadow IT," you're simply driving it underground where it's harder to see and deal with.
But, you know, it's your property and your rules, so by all means, do with it what you will, and good luck with that.
If the receptionist is assumed to be untrustworthy, then they could just as easily install a real hardware keylogger in between the PC and the keyboard. (And that would be a lot easier to get than an iPod-disguised keylogger.)
I'm not saying that there aren't situations where barring anything that could carry data away is appropriate. It's just that IT types seem to hone in on the "security breaches" that they can shore up, to the greatest inconvenience of users, while ignoring glaring holes elsewhere. If you're going to tell the secretary that she can't charge her iPod from the USB port because of the risk of keylogging, I hope that the keyboard's PS/2 connector is superglued in, or the entire chassis is encased in a locked steel container. Otherwise you're ignoring an obvious avenue of attack (like these), but going after a highly unlikely one, even though the treatment for the unlikely one annoys the user more.
Most IT departments have so many security problems and vulnerabilities, it's hard to even know where to start. But rather than working through them in a rational way, they seem to begin with the premise that "anything that annoys the users in the name of security must be good." (Probably not their fault; it's probably an attempt to placate a PHB somewhere by making the security really obvious...)
It's ultimately a glass-houses issue. Before overt, draconian security measures are put in place, everything else ought to be locked up already. Otherwise, it just makes the IT department look like they're power-tripping, regardless of the real motivation. And in the corporate world, it's not good to make everyone else hate you. Particularly the secretaries.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
This is a general observation that can be made regarding 'regulatory' departments that are concerned with security and legal compliance. Generally the rules are written down by someone senior, who uses common sense to reach what seems, at the time, a reasonable compromise and a practical approach. Next, they are handed down to a team of juniors, who enforce without understanding, because that is what they have been told to do. Through habituation, the regulations become Holy Writ and nobody is allowed to touch them --- a situation the original author(s) would probably have regarded as silly and dangerous. Finally, everybody formally adheres to the rules while circumventing them by any means possible, making a total nonsense of the original purpose.
This is by no means limited to IT. It also applies to finance or health care, or for that matter the US Constitution. It seems to a general human phenomenon. But it just seems that IT departments are more prone than others to the extreme aberration that I would call IT fascism: The belief that the ideal organization is regimented, uniformed, homogeneous, goose-stepping, controlled, and obedient; and that any exceptions need to be eliminated. Maybe the use of binary code stimulates binary thinking.
Of course, for any commercial organization, this can be a real killer in the long run. I've seen creativity and innovation totally stifled by regulation, until most people were so marinated in the status quo that they became completely incapable of independent decision-making, and the creative minds got frustrated and left. It's pretty much the reason why, if I were to make a SWOT analysis of our firm, I would classify much of our IT department under 'threats'. It's not because these people are of ill will, but the idea of trying, stimulating, or even supporting something new has become alien to them.
They are taking care of the daily business, according to present regulation, and they just can't imagine that there might be more to the job than that. To be fair, most of them are so far from the "frontline" that they no longer hear the din of the battle for survival.
Just today I was aked by the IT department that I should put my few webpages not on my own drive with a shared directory, but on the intraweb.
The reason I have it on a local shared drive is so that I can decide who sees the content. There is content on there that my department needs, yet other departsments hsould NOT be seeing.
So my first an main question is if other departments would be allowed to be looking at the content. I was asured that security was made that only those people I selected would be able to see the content. So I asked a cow orker who was not yet added to type in the URL and he was able to see it.
Yes, I have more expertise then the IT department and if nothing, they should fear for their job. I would if somebody from another department knew my job better then I did.
The problem obviously is outsourcing and centralisation. All these poor people can do is listen to the IT honcho's in another country. So wrong on so many levels, it actualy hurts our daily work.
Don't fight for your country, if your country does not fight for you.
I've worked in corporate R&D labs with relatively high security that still provided wireless access on the grounds of the lab. This is a security risk, perhaps, but one that was mitigated to an extent deemed acceptable, given the value it provided. Another company I worked for, with far less to worry about from a data protection perspective, denied our numerous requests for wireless access on grounds of "security". In other words, they were too incompetent to mitigate the risk involved to provide a valuable service to us.
... assuming that the former is larger in absolute terms than the latter, and neglecting all other IT dept responsibilities, there would have been a demand that wireless be rolled out yesterday (probably with the addendum "isn't that what we give you all that goddamn money for?").
Sometimes it's also funding. I know of a place where the IT department used "security" as a catchall refusal for things they couldn't afford to implement, but didn't want to admit they were incapable of. For example, if an executive asks for wireless, they get told that they can't do it, because of the security risks. The executive grumbles, walks off. If they had said the real reason -- because deploying wireless might have cost a lot -- then it would have been an invitation for the executive to perform the following comparison: [Size of IT Dept Annual Budget] vs [Cost of Wireless Internet]
But telling someone that you can't do it because of vague 'security concerns' sounds a lot better, and invites a lot less inquiry, than 'because we're spending our money elsewhere already, and we don't want to spend it on your pet project.'
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I, for one, welcome the users being able to do stuff with their PCs. I don't have the time or the inclination to be the gatekeeper to the magical world of IT. If I have to come up with every damn innovation that has a current running through it then I'm not paid enough, and never will be.
I provide a robust infrastructure that allows people to do their job as well or as badly as they want. You can't use computers to enforce (badly thoughtout) business rules without trampling over productivity.
The issue isn't about power users vs regular lusers. The issue is about respecting the I.T. department. Power users are fine, even helpful. It's the power users who think they're better than IT, or don't respect the process of getting stuff done right, or run around doing what they think they should because those IT dolts will take forever... those are the folks who cause the problems.
