Slashdot Mirror

← Back to Stories (view on slashdot.org)

IT Departments Fear Growing Expertise of Users

Posted by kdawson on from the illusion-of-control dept.

flatfilsoc recommends a long article in CIO magazine on users who know too much and the IT leaders who fear them. Dubbing the universe of consumer technology the "shadow IT department," the article highlights the extent to which the boundary between users' workplace and home have broken down. It notes the increasing clash — familiar to anyone who works in a company with an IT department — between users' home-grown productivity boosters and IT's mandate to protect corporate data. The inherent tendency of the IT department to want to crack down and control technology that it doesn't supply should be resisted at all costs, according to CIO. The article outlines strategies for co-existence. It just might persuade some desperate CIO somewhere not to embark on a career-limiting path of decreeing against gmail and IM.

11 of 499 comments (clear)

  1. All in one page by Hokie06 · · Score: 2, Informative

    http://www.cio.com/archive/021507/fea_user_mgmt.ht ml?action=print

    --
    Kilroy was here.
  2. Sometimes it "has to fit" by winkydink · · Score: 4, Informative

    whether you like it or not.

    In the US, Sarbanes-Oxley places some strict requirements on data retention for publicly-traded companies. Employees choosing to use IM and gmail, could cause those requirements to be circumvented.

    --

    "I'd rather be a lightning rod than a seismometer." -Ken Kesey

    1. Re:Sometimes it "has to fit" by LurkerXXX · · Score: 4, Informative

      This is why the clever IT guy who doesn't want to get blamed for limiting user, as in the blurb, should bring in the corporate lawyers to lay down the law. This way it isn't the good IT director who wants to supply any needed technology, but the lawyer cracking down on things that could get the company in hot soup.

    2. Re:Sometimes it "has to fit" by Chazmyrr · · Score: 2, Informative

      It's a legal requirement, not a security requirement. If a company falls under SOX and they allow their employees to communicate electronically at work without recording and storing those communications, the company is breaking the law.

      It's a whole lot easier and less expensive to just block access to external email or IM than it is to monitor and record them.

  3. Interesting article... by Psmylie · · Score: 2, Informative
    But wrong on a few counts. There are so many reasons to keep things locked down. Data security is the main one. There is also support issues, regulatory issues, etc. For example... traders don't get to use IM where I work. Know why? Because the SEC wants to be able to pull records of all financial instructions, and our traders wanted to send trade instructions to each other via IM. We had no way at that time to record IM's, and no way to confirm that an IM was actually read by the person it was sent to in a timely manner.

    This is kind of interesting, from the article:

    "When you find that people have broken rules, the best thing to do is try to figure out why and to learn from it."

    Sorry, no. When you find out that people have broken the rules, you write them up or you fire them, depending on the severity of the situation. What if the rule that was broken was someone carting around an unencrypted "backup" of a customer database on a thumbdrive, which he lost? Where I work, that's three major rules broken right there. If that happened, that person would be fired immediately.

    Corporations aren't stupid. Hidebound, maybe, and slow to change, but if something is forbidden, there is usually a really good reason for it. Also, IT does not run the company, in most cases. Follow the chain of command up high enough, and you'll find IT's bosses. If you have a tool that you need or want, then petition for change. Don't do an end-run around the guys that are trying to keep you working, you're only going to hamstring yourself in the end.

    The major problem is, people are making their decisions based on commercials or salesmen that promise an easy, 100% reliable solution to an existing problem. Then they run to IT to complain when the product doesn't perform the way it was supposed to. This makes extra work for an IT department that is probably already overworked. You want to play with toys, play with them on your own gear, not the corporate gear.

    That said, a wise CIO is going to pay attention to what the employees say they need to find out:

    a): If they really need it

    b): If there isn't something better or already in-house that can fill that need

    c): Is it safe to use, and what are the support requirements.

    The important thing then is to tell the end user, No, you can't have that because of: ___, and give them an actual reason, instead of just telling them "against policy"

    --

    psmylie's dictionary: Godzillion (noun) Any number large enough to destroy Tokyo

  4. Re:"Cheap" support by Jhon · · Score: 2, Informative

    If a user screws up a machine, slap the standard install image back on and try try again.


    And if the "screwed up" machine was infected with a malware which keylogged and/or sent information (such as client personal information/transaction records/ssns/ccard numbers) or perhaps medical records to some PC in Denmark BEFORE you restored from that image?
  5. Re:Yeah, what he said.... by yuna49 · · Score: 4, Informative

    One of my clients is a community health center. We're looking into the Linux Terminal Server Project http://www.ltsp.org/ for precisely the reason that meeting HIPAA requirements for privacy and security is nearly impossible unless we can centrally control what's running on the workstations. In the next hardware tranche we're looking to go diskless with no CD writers and no USB support for mass-storage devices.

    Having only one, centrally managed, desktop image has a lot of appeal as well!

  6. Re:My personal nemesis... by Anonymous Coward · · Score: 1, Informative

    Honestly? IT is a stop-over station for most competent people. You start your career there, and if you are good at it, you either go the business suit path, the software development path, or the hardcore-badass consultant path. The people who stick around as day-to-day IT staff are the ones not good enough to do anything else.

    That's why it takes so long to find competent technical people within an IT organization. The good ones have moved up, while the mediocre ones stick around. You may find a low level admin with some level of clue, but chances are he won't be there for long.

  7. Re:Yeah, what he said.... by Jhon · · Score: 3, Informative

    Print Screen -> jpg -> IPOD HD.

    Cut/Paste from APP -> text File -> IPOD HD.

    Scan

    You've obviously never worked with state/federal payors who are cracking down on fraud. Not only from the entity making the claim for service, but forcing the entity making the claim to police their own CLIENTS for fraud. There are volumes of various types of regulations and procedures that CAP/CLIA/Medi require and we are regularly inspected for compliance.

    Sucks to be in IT in the medical field sometimes.

  8. Re:It's called "physical security". by rsborg · · Score: 3, Informative

    Locking down the PC so that the receptionist cannot move data to his/her iPod would also, logically, prevent the iPod from doing anything that s/he would want it to do.
    This is not true. The receptionist should be using his/her PC/Mac at HOME to load the iPod with *her* music. No interaction between the mp3 player and the workstation/laptop is necessary. The iPod still plays songs/video as it should, but without interacting with the work computer.
    --
    Make sure everyone's vote counts: Verified Voting
  9. Re:Yeah, what he said.... by markov_chain · · Score: 3, Informative

    It would be much easier to use a digital camera.

    --
    Tsunami -- You can't bring a good wave down!