Slashdot Mirror
Why IT Needs To Change for Gen Z
An anonymous reader writes "Staff will routinely be bringing their own devices to work in five years time, according to IT industry experts in the UK. Some companies might already allow a few iPhones and iPads, but CIOs and businesses are not only going to have to support a general influx of consumer kits — they're going to need to get a whole lot more relaxed in general. 'Big businesses are going to have to become more flexible about how IT is provisioned and managed — to enable a new generation of workers who use consumer technologies to communicate and be productive.'"
Staff will routinely be bringing their own devices to work in five years time, according to IT industry experts in the UK
Not where I work. Seriously, a *LOT* would have to change - like a move away from Windows networks, and that's not going to happen (sorry).
If you want news from today, you have to come back tomorrow.
More like gen y have a shock comming and will have to change the way they behave at work.
NOW gert orf my lawn!
I'm all for flexibility, but allowing unmanageable, unsecurable, unmonitorable devices like the iPhone (Android isn't much better, Phone 7 is better but still a big step back from WM6), that IT departments will somehow have to support every time they go wrong because they're "being used for work" is simply unworkable.
Does the writer of the summary actually work? An iPhone is just a phone. On my floor alone, I think there are dozens of people with iPhones (myself included). No network needs to change, either you're on 3G or Edge ... What does this have to do with the company?
Bringing in non-managed hardware would be a security and support nightmare.
its one thing allowing a personal phone to hit your email server, ( since connecting to them often means you get some control, such as remote wipe and its no worse than offering webaccess to mail ) but its a far different issue letting people bring in their personal computers and expect to have them on the network.
No thanks.
---- Booth was a patriot ----
Well, while I'm in charge, they can bring them alright but they can't plug them or use them for anything work related. Won't there be a capacity for company issued devices in five years time?
I can see plenty of motive to force the workers to pay for their own work stations. You can simply fort up the servers and dump the headache of dealing with the &*^%$# programmers and their work stations. The data entry and administrative systems will still be locked down and controlled; but, all the others will have to fend for themselves.
It SHOULD come down to a simple business decision.
Is the advantage of adding those devices going to bring in more revenue than the extra effort and lost/compromised data is going to cost?
You are welcome to bring in your equipment, and use it. I put time, effort and expense into protecting the company assets from harm, including that which may come from your random equipment on our network, accessing our data. Yes, it takes more (time/effort/expense) to work with your random equipment than it would to just lock you out and threaten you with $punishment when you try to use stuff. That is ok. We have adapted.
Now when your stuff doesn't work, or you cant figure out how to do something with it... that is not my problem. You want your own gear -it's your gear.
"You want to know how to help your kids? Leave them the fuck alone." -George Carlin
Sorry, no matter what the generation, they should not be allowed to bring more attack vectors and security vulnerabilities in to the workplace.
They are not special snowflakes, and their personal devices are not necessary for productivity.
Businesses where mobile devices are useful and helpful should already have their infrastructures designed to handle it, so again Gen Z will make no difference.
It doesn't matter what generation anyone belongs to -- you'll do things the way the employer wants them done, or you won't be employed.
Now, are there some new technologies that are in common use in the consumer market that can be used effectively in the business environment? Probably, yes. And businesses will use them if it makes sense in their environment. But they won't use them because the pouty-faced punks with their newly-minted college degrees will throw a hissy-fit if the boss doesn't let them use their personal gadgets.
Business don't give a damn about their current employees, let alone potential future employees. You'll do as you're told if you want the money... and eating is such an addictive hobby.
Of course, young people just might start up their own businesses where everyone can stay focused on their iWhatevers all day, and if it's better than the old businesses than the young folks will win. I wouldn't put my money in their stock, though.
This will not happen in the US outside of some niche industries. Companies have too much legal exposure to take the risk some porn site malware is logging credit card info from all the customers the support people helped today.
I don't know the laws in the UK, but I suspect the same would apply.
