Managing Personal Electronics and Software In the Workplace

darien writes "Last night Symantec hosted a round-table discussion on the topic of consumer devices in the workplace. John Brigden, Symantec's senior VP for EMEA, pointed out that regardless of the policies businesses may lay down, individuals will always try to use their favorite gadgets and websites at work. Reminds me of when I worked in IT support: no matter how many times we told users they weren't allowed to install ICQ, or to connect their personal laptops to the corporate network, they insisted on doing it. Frequently they even asked us to help them do it."

Mostly the fault of IT

[Kohath]

When IT doesn't serve the users, the users have to be their own IT. Users are bad at it and it causes problems.

The answer is to stop saying NO when users ask for reasonable (non-harmful) things. Help the users instead of trying to make your own job easier.

Solution: Give them a VM

[scorp1us]

Just give them VMPlayer and a XP/SP3 image that is only like 5 gigs and they can install whatever they want.

Then lock down the the company machine.

If something goes wrong with the VM, just give them a new one. Sorry, but there is no support other than that. If they lose stuff in the VM, then that's not your problem.

It's time to get tough

[jonnyj]

We're already there in the UK Financial Services industry. Earlier this year, the FSA (our financial regulator) issued a report on best practice that, amongst other things, recommends that

• organisations should work on the assumption that staff do not know what the firm's policies and procedfures are
• staff handling customer data should not be allowed to have mobile phones or personal belongings at their desks
• staff should not have access to external email or the internet unless there is a genuine business need
• all USB ports should be disabled so that only approved, encrypted devices will work

If you're in the industry and doing less, expect regulatory sanctions if anything goes wrong. It's time to get tough on slack security.

Re:Fire them!

[2names]

If your IT staff members are a bunch of jackholes, then they need to be replaced. I am an IT manager (worked my way up through the IT ranks) and I simply do not tolerate my staff acting the way you describe in your post. The people we support are the reason we are here and they need to be treated with dignity. I also do not tolerate people we support berating my staff. There is absolutley no reason that IT workers and the people they support need to be at odds. One cause of this that I have personally witnessed is, for example, many IT workers can not understand why the marketing guy needs to have ICQ. Well, you know what? That is between the marketing guy and his boss. If the software has been approved by a user's manager, then install the software and support it as best you can. We have processed requests from managers asking that their reports have access to gaming sites over lunch. The boss wants you to be able to play games? No problem. Here's your access. If you have any problems, let me know and I will try to fix it.

There doesn't need to be this rift between IT staff and the people they support, the two groups need to work together. At least, that's what my group does.

Embrace, don't extinguish

[darkpixel2k]

no matter how many times we told users they weren't allowed to install ICQ, or to connect their personal laptops to the corporate network, they insisted on doing it.

We're not assholes about IT like you are apparently. We tell them "sure, bring in your personal laptops". The switches run 802.1x. If your computer hasn't been issued a certificate, you get an internet-only connection which blocks outbound SMTP, and monitors your traffic with SNORT. If it appears you have a virus or are passing bad traffic, you get blocked.