I have a few power users here, we had a discussion about what they should and shouldn't do with their computers, and they respect that and they respect how to get things done and changed. I know they can install a printer or app on their own, but they follow the process, and I give them some latitude. I have many more Power Lusers here, who think that because they do something at home, they should be able to do it here. If I had a dollar for every time I've heard "I use iTunes (or WeatherChannel or Google Desktop or whatever) at home and it doesn't cause trouble, so let me keep it on here!" I'd be retired already. It's those Power Lusers who think that because they worked a year selling computer stuff at the local box store about a decade ago, they are perfectly within their rights to go around installing software on their entire department without asking. And it's those Power Lusers who complain and come up with all sorts of bullshit reasons against it when we lock down the systems, making so much noise that senior management finally wants to come to a compromise instead of enforcing the rules.
Those are the folks who don't respect what we do, and they are the real problem.
If I knew the wedgies I gave you back in 6th grade would have resulted in this . . . I might have taken a moments pause.
I have worked in helldesk for..far..too long. Far far far too long. Er anyway. I have to say no I don't feel expertise of users. I fear users who -think- they are experts and really have no clue.
I don't know a serious company that doesn't use IM extensively for inter- and intra- office communication, or even with clients.
Yeah, some have their own in-house IM systems, but that doesn't usually do it all (especially if you have offsite contractors and/or coordinate with the client during remote system events).
Terrorists can attack freedom, but only Congress can destroy it.
The docs could be well written and as plain as day, single stepped with screen caps, and all custom info provided inline, and they'd still be shocked and offended if the helpdesk pointed it out and asked someone to follow it.
There are people that honestly expect to be read to, and "don't have the time" to figure out their own problems. They don't understand that if they do it once by themselves, that the understanding will allow them to get around things faster the next time. Thus, they get aggravated every time they have to call, and yet they keep calling. Usually they're in Sales or Marketing, and they have pointy hair..and...arghhh...
The Do It Yourselfers are unfortunately in the minority. The spoonfed, arrogantly ignorant masses will keep helpdesks in business until the paradigm shift hits the mainstream, which the original article is sadly incorrect in predicting.
Between private consulting and working for Law Enforcement IT, I have seen a number of them. Big networks or small ones, there is always that guy/girl. The one who firmly believes they "should" be IT, and in control of everything. Just once, I would like to grant their wish, just once when my neck isnt on the line...and watch them get smacked by reality. I like to think it would be like a large truck hitting them at high speed while they explain of how it should be done.
CS: It is all sink or swim...oh and did I mention there are sharks in that water?
May I be the first IT person to say:
BWAHAHAHAHAHHAHAHAHAHHAHAHAHHAHAHHA
Thank you..
At a previous company we were very flexible and provided everything we could for users, especially remote users: OWA, VPN, wireless, SSL-VPN, Terminal Server for those legacy apps that no one could do without, etc. et al. We held a pretty secure ship, filtered only what was legally necessary and monitored traffic/e-mail only when requested by HR.
Regardless we still had this Shadow IT. Typically it was the guy who ran his own network and Exchange server at home telling us how we should run things, how he should have two monitors even though no one else had that and that he should be allowed unfiltered internet because it made him more productive.
Then there was the time the top salesman left his laptop at home, connected to our VPN, his son used it and it began attacking our firewall with a SQL slammer worm. One time can be forgiven, but this was the third time in a year that this occurred.
IT was thrown under the bus on these accounts and others.
Mr. Know-it-all got his second screen and caused a chain reaction of others crying for them and costing the company a sizable chunk of change.He also won having the internet opened up for sports and games. IT watched productivity drop as non-business internet usage climbed.
Mr. VPN received a third "warning" in his HR file, but IT had it's hand slapped because we hadn't really educated him on how to use his laptop, the VPN or the update programs. This in spite of us producing a document signed by the guy that stated "I understand IT policy and proper use of issued equipment and the network."
Back and forth this struggle has continued for the past 20+ years I've been in IT. For a few years, we're heroes. We implement technology and methods that allow businesses to grow and profit at the speed of light. We save businesses from going under when disaster strikes because we backed up the data. Then for the next few years we're the villains. We don't implement the latest technology just because the CFO said not to spend any money. We're thrown under the bus because an executive sent an illegal e-mail and IT had the nerve to have it backed up and accessible for the legal system.
The longer I'm in IT, the more I wish I'd have learned a real skill like cooking or carpentry.
After having lived life on both sides, I almost see this issue as a stalemate between the user base and the IT department. I certainly understand the frustration on the user side of things as I am in a position right now where I cannot get the tools from the IT department that I need (and I work in IT, just in a Data Analysis side instead of directly with infrastructure.) So, I am forced to use my USB thumb drive because I have am old Dell Optiplex GX120 at work where the hard drive might might die at any time. I need my server home drive mapped so I can backup but nobody can figure out why the mappings are not going through and it seems like feet are dragging. Finally, not all of my access is complete and I have been at the company for a little over a week.
I have been recieving CIO magazine for a couple years, and I have come to think of it as a book of Humor. On occasion I find some of the articles interesting, but mostly just amusing. I don't fear my users, unless they can keep up with the learning curve, they will fall behind quickly after new products come out. Most Users don't want to know how things work, they just want it to work. On the other hand if you have a user that is trying to flex thier computer skills in your face, you can bet they are doing much more behind you. Watch those users.. this article may also be biased based on the the service/software the mention in it and those who buy ads in this magazine. After all, how can CIO say don't let users use Gmail, or IM's. I think thier sponsers would flip...
Ad eundum quo nemo ante iit!
Case in point being a publicly owned and traded company in the insurance industry.