Isolate their connectivity and treat them same way you handle connections from the internet. There's your security done. Get management approval that personal devices are the owner's problem. There's your support done.
On top of that, while everybody wants free wifi on their phone to waste away company time with, many balk at having to use something they paid for to do company work. Get enough complainers whining about why the company doesn't provide them what they need to do their job, and this whole "problem" mostly goes away.
If you can't handle being told no you should go live in your moms basement and steal her wifi. Until the police arrest her for child pornography.
as long as they also bring their own networks too? The policy should be that personal devices cannot connect to the company network, period.
Same thing happened with regular cell phones. Companies used to monitor employee phone time and long distance. Now employees have a phone in their pocket on their own network, which never touches the company network. Same thing will happen with data devices.
1st page: Kids want to use their computers/gadgets at work.
2nd page: These kids are clueless as to how IT really works and unemployable.
Most companies don't allow employee devices on the network for perfectly good reasons: to protect their IP and keep malware off their network. Everyone needs to stop worrying about mollycoddling these whining Gen-Z types and teach them to live in the real world.
Big businesses are going to have to become more flexible about how IT is provisioned and managed.
At my job (where I work in the IT department), if they need a device to do their job they're more than welcome, and even encouraged, to ask their director to fund it for them, in which case we'll be happy to provide them with a device we can control on our corporate network that allows them to do the job they were hired for. If they need it to do their job properly, we'll make sure they get it. No need to use their own personal (and potentially insecure and uncontrolled on our network) device they paid for themselves.
If they simply want to use their personal device because they want to or think it's cool and trendy, even though the device we provide them with does everything they need to perform the job we hired them to do.... too bad, sorry.
How are you doing that?
I spend a lot of time locking out systems because I cannot tell the difference between your legitimate connection and your machine being used by some cracker who was running a key logger on your home machine.
How do you handle it?
When I hear people saying "the next big thing" is people bringing in their own devices, my first reaction is that those people are assuming that using their personal devices will be "better", because they won't be locked-down the way managed IT hardware is. But I don't see how that's significantly different or better than just giving employees admin/root access to their own machines. At least with the latter, the devices aren't going back and forth between the (hopefully) firewalled/proxied corporate environment and the wild west of their home network.
What I think is more likely is that aside from limited access (email, maybe web browsing), the criteria for bringing their own devices in will be so onerous that they would rather have separate devices after all, rather than accept the new limitations on using their personal devices. After all, if it were cost-effective to support unmanaged systems, business IT would already be run that way.
"...always new atoms but always doing the same dance, remembering what the dance was yesterday." -Richard Feynman
... I have no problem with allowing employees to use their personal devices at work. If the rest of the executive team wants excessive network downtime, no viable way to maintain data security and a compromised network, who am I to argue with them? This sounds like a great way to easily justify doubling my budget and staff too. What's not to like?
Most of the comments before this one are a good example of the attitude of your average IT person toward this whole "personal equipment" thing.
Me, I work at a different company, where we decided to treat employees like responsible adults. We make sure people know how to secure their equipment and, if they want (and usually they do), we do it for them. If they want supported equipment, they choose between a wide selection of equipment choices (desktop/laptop, pc/mac/linux); if they want to be responsible for their own equipment, they can go and buy (and then expense) whatever equipment they want. I'm using an HTC Thunderbolt that I went to Verizon to purchase, then expensed, and then told the company to take over the contract (I could have simply expensed the contract on a monthly basis, but I'm lazy).
It's seemed to work pretty well for us, with no noticeable virus outbreaks. It supports that whole "our employees are our biggest asset" stuff that most companies just spout but never believe. In fact, it really comes down to that point -- IT people (much like HR people, BTW) mostly consider employees threat vectors, rather than colleagues. Here? It's the other way. And it seems to work pretty well.
Because "gen Z" is even thicker than "gen Y"?