Not only do you have to lock down the systems used by the employees, you have to restrict which applications can be run.
Specifically things like any outside mail service, web browsing (except to company provided intranet and internet sites) must be curtailed. Why, you ask? Because customer personally identifiable information often resides within applications being run simultaneously with their web browser. A well conceived hack could potentially read memory locations to extract information from the currently running programs. They could even get a dump of everything in memory, store it locally and peruse it in their free time.
Running applications like external web based Instant Messengers and web mail clients open the corporation up to liability risks that could bankrupt them.
So, whoever this, imo, galactically stupid CIO is who made this statement, I hope to God he doesn't work for my company.
Who is general failure, and why is he reading my hard drive?
True story, I called up Microsoft, they wanted to register my xbox, I said, no. They said but we have to, I said no. Long story short they finally said ok, but still took a little information. They didn't solve my problem, at the end of the call I was annoyed but I wanted to check on this. I ask the supervisor "I want to make sure my xbox was not registered" "oh well, it was I can't help you with that" After bitching and screaming I got the following facts out of them.
No one is able to delete my entry.
The IT department does not accept calls.
The legal department doesn't have a phone number and apparently doesn't respond to email (found out after two attempts at corrospondance with them)
The database doesn't have a way for them to delete my entry at all.
I'm wrong for thinking it does
There's no one above her, she's the highest level of support I can reach.
This is coming from someone who has a thick indian accent, the first service representative has one too so we got the stink of outsourcing as well. The moral of this story is the intellegent user is just a boob you can lie to and tell them that the business doesn't allow you access to what they want access to as long as everyone is on the same page. Unfortunatly I work at a company that does business with microsoft (and the games department in particular) and I'm not willing to risk my employement and future employment by taking them to court, however even if I was who knows if I'd win.
From the posts in this thread, one gets the impression that there are rather a lot of places where IT people and other employees are locked in a state of permanent warfare, or at best uneasily living together in mutual disdain.
The curious thing is that rather a lot of IT people seem smugly satisfied with this. They are confident that they have everything "locked down" and that nothing can go wrong as long as they don't allow the users to do anything important -- whatever that means.
To me this seems the ultimate in IT nerdiness. It gets pretty close to programmers who exclaim that they "didn't change anything" when their product suddenly starts to misbehave -- only applied to people, who are even more unpredictable than even the most chaotic software product.
The reality is that if people hate you, they will find a way to subvert your systems, and IT won't know. People are resourceful. I strongly believe that a security system that is not supported by the people who have to live with it, will be valueless in the long run. People are your major threat and your strongest vulnerability, but potentially they are also your best line of defense. A serious outside attack is not unlikely to have a strong social engineering aspect to it.
I've met IT technicians who blithely assumed that outsiders could never guess an internal password, because their systems strictly limited the number of login retries and required frequent password changes. It never occurred to them that someone might entice out a password by putting on a lab coat and looking official, that people are rather stimulated to write down passwords if they have to change them too often and any mistake brings about a clash with IT, or that the use of incremental suffixes permits any outsider to predict the new passwords years in the future. They sought refuge in strict IT rules, but their psychology (and their logic) was all wrong.
Apparently, there is this curious notion in some places that IT is about managing machines. Curious, because any engineer in another field could tell the IT staff that a big part of effective support is dealing with people, their needs, expectations, and perceptions. An IT group that is just busying itself with keeping the hardware and software in a good state and not positively interacting with and educating users, is an IT group that is failing in its job.
Of course it is much easier to concentrate on the machinery and ignore or crush the users. Machines are far more predictable and easier to work with, and sadly a lot of IT people are still conforming to stereotype and not blessed with great social skills. But at the end of the day they should watch out for their own interest --- there is no future in being a glorified window(s) cleaner.
I wonder how many employees have been fired for running 733t utilities like NetHack.
My job carries a small support role in addition to systems admin and project work, and the users who know "too much" aren't the problem. In my experience they're the best ones to deal with. The users who know nothing are more tricky since explaining things in their terms can be complicated, but not anything to worry about.
The problem is the users who have confidence with computers but don't know what they're doing. These guys are the worst, they'll experience a problem and attack it on all fronts with limited knowledge. By the time they've called up support they've already tried several avenues of attack with no result and it's sometimes impossible to work out the mess they've left behind while not realising the true root of the problem.
I dread these users. They'll unplug and repatch and hard reset and swap their hardware for other incompatible hardware around the office, they'll meddle with printer settings until they've tried every combination of options without remembering the originals, they'll tinker with anything and everything that we haven't locked down like the public shared areas for their office, even download weird and dangerous software from the net.
When they finally swallow their pride and call support they'll be absolutely livid that they haven't managed to work it out and accuse our network of having broken or spout some completely irrelevant garbage they read on a troubleshooting forum when really their account is locked or they deleted/moved a file linked to the Access database they're working on or something along those lines. Usually this results in us having to spend an hour on the phone to them reverting all the changes they made, or simply reghost the machine.
I don't see any obvious solution to these guys beyond total and absolute lockdown, which isn't feasible as dealing with silly things like adding printers or setting application options would make first level support's workload much too high - often these things can't be locked down anyway.
If users are getting to be more knowledgable then the IT team then the IT team is under skilled. Either replace them, or train them. If the security model requires more freedom than a call center and privileges are being abused then put in auditing, find the abusers and weed them out. Of the organization. On to the street. If the security model does not have to be that lax and is. Fire the CIO and as much of his team as you can and replace with a competant IT staff. The article isn't really aimed to these components, its more pointing out that top down authority structures generally fail to properly support the workers. And thats fine, if you run an IT shop and you don't have a system that manages upwards with the client being the priority you're doomed to failure. The shadow IT system that is written off will pop up to fill a niche that you are failing to cover. Which is how it should be. Too easy. Next!
Any IT department that fears its users are learning too much is a goddamn shitty IT department. Seriously.
I'm an IT guy.. at an engineering firm. Pretty much everyone here is a 'computer guru' by todays' standards. So, for about 100 employees, the three of us 'IT guys' get to spend most of our time doing real engineering, programming, HMI design, drafting, etc. Our job is made much easier since we can give users full administrative control over their own computers/laptops (necessary in engineering anyway). We just 'lay down the law' in terms of what users are allowed to install and uninstall and we never have to take away privileges from people that know what they're doing.
So, for years, the entire network and seven servers is managed as a 1-10hour/week job for one of our three 'IT guys.' We secure the network and the servers.. and we don't even bother to secure the servers per user - we just have them making tons and tons of backups so if a user does remove/move files that are important, we just replace them with backed up copies from whatever date we want.
Having a smart userbase allows a 'smarter' IT dept. to spend less time on IT unless the IT dept. is a bunch of bumbling idiots who find it hard to stay ahead of the curve. It's really nice not to have users that need help just because they cannot map a drive.. or because they cannot install a different version of Industrial Software X because it is incompatible with Industrial Software Y.
--- We need more Ron Paul!
Why did you give them your information if you didn't want it to be registered? Why do you even care?
1982 called. They wanted to tell you that some people now have PCs and aren't using the mainframe like they're supposed to.
Be sure to let Jimbo Wales know he's an idiot for doing it that way.
Yeah, because the consequences of a random edit living for an hour are so dire compared to leaving credit card numbers on a public server.
"We returned the General to El Salvador, or maybe Guatemala, it's difficult to tell from 10,000 feet"
The inherent tendency of the IT department to want to crack down and control technology that it doesn't supply should be resisted at all costs
Whoa there! Now that's just crazy talk! Sit down son and rest a spell, you've been out in the sun too long.
Don't blame me, I didn't vote for either of them!
Now if IT was always competent and resolved my issues in a timely fashion, I could live with what they do. Unfortunately, this is not usually the case because they have their hands full with the big ticket items like keeping Oracle and Exchange running. So, I have to do my own stuff and run my own little LAN with systems that they'd better not know about. The setup is no different from what I'd run at home.
thegodmovie.com - watch it
I'd kill for users who knew what they were talking about. Or at least maim something.
It's a balancing act. There has to be room for change, but there also has to be the potential for 100% control over the corporate assets. Have a very large pile of pre-screened work-related and generally useful software that users can click on to install from the local server, and they'll be less likely to try and install something random. Allow developers full access to their workstations, as long as they're sandboxed, subnetted, the traffic to normal parts of the network and internet is ultra-eyeballed for potential problems, and the devs are aware that IT's responsibility for their workstations extends to hardware faults and reimaging the disk.
In our 25,000-user organisation, we had a very nice rule for pushy users - if you want something that badly, write up a business case for it. We'll make sure it gets to whoever's in charge of the relevant area, and they can make a decision on whether to deny it or implement it on a corporate basis. The BC didn't need to be anything fancy, just a couple of paragraphs on the pros and cons of the proposed change. There was even a template. Funnily enough, 99% of users didn't feel strongly enough about their "need" to write a couple of hundred words. And yes, occasionally a request would get implemented - but in a controlled, supported and homogeneous manner, with full docs.
In the current place, there's something similar with hardware. You can request any hardware you like. Anything. But the request is going to go to your supervisor to co-sign, and then to a high-up in the IT Finance area to authorize. So if you want your own Cray on your desk, you better be able to convince your boss and a senior beancounter that you need it. On the other hand, standard hardware items (including complete laptops and workstations) don't need the Finance seal of approval - if a request has a supervisor's co-sign on it, it's shipped and set up that same day.
Make it ridiculously easy to request standard, pre-approved items. Make it difficult, but not impossible, to request other stuff. Make two levels of support available - full corporate-approved, funded, backed and designed, and "You're on your own Jimmy, better hope you know what you're doing."
And there have been requests that make it to the top. New software and hardware has been rolled out. New configs have been put in place. Holes have been punched in the firewall, IM clients have been installed. The developers have 95% freedom in their own little domain. It's fairly easy to request that USB ports be unlocked for your userID, but the request stays on file and the security rule sits in the requester's account where it sticks out like a sore thumb. Corporate screensavers can't be changed, but desktop backgrounds can. Some rules cover more than just IT - for example, having lots of naughty pictures can get a person fired whether they're on a workstation screen or in magazines in a desk drawer.
It's a balance.
"Sometimes my job requires me to limit the amount you can play today to make sure you can play tomorrow."
If people want something and I can find a safe way to pull it off I will be glad to set it up if I can. If someone has a software suggestion I will look at it until I know why I want to support it or object to it. I keep all kinds of log files, just in case, there have been a few times when being able to show someone how they spend their time on a computer has shut them up about something dumb. Courtesy when dealing with users, the knowledgable ones, the not knowledgable ones and the malicious pain in the ass ones and keeping the values of the BOFH close to my heart make a nice balance. :)
I have no idea how I could pull this off in a larger company environment with a lot more stupid users. Probably non admin accounts, mysterious problems on computers where users had admin access to their computers until they no longer had it, Deep Freeze and more BOFH tactics.