Yes, companies are way too uptight about security. After all, it's not like there have been a lot of breakins or anything.
BTW what comes after "Gen Z"? Oh. Wait. The Rapture was yesterday. Nevermind.
Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
some of this is from cost cutting other from old hardware / slow to get stuff needed.
As some people will / departments will buy there own Ram and other hardware then wait for stuff they need under the official way / budget. Some departments even setup there own testing severs / hardware.
programmers like to have there own tools and IDE's.
marketing departments tend to use macs or pc with stuff like Photoshop and no a basic low end office pc is not a good fit for that kind of work.
Some people Abuse hardware just to get new / better / faster systems and some times they need to do so they can get there job done.
So the way I see it is management needs to give the hardware that is needed for the job and departments should pay the IT department the cost of the hardware for the stuff that department needs and let IT take care of it or setup it where IT can tell workers who want to use there own stuff what you should buy and say we may it pay part or all of the cost of it (if you can say way it's need for the job).
There are down and up to doing both ways.
There aren't any "internal customers" because the concept of "customer" contains the element of "choice". If you don't like the service, you go to a different vendor. Internal departments do NOT have that option.
The implication being that those "new workers" will be worth the additional considerations. I'm sure you can find enough skilled workers who do not demand that you support their personal electronics.
As can be said with most fads and bubbles. The question isn't whether it will be happening but whether it will be a new requirement. Or will it happen and then fade as the security issues become evident?
Who cares about the software? It's the data that is important?
It's about the data, not the software.
Losing credit card info is a problem.
Getting Excel running on your phone is not an issue.
That depends upon the situation. Do you have read-only access via a secured web site?
What does he REALLY want to accomplish?
He is the CEO. But that just means that he is the CEO.
You can always find a new job.
It's easier to find a new job while you're still working.
Rather than AFTER you're fired because the company hits the papers for losing credit card info because of how you put a hole into your security for the CEO.
And you know that it will be YOU who is fired first and blamed for not keeping the place secure enough.
Seriously, these ones have no great insight - they're merely guessing. But what they're guessing is what will make a good story in 2011, not what will happen in years to come - when their guesses have been forgotten, superceeded, revived, altered, discredited and forgotten again. They have no great insight, or knowledge of what's to come and are really only useful for entertainment - such as posting equally ignorant replies to.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
I think we've had this already when people/organizations went from mainframes to PCs. I think the people in charge of IT came up with similar arguments.
I am system administrator on my work laptop, but this is something most people will not be able to handle. If any kind of personal data is on these machines, they need to be secured far beyond what a normal user can do. In some industries, e.g. banking, using you own machine will still be completely out of the question. I predict that with the additional data breaches that are to be expected for the near future, most people will instead of on their own devices work on company devices that are even more locked down than today and that putting company data on personal devices without explicit permission will not only be reason for immediate termination but also a hefty contractual penalty in many workplaces.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
A bunch of coddled, entitled, whining pieces of shit. I don't care how special every told you you were growing up, you're not and you're going to use the same computers and software everyone else does. IT spends a lot of time and effort coming up with a standard configuration that's stable and secure. Suck it up and use it or find a new job.
I work in IT security and I have been told in no uncertain terms what my job is by upper management.
They don't want to find themselves having to put something in the notes to the financials that our trade secrets have leaked, or that our competitors no our costs. They don't want to be embarrassed and have to apologize for leaking customer data. We are a manufacturing company we sell tools to professionals they expect us to be professions as well as look it. Management does not want to look like Sony.
I don't get off on saying "no" to people. I really don't but if I let a device be connected to the network I have to be able to know DLP policies are being followed. That means I probably have to have more control over your toys than you want me to have, or you have to settle less than great experiences. No you can't read e-mail on your IPhone APP, you can use Citrix to read it in Notes via your IPhone, and yes that probably is to painful to be worth while. We can't afford a large cached copy of your mail file to be sitting on a device you might lose which *may* be recoverable by its next possessor.