HAHAHAHAHAHAAAAAAAAAAAAAAAAAAAAaaaaaaaaaaaaaaaaaaa hahahahahahahaha!!! Whoever wrote this is a total dumb ass. So, sally rotten crotch knows how to upload music on their iDevice, or knows how to login to a website, or can stick a USB memory stick into her peecee and put documents on it... BFD! First of all, that does not an IT person make, and second of all, I will begin to worry when they can tell me how to optimize an MSSQL database, or how to tweak settings on an IBM Regatta to optimize processor usage with Lotus Notes, or... I suppose you get it. People seem to think if you know how to reboot a machine, or set your own proxy settings in your web browser, that you are an Instant IT person... Get a fucking life! I have spent the better part of 18 fucking years learning and teaching what I know. If there is a user who can do my job, come get the muther fucker!!!
"My immediate reaction is "WTF? What kind of moron doesn't make things 64-bit safe to begin with?" Linus
I'm looking forward to the day IT departments being a thing of the past like the milkman.
I heard a few weeks ago the university of phoenix got emails accounts for the whole student body for free.
google mail.
- these are not the droids you are looking for -
that people might respect your opinion more if you didn't call them "bitches" before they even get to the content of your message?
Which segues into the point of end-user attitude. Essentially I think it comes down to the question: "If you screw up your computer with 3rd party software are you going to blame me or yourself when something doesn't work right?" If they say me, they're getting sandboxed. Otherwise they can do what they want as long as it's not negatively affecting other people or against company policy. If they know they only have themselves to blame when they lose data when we have to reimage their machine, or are without computer for a day or two, they'll be a lot more careful.
The sending of this message pretty much inconveniences everyone involved.
"There is content on there that my department needs, yet other departsments hsould NOT be seeing."
Ahhh. I see.
IT is the least of your company's problems. Think about what you've written.
The user who knows what they know and knows what they don't is fine with me. I really do like the person who can handle the 98% problems. It's the individual who knows something and thinks this makes them a god that bothers me. Some occupations in the field are prone to this. Insecure Phd's and insecure developers are two examples. The first because they have a chip and the second because yes they know things from the program aspect but they don't understand that trouble shooting a network has nothing to do with troubleshooting an app and aren't secure enough to admit what they don't know.
In an app what happened is immediately obvious (retval=0 not 1) and usually points to a specific location in the code, then you need to figure out why the code produced an undesired result. Why something happened is the #1 question to ask.
In electronics/networking this is reversed. Determining what happened is the hard part. "My internet won't boot" isn't what happened. It's the result of what happened, yes, but not what happened. What happened is that when I clicked the icon for Fx, this didn't work because the log said it couldn't launch the Fx binary, this didn't work because the binary is corrupted, this happened because we had a power hit yesterday and the company doesn't have desktops on an UPS. Quite often once you find out exactly what happened. The why becomes increasingly obvious. In this case the why is a power outage. Finding out why it won't work (power outage) won't help until you know what happened.
Realize too that I know by giving an example 1000's of trolls will attack this simplified example claiming that this proves I'm wrong. So the example is given as an explanation not as a proof. The proof is left for the intelligent to ascertain and the foolish to ignore.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
They want responsive, not productive. Our responsive to their "needs" will not make them more "productive."
qz
Hi.
Welcome to 2007 where people spend so much time at work that they have to use company time and facilities to engage in personal tasks. The economy is doing well enough that knowledge workers don't have to put up with draconian bullshit that you profess and will find another more tolerant employer.
Listening to music only during breaks? No IM'ing? Checking stock quotes for only 30 minutes out of the work day? Are you out of your god damned mind? This kind of anal-retentive policy doens't even fly at banks.
Mac OS X and Windows XP working side by side to fight back the night.
I am NOT paid to care what users want. I am paid to do what my manager(s) want. My managers want the company's PCs to work the way the IT department intended. If the PCs don't work as designed help desk tickets get logged. If too many tickets get logged, attention comes MY way. If I get too much negative attention, I am out of a job. Life is simple at the bottom of the heap. Users get to use their workstations as the company intends them to be used, not as they want. No streaming media. No MP3s on the servers, no software not approved by the IT department.
I am not a BOFH, I am a cog in a great, souless machine. Its a living.
Here will be an old abusing of God's patience and the king's English.
the referenced article does seem too heavily weighted to the chaos, unmanaged, unlocked down side of things, but it makes some good points. Obviously, security is a big issue and necessitates that some things be locked down. However, remember that the original purpose of technology is to increase productivity. For some reason, the issues involved made me think about what would be like to have a teenage daughter. If i let her come and go and she pleases with anyone she pleases, it's not reasonable for me to be shocked if she winds up pregnant with a wife-beater and STDs. If i were to insist on abstinence under these circumstances, i would be wasting my breath. On the other end of the spectrum, i never let her out of the house or restrict her freedom too much, she'll likely runaway with said wife-beater, get pregnant, contract STDs and a drug addiction. Letting her date, but having the boy come in to pick her up, knowing what their plans are, and setting a decent curfew hour based on those plans seems like the balanced approach...along with a good discussion about the dangers of sex and wisdom of condoms.
i also found the article enlightening with respect to the US's involvement in the middle-east. think about it...
Nah, that's BS.
I do IT in an organization of very tech savvy people. The users aren't tech people exactly, but they know what they are doing.
We have a VERY locked down environment, and IMO that's good. Due to our setup, a user's workstation is just a piece of machinery which can be replaced for whatever reason: it's not a necessary thing, and they can work the exact same way from any machine. If their HD dies... so what? They want to work from home, or at a client, or on the other side of the world? No problem at all!
Personalized computers are for idiots, and it encourages playing. Nobody there is paid to tinker with computers, or their OS, or their UI. They are there to get work done. When you can only do things one way, love it or leave it, that means you focus on working, not 'tweaking', not 'fixing'. Also, if they need tech support, the help desk doesn't have to spend ten minutes figuring out how to do things on a "personalized" workstation.
Lock it down. Lock it ALL down, and just watch the ROI roll in, the support expenses plummet, and the productivity go through the roof.
The wonderful client server apps that companies like McKesson dump on those foolish enough to buy them. Need upgrades? 4k users need local admin rights. Wonder why some PC's end up w/ 4 versions of AOL installed on them? There was a "valued" tech who's sole purpose seemed to be ratting out users who had screen savers enabled. PC's run by interns and spawn of management seem to get ignored tho. A "data security" dept that focused not on securing the network, but on tracking what data the peons were seeing & reading their email. Too many Pointy Haired Bosses spoil the software soup.
I'm not disagreeing (or even arguing with you) in the slightest ... I'm not really qualified to comment. My point was more that people at the "low end of the totem pole" can really make your life as a mid-level cube monkey a living hell, if you abuse them. At a place I used to work, I knew a guy who was particularly abrasive to employees he perceived to be his 'subordinates,' particularly the office staff. The strangest things used to happen to him -- his conference room reservations always got "lost," his mail got delivered late or mangled, the lights in his cubicle were permanently out, his trash didn't get emptied, etc. -- I guess he just had bad luck. Or something.
Every time I've switched companies, the two groups of people I've always tried to make sure I was on good terms with, were the guys in the mail room, and the secretarial and physical plant staff. The number of times that it's paid off, in terms of making some bureaucratic nightmare just disappear, or work out just that much easier, I can't even tell you. It's the difference between, if I bring down a package that needs to go out in today's mail at 3:02PM, getting told "I'm sorry, you've missed it for the day," and "Sure, I can toss that in for you." The first isn't exactly outright sabotage, but it's what some other people I know would probably get down there.
If I was the guy who had to tell the secretaries that they couldn't bring iPods into work anymore, I'd probably start working from home.
"Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
I'll be the first to admit that I was scared shitless when one of the users on my office network asked me if he could use Hamachi. I had to explain, very carefully and respectfully, why something that would circumvent our firewall and all of our network security would be a Bad Thing.
I've found that people who are slightly computer savvy will often have a very reductionist view of programming and technology. Because they have a simplistic understanding of the technology, they will assume that any problems or solutions involving that technology will be equally simple. When you explain that these systems are actually pretty complex and involve things that they don't understand, it's important to be very careful. People are often insecure about their computer knowledge, and may interpret your explanation as condescending even when you are making the best effort to be respectful and kind. If nothing else, they may feel disempowered when they find out that their simple solutions are potentially harmful, and that they actually do need experts around to take care of things.
I'm obviously not a lawyer, but Sec 802/1520 of the Sarbanes-Oxley Act only seems to apply to corporate communications directly relating to an audit. I can find no part of it which presents a legal requirement that an IM containing "Hey Bob, want to go out for lunch?", or even communication about the normal conduct of business must be recorded.
Can you clarify which section you think presents this requirement?
I may not have the background some of the previous posters on here do, but over the years I have learned to classify users into categories A, B & C when interacting with them.
Class A: Users who know their stuff. They're tech-savvy, trustworthy, but most importantly know their limitations. When they have a problem, they will fix it themselves if they KNOW exactly how to fix it, if not, they will call the helpdesk and explain symptons, suspected cause, any diagnosis steps they have taken and anything else that may help.
Class C: Users who are IT-Phobic. Anything goes even slightly wrong and they call the helpdesk. They never touch anything they haven't had at least a month's intensive training on (and for some individuals, this includes equipment as simple to use as a photocopier)! these users are hard work, but ultimately harmless as they will never have the confidence to fiddle with anything that could screw things up for others. As an example, I once had to educate a user who couldn't work out why his printer wasn't printing after adding paper (I had to explain, whilst holding back tears of laughter, that the wrapper needs to be removed from the ream of paper before putting it in the drawer!).
Class B: These are the grey area of users who have an interest in IT, like to fiddle, refuse to read a manual and when their fiddling to correct a problem they've encountered does make things worse, when they finally admit defeat and call the helpdesk, they deny fiddling at all and cause the Techs no end of grief looking over their shoulders and saying things like "shouldn't you be doing it this way?..." because that's the way they've seen someone do something different in the past and they don't understand the same fix won't correct all possible bugs.
Needless to say, I rather like the Class A's, and Class B's can be OK once you've gotten over the frustration of telling them everything about two-dozen times. Class B users, however, are dangerous and it is for these people that a lot of IT departments have to lock down machines and audit on a regular basis. Class A's won't install what they aren't supposed to, and Class C's wouldn't know how/dare to try.
Having said this, I think the whole point of the article may have been to remind us all that even from a security and lockdown point of view, "an idiot-proof system is no match for a system-proof idiot"!
I do sympathise with a lot of the middle managers, etc. who are trying to circumvent IT depts because IT are just blindly saying NO without analysing the request for new software. I have a background in IT, but don't currently work in an IT department. At the moment, I am in a sort of hybrid position where I am (unofficially) supporting the front-line users I work with and am utilised as a point of contact with the IT department as I can re-word requests in a common language and can translate and identify bulls#1t when IT use it in their responses. Unfortunately, rather than seeing me as an ally, I am seen by the IT department as an enemy!
Just my $0.03 (At current exchange rates, my £0.02 is worth more than your $0.02)
Simple, if I couldn't hook up my iPod I wouldn't have been able to acquire a copy of Windows XP, Office and other stuff. It sure was nice of them to have a drive that was left mapped on the system w/ the cd images. (gotta love the corporate licenses)
Thumb drives are frowned upon as they can be used for piracy but iPODs are just harmless music players.
You don't get to choose to shut it down.