Your personal laptop, certainly if you let me put our full disk encryption software on it, and our endpoint policy enforcement tools and only IT Security gets root. You won't like that though, and I know it. Trouble is I don't have better solutions.
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
The business has to change? Love the name by the way. Generation Z is brilliant. Just add 2 more ZZ's. How about the generation ZZZ has to grow up? No young people of any generation were ever trusted with anything until they earned the trust. This generation is no different.
Any guest worker system is indistinguishable from indentured servitude.
they might have a place where I work. However they are not. See Apple has this one major problem. If the iOs device has an invalid password for a network it was previously connected to it will not prompt the user for the correct password, it will simply keep attempting to connect which in most shops locks out the account. This has caused a great amount of grief with the network people where they now simply tell people - no support. Please buy an Android device or Blackberry to get your mail and/or access the network. Supposedly Apple has a fix scheduled for 4q 2012.
So while gen Z might want their fad devices and similar in the work place it will require manufactures to have their heads somewhere else other than up their own butts. It will also require laws to change in some areas because I have been in jobs were removable media was not permitted, nor cell phones, nor cameras. I seriously doubt Gen Z will get a new rule set.
* Winners compare their achievements to their goals, losers compare theirs to that of others.
Except that violations of that kind are usually dealt with via fines or losing your compliance certification (which requires that you go through the process again after a certain time).
Which can both be translated into MONEY.
Yep. And again, that usually translated into a fine (MONEY) or loss of certification (MONEY).
Exactly. You don't see other employees "fixing" the locks on the doors, do you? Hey, it's easier for me if they're keyed the same as my house key. No problem, right?
Not to mention the implied requirement that every single employee doing that have the same (or higher) education/experience as the dedicated IT department. How many people out there don't even know that their machines are zombies?
Exactly. And if someone steals their iPhone which just happens to contain a copy of the customer database including credit card info ... that's even more MONEY that has to be spend in fines and PR and lost customers.
Personally, I don't see any way that using personal electronics for work can generate more revenue than it can cost.
Maybe I'll be wrong in the future. We'll have to wait and see.
Big businesses are going to have to become more flexible about how IT is provisioned and managed...
That's been true for years and it still isn't happening. Most companies don't even have their network segmented to make that possible. If they were working toward that end, they'd be separating the data from the network and isolating critical systems. It's not happening in many places I've seen.
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
IT exists to enable the business, not to dictate terms or restrict it. At present the basic corporate dynamic is a largely computer-ignorant upper management that can't be arsed to stay up to speed on the basic IT environment, so they blindly delegate the power and authority to the sysadmins, and IT gets to (largely) set policy and tell the office employees what they can and can not do.
As basic IT competency becomes progressively more and more of a requirement to get anything done (for work or at home), the user base is becoming more educated, and more irritated at the "priesthood" attitude of the IT department. Give it a generation - or less - and upper management will be dictating terms to IT instead of living in fear of the Beige Box, blindly accepting whatever The High Priest Of The Beige Box tells them.
You've got to love how every article like this out there assumes Generation Z has any clue about technology. Most of the younger (10-20) people I know have less of an idea about what technology is (let alone how to operate it) than I did when I was 5. If external devices are allowed on your network, you are going to be compromised.
"People don't want to learn linux" hasn't been a valid excuse since '03.
At one of my old workplaces, they provided lockers to the call center folk because all their phones had cameras. They were to put their phones/cameras/ipods in the lockers before they were allowed in to the general building where they could finally be allowed to use the company provided computers. Bringing a camera on site wasn't just grounds for firing; the company would sue you (to get access to your electronic devices to determine if you used them on site).
ie, Gen Z needs to learn that they don't get to bring every new tech they own to work. I don't get to bring a railgun or a fog machine. If an iphone is essential to company productivity, the company will provide one. If *your* iPhone is essential to company productivity, then the company will buy it from you, wipe it, set appropriate app-store settings, then give it back to you.
Wake up!
You are a cost center.
You exist only to enable productive people to produce more efficiently.
You aren't in charge of anything.
You work for us.
Continue to annoy us and you will be replaced.
Just like the guy in the tool room that used to guard the pin gauges and the hammers like he owned them.
And the facilities guy who refused to add a 30 Amp circuit or run a Nitrogen line.
The IT support model that treats everyone like a serf doing word processing is over.
The design engineers need nonstandard hardware to do modeling. They might even need multiple computers.
In fact every individual user has specific and unusual needs that they understand better than you do.
And it's Not your call. Make it happen or go extinct. Computers aren't a new special thing anymore.
Many of us users understand every aspect of your network as well or better than you do,
we just have better things to do.
Things that are central to the business and make money.
Hey, this is your turf, and I understand that change is hard, and that you need to grumble, bitch, rant, whatever.
get it all out. It won't change anything though.
On company time. Who are sitting in HR signing out with staff ready to help them carry their boxes of personal belongings to car. Oh no no no, I don't think so.
Have a dual network. One wired to a desktop that's secure and then a WiFi system for the mobile devices that's open to the Internet and institute some serious penalties for screwing it up. Then let the chips fall where they may on the "open" side.
No one ever had to evacuate a city because the solar panels broke!
how many I phones do you think that people bring into an office on any given day. network staff let them in because one day the CEO complains about not being able to update his linked-in status from his iphone and the practice of letting people connect anything to the network spreads to the rest of the company. it is a generally overlooked part of network security and it is only a matter of time before black hats utilize it as a vector of attack. mobile devices have to be thought of as a rouge laptop or server on your network because at the end of the day they are all the same. just a computer.
We manage this in academia just fine.
Exactly. And when the reporters come calling for quotes about how the crackers got the credit card numbers from us, it will NOT be the CEO who is fired for the security failure.
Not exactly. Someone else who CLAIMS that they can do it will be hired. What do I care? They'll be the one fired when the reporters come calling.
There will ALWAYS be SOMEONE who will claim to be able to do the impossible.
Remember that, people. The company will NOT waste a single moment firing you if it will protect the CEO. You don't owe the company a single moment of loyalty.
Do your job.
Collect your pay.
Advise them as best you can.
Move on when the situation calls for it.
IT people are the guys who keep the baddies out of the COMPANY network, the one that you want to connect all your little toys to. They're the ones who are charged with producing the most stuff from the least money, which requires common standards so they don't have to spend hours or days trying to work out why some manager didn't/couldn't read the 1-page of instructions with his/her latest trinket and set it up wrong.
The point is, we all work for the shareholders and they don't care if you want to use your latest little phone to access stuff. They want the lowest cost of operation, the fewest number of lawsuits for data loss and data thefts and they don't want different individuals craching their company on a daily basis just so they can show off some new status symbol.
politicians are like babies' nappies: they should both be changed regularly and for the same reasons
We are locked down. Gen Z looks like they'll have to post on facebook and twitter at their parent's place where they will be living still unemployed.
What a dumb article, does that person know what a real company looks like?
Frankly, I hope Gen Z do shake up the corporate IT departments of this world and make them step up their game.
I've only been working for 13 years in corporate environments and all of them seem to think that it's acceptable to give someone a 10 year old operating system, a 10 year old browser and an 8 year old office suite on a piece of hardware that is barely portable, should have been retired a long time ago and takes 15 minutes to start up and shut-down thanks to all the security software loaded onto it.
Oh yes, and then you get your laptop back and they've forgotten to include the piece of software that caused you to raise the ticket in the first place.
On top of that, you have an IT helpdesk who send staff out to resolve issues with software that they've appeared to have never actually even started up and you end up with this wonderful situation where any issue is "resolved" by use re-imaging as a catch-all for all problems. That is assuming that they don't automatically close the ticket after 2 days for you ("Sorry? You still have the problem? Oh you better raise a new ticket then") because they want to meet their SLA.