It doesn't matter how comfortable you feel that you've completely locked things down. Unless you hire a person for each computer you have to stand behind it and watch over people's shoulders while they're tapping away on their keyboard, they will find ways to do things that you don't know about and probably wouldn't like very much if you did.
I think it's pretty funny that you seem to be archetype that the article talks about: The IT manager who jumps through a billion hoops locking things down, who smugly sits back comfortably thinking that they've got it all under control because they've completely removed any way for users to customize their computing experience. The users are intimidated by you, and that makes you happy. But when they need to get something done that's not allowed by you, what you think happens and what actually happens are two completely different things.
You think that they simply give up and go their merry way, because Travoltus would have a conniption if they tried anything novel with their workstation. What actually happens is they go behind your back to other people who can help them get their job done. Their geek buddy, their daughter who knows computers, their co-worker who managed to sneak something by you, etc. This is what the "Shadow IT" is, and again, because you still don't seem to understand this: There is nothing you can do to shut it down. It's not a matter of whether or not it exists, it's a matter of whether or not you're able to see it.
Please, for the love of god (and your customers), read the article, this time without your hands securely covering your eyes. It's actually quite insightful and tells you how to keep people from even wanting to resort to using their "Shadow IT" (the only measure of control you have over it) and provide better service to your customers, not worse.
/doesn't have much hope that you actually will...
/doesn't really care...
In this current age of everyone being connected at their homes/cars/offices, security will be an increasingly uphill battle. The biggest threat to security is always the loose nut behind the keyboard ;)
However, it does bring up some interesting points. For years now, the trend has been toward increasing powerful desktops that run stand-alone, but communicate as a collective. The problem now is that since more and more folks are familiar/comfortable with machines, they tend to get more "creative" and daring on what they attempt to do at work. As IT costs continue to rise on a per-seat basis for the hardware and support, and the constant cost of revamping security measures - it's a wonder why we haven't gone 'back to the primitive". We started with the dumb terminal and mainframe... why not revisit the old friend?
Thin nets are, in my opinion, a very viable solution to these beasts of machines we have to keep running. With the wealth of available switches and communications technology (which has become rather inexpensive for their capabilities, as compared with a few years ago), there is no real reason a company couldn't introduce terminal environments. Now, that's not to say there wouldn't be design challenges and needs for some high-powered stations to exist for specific business needs - but 90% of a persons work day consists of checking email, checking/writing documents, reading websites and running proprietary applications. Most of the big apps, like Oracle, are accessible via web interfaces - all the work load is being done outside of the users desktop anyway. Why not take it one step further and move the bulk of all processing power to the server side. Cheap to maintain, MUCH easier to secure... and a few high end servers in a grid layout would be very resilient to failure.
Now, cutting down the need for hands and feet would of course lead to some unemployed folks...so the ideas are not without impact But, overall...there are more pro's than con's to using a centralized computing model for many reasons vs. our current standard of wide distribution. /discuss
One of the underlying issues in the article is that home and office are merging. If an employee ends up spending 3 or 4 hours on the weekend working at home and has to check their email before going to bed, then it's no surprise they get used to the toys and tools they have at home. If you want people to stop checking their gmail at work, start by having them stop checking their work mail at home.
I have worked several different sides of IT in both official and unofficial capacities, and I've got my share of stories and opinions to chip in.
First up, restrictive policies. I once was working as a networking tech in a poorly manned facility with extraordinarily harsh usage policies. Sites ranging from slashdot through msnbc were blocked (although FoxNews was allowed - go figure), there was no IM, no web based email, nobody could install software without submitting a written request signed in triplicate to us. We were loathed. Not that we cared. In the shop, we set up a "test" gaming network and plugged it in on the far side of the firewall and proxy. We had unlimited internet, chat, and webmail. We had starcraft running 24/7. Management looked the other way because of the reliability of our locked down network. After seeing how much leeway can be had by an intelligent IT staff in this environment, I can't blame users for getting pissed when they can't even look at a decent news site, much less emails from family.
My second story comes as a regular user for the same organization (but different location) after I transferred (voluntarily) out of IT. I was responsible for designing a training exercise for 150 personnel and rapidly grew frustrated with the number of blocked sites that interfered with necessary research and even purchasing. Each blocked site I wished to visit required a separate "request for access" form signed by myself, my super, and my department chief along with a statement describing in detail why I needed to access the site, what alternatives I had tried, and why the alternatives didn't work. The request would then be upchanneled to IT for consideration and after about a week, I might have the access I needed. Needless to say this was a PITA, especially when these sites were stumbled upon during a search and I wasn't entirely familiar with their contents. It wasn't long until my super and department chief were tired of all the delays and, being familiar with my former IT role, asked me to just "make it work". Over the next few weeks, work was completed extraordinarily rapidly through SSH tunnels, anonymizers, and the like. IT was thrilled to have less paperwork and my bosses loved to see work finally getting done. Then we hit another roadblock.
This time we needed to modify a large image of an aerial chart. Photoshop was an authorized program, but was deemed "too expensive" by the bean counters. Being familiar with GIMP, I submitted a request for installation to the IT department. Three weeks later, it was shot down because "legal wasn't comfortable with open licenses." To accomplish my mission, I was required to break my personal rule and use my personal laptop to modify the image. The training went off without a hitch, but I was seen with my laptop by some VIP and received the requisite lecture on "personal v. work time." Again, my sympathies lie with the user rather than an extraordinarily unhelpful IT staff.
I have other tales, but all of them have led me to the same conclusion: Either IT loosens restrictions and develops a good rapport with the average user in which everyone's needs can be met; or the user will wage war on IT through the "ask forgiveness, not permission" axiom which ultimately gets the user in hot water and gives IT far more work. In the end the driving force of a user is to accomplish their task/mission. IT and IT policy should be a tool, not an impediment.