It's great that /. is full of shit hot people that know their stuff and, frankly, I'd love to work with them - because, you know, out here in the real world we get email administrators who remove a bunch of IP address from a whitelist (without prior notice or warning) and end up preventing us from emailing some of our clients, the same who added swear word filtering to our email that was not only broken but managed to destroy the original email in your sent items so you can't just re-send it with the naughty bits removed, the server team who accidentally decommissioned the wrong box and took down a demo platform two days before it was going to be used in a sales pitch and the security team who decided to change the computer policy so that you cannot use an ethernet cable to connect to anything but the company LAN on the grounds of security (so if you're in a place with no WiFi but a perfectly good LAN, well, you're screwed) or the internal products team who rolled out a new intranet that still doesn't work properly with IE6 and doesn't in the slightest with the corporate blackberries....
Incompetence isn't confined to the rest of the business you know.
You people act like only one network is possible; so that any devices brought in must have their risk evaluated.
So what are the media faggots going to call the next generation. Gen NEXT has already been taken and trademarked (by pepsi i think). They could double up on the number and call it Gen AA, or something. Personally, I think we should move over to the Arabic alphabet. The next generation should henceforth be called gen Alif.
-The question of faggotry is the most important question, and deserves the utmost attention from society. Is something gay, or is it not gay. This needs to be decided.
-Nietzsche.
If you work in higher education enterprise environment this is already a reality. If you think that you may be pushed to this in the corporate environment than I suggest you look at higher ed and the challenges faced there.
I love these kinds of stories because the comments are always so damn fun. I love IT wackos trying to defend their lazy positions while spending paid company time reading and posting on Slashdot.
I wish IT could go back to the Electrical Engineers that created it and the drive to do cool things, not the drive to justify yourself. You should want to help others do cool things.
I guess it's the difference between an oil change mechanic and a hot rodder who builds custom cars.
I've been bringing monitors, keyboards, mice, hard disks, memory to work for over 10 years. - Being an impatient nerd means I really don't care if work won't pay for me to have some nice hardware, if I'm on a machine for 8 hours+ a day, I want a nice big monitor, fast PC and comfortable equipment. I just installed an SSD at work recently, put the work supplied hard disk in a drawer labelled 'property of XYZ' - my SSD in the PC is labelled 'property of me' If I ever leave I assume I'll have to 0 out the drive but that's really not going to upset me.
"Corporate liability." If an individual will buy the insurance to cover placing their device on my network, fine. Until then, our contracts (insurance and with clients) simply do not allow consumer devices on the network.
We don't allow wifi either. Contracts speak volumes.
Productivity is not the only consideration.
My observation has been in the last 5 years security has become tighter and that there has been increased security. I use to be able to plug in my own laptop most places I worked. No longer. I use to be able to use social network sites and external email. Not for a few years now. Everything is getting locked down from SVN repositories to databases. Development environments including. Even developers are losing admin access on their own machines. If anything this trend is accelerating. I don't know what the person writing the article is smoking.
These posts express my own personal views, not those of my employer
MAC switch security, VLANs, captive portals, and a well-planned firewall goes a very long way towards idiot management. Very handy in nabbing who exactly is the idiot, too (including ourselves, if we fail to plan well).
...with "Generation Z" college students that we hire as summer interns. So far, our answer to personal devices is a pretty firm "no." They can check company email via the web interface from any internet-connected device, which is by far our most lenient security policy. Personal devices can join our guest WiFi network if they like (password changes every week), and any and all machines need to be in our asset database to join the LAN or connect up via VPN.
So far, they are fine with it. Well, OK, they bitch about it, but they like making money better than fighting for use of their personal devices.
:q!
So the question here seems to be:
What is the generation that comes after Generation Z?