He who would be a man, must be a nonconformist. -- Emerson
So what happened after you reported the permissions problem?
I would assume it was fixed. Also, if your department *needs* your data, wouldn't they also need it to be secure, or maybe backed up? Or available if your PC fails? IT does have a purpose. The fact you can't see that purpose is not an indication that it doesn't exist. Maybe you will see when your hard drive fails.
If you data is so critical, so valuable (i.e. likely to be stolen), or able to be compromised by a USB thumb-drive, then maybe you shouldn't be using PCs at all. A thin client might be what you need.
...then nobody gets any credit for implementing it.
:)
IT has a lot of backwards incentives like this. For instance, I worked as a freelance application developer for a number of years, and have dozens of custom apps out there that just work. The only time I make any money off them is if something breaks, or they need a modification...which is extremely rare, because apparently I did a pretty good job building the apps.
I can't in good conscience sell a 'service agreeement', as there is really nothing to service. Meanwhile, I have other clients running poorly designed and implemented vertical apps from other vendors, paying them fat monthly service fees because the darn thing breaks all the time, and they know they are screwed without the vendor to kick it back into some semblance of working order. Yet the monthly fee is just low enought that the customer won't pop for a custom app.
Sysadmins have a similar problem...if you aren't running around like the building is on fire, management assumes you don't do anything, and strangles your salary until you quit and they hire some numbnuts at half your pay. This person will look brilliant as they coast on your infrastructure...for a couple years until the whole thing falls apart. By that time they have forgotten who you are or what you did, so nobody ever learns from the debacle. They'll hire another young, bright person for cheap, and repeat the cycle once the system is running optimally again.
If I had a bit of charlatan in me, I could probably make gobs of money. Unfortunately my intellectual gifts came along with an inablity to lie convincingly. Therefore, I've decided to leave IT for the Indians and Chineese, as their limited alternatives make it an attractive career option....it's no longer a viable career in the US. Don't get sucked in. It's a dead end.
Yes, I'm still bitter...but I'm getting over it
http://en.wikipedia.org/wiki/Psychopathy
Sounds like you have good morale where you work
This is the type of attitude that gets us into the game of "If I rename the extension to .rar then I can send you this critical document you've been needing!" Then .rar files are blocked the next day. Then you zip the rar and it gets through again. The war escalates forever.
I've found that a ROT13 of a UUEncoded file inserts nicely into emails, and seems to get through all current scanning, including the major Anti-virus software scanners. Of course, recipients need to be technologically literate enough to figure out how to ROT13 and UUdecode. =)
ortva 644 UNAQ.gkg
12&%I92!N(&LV8I4@9&%L+@X_
`
raq
//Information does not want to be free; it wants to breed.
Highly amusing...
"We're looking at ways of removing local Admin access from Devs, but I'm not sure we'll be able to pull it off without legitimately getting in their way. And being that I'm a former developer, I do make sure their pains are felt in our discussions =-)"
Compartilization. The developers get what they need, BUT it's isolated at the border with everything else in the company. If someone messes up, the damage is confined to their domain.
That article can kiss my rear end. I've read it several times and the author would be right if they were talking about any other workplace, but like I told you once already, it's business suicide in a financial or even medical data center.
.txt files which are in fact monitored (and will be monitored even more like a hawk in the future by the IT interns we're going to be bringing in this summer).
Yes, I am that boogeyman the article talks about. And I'm utterly unapologetic about it. A financial data center like the one I manage has to be 150,000% locked down.
And yes, I am a manager who walks the floor and looks over people's shoulders, and yes, I can and have stopped "Shadow IT". No, you're wrong, don't bother repeating yourself. I dare you to try and bring on that "Shadow IT" in a financial data center where
a) You can't even enter the building proper except in a uniform, and you can't sneak anything in;
b) Your computer is diskless and boots up remotely over the read-only network with an IP address assigned by MAC address;
c) You have no shell access and only the ability to fire up customer relations management apps and things like a calculator and gnome notepad;
d) Internet access is totally blocked, and you have limited intranet access, limited to in-house IM and storage of
Shadow IT that. Hacka, please.
For my customers' sake, you most certainly cannot create a "Shadow IT" in this network. And there is absolutely, positively no reason whatsoever for a financial data center to be any less locked down than this.
In the future, after a few more major breaches, you can pretty much expect this to become a standard for financial services.
--- Grow a pair, liberals... stop letting the Republicans bully you!
No, it wasn't fixed. Yes, I would prefere backups automatic, instead of making copies myself. The problem is not that I do not see the need, the problem is that it is not possible according to my IT department.
I ask for a secure place and secure backups and they are unable to give it to me. That is why I am afraid. That I am able to understand (and with the right rights) and do what they can not.
Don't fight for your country, if your country does not fight for you.
The BSA? The people who want to come in, find stuff on your computer, and fine you?
You do tell them to go elsewhere, don't you?
They are not government.
There's no law that I know of giving them any authority.
They are just private investigators that have to ask to see your stuff, and you have to grant them permission.
Nothing -- nothing that I know of -- gives them any right to demand it.
And if they think you have something, they still have to go and show enough proof to a judge. "They won't let us inspect, they must be hiding something" isn't valid.
Besides, why would you let some third party that doesn't follow your privacy standards look at machines with private data?
Next time the BSA knocks, tell them "Go Away". They have no legal authority. They are like the "Night Watchmen", from when Sherridan told them that they were civilian authorities with no military authority, and were operating outside the chain of command.
Just say "No".
Just say "Am I required to?". "No". "Good-bye".