The idea is silly at it's face. Provided you are properly equipping your staff there's no benefit in allowing people to bring their silly phone into the building. But the negatives are many fold.
If you aren't properly equipping their staff, you likely don't have the talent, equipment or software to integrate such devices safely. What I fear happening is that businesses that ARE highly qualified to pull something like this off, Google for example, will do so... and will have great results... there will be an article in Money magazine... and then all the idiots that run all the businesses that do not have the proper infrastructure to handle such a move will read about it and implement it to disastrous results which will lead to a backlash in security like "NO PHONES IN THE BUILDING PERIOD"
We are issuing certificates to personal devices and using SAML authentication to allow access to critical applications from the internet. We figure there will be no 'internal' network eventually everything will be done from the cloud. I can see this for sales type people who only need to work with some applications, but for those of us who own these applications it might be a bit more difficult.
Microsoft aggravates my tourettes syndrome.
The whole Gen thing was silly by Y, and Z is right out. We need a new naming scheme...
" .... CIOs should buckle up and brace themselves for a future .... " ... the onslaught of costs to defend your systems, viruses/troyans/malware interrupting work-flow, costs of looking after people cause they cant connect although you have given them a fool proof set of instructions, stealing of IP ... you name it its all there for the taking.
Brace alright
I have a wifi, but that sits in front of the firewall (as in the internet site) so they can connect there laptops but they need to use the VPN and the phones can use it too.
to code or not to code, that is the question.
There will ALWAYS be someone who will claim to be able to do it.
Don't waste time fighting them on that.
You will lose.
BUT! You will still be held responsible when the systems are cracked.
Find a new job where management isn't looking for magical snake oil and go work there.
Exactly. The guy peddling the magical snake oil will be sure that HE isn't the one blamed when HIS "solution" fails.
For everyone else, do you really want to work in a company where technology decisions are based upon fantasies?
And where responsibility falls depending upon who is leading which clique that has influence with which executive?
I don't. When politics becomes the product, it is time to leave.
Let me just put a word in here from a DoD employee: the government gets this, and says it's okay for smartphones (even with cameras!), just don't bring them into sensitive areas. The policy is different from place to place, but I have to say that if the *government* gets this, then it's basically over and private industry should adapt or die. Of course, where I work, we have very technical people, people who know the value of having a general purpose computer in their pocket; in decades of yore, you would have found them carrying HP and TI calculators, and if you told them they couldn't bring them in "due to security", you'd be looking for a new employee real quick.
Nathan's blog
Good IT guys are ones who understand that security cannot come at the price of productivity. Like everything else in life, there's a balance. Unfortunately, most IT guys aren't very good. In fact, I'd say that, for the bulk of the companies I've worked for, IT is right up there with HR in terms of the amount of UNproductivity they're responsible for.
I've been in IT for a decade and a half now, so definitely not a newcomer, and I never cease to be amazed at the old guard who believe in the firm, crushing grip of "old testament" IT security.
IT's role in a modern organization isn't to present barriers or obstacles to new things (ie. reasons why we shouldn't) but solutions to the technological problems the organization faces (ie. ways we can achieve it).
All this blather in the comments about insecure Windows networks and users introducing more attack vectors is just practicing avoidance. Gen Z has entered the workforce. They are more IT aware and savvy than any other generation before them - even the ones who aren't in IT. If an organization wants to become an employer of choice, the differentiator isn't just the salaries they pay - it's the complete package, including the working conditions they offer.
Here's what I don't get - why aren't more IT departments leading the charge here? I'm (with my boss' help) pushing very hard for BYOT. Not only will I get to use my MBP, iPhone and iPad to work more effectively (and in a way that suits me), but I'm also going to get shiny new toys to play with (Aruba AmigoPod anyone?).
IT should be seeing this as an absolute Godsend - an actual, for real, business imperative to buy new stuff, as well as support from the top for a new security policy that covers all those items you couldn't get off the ground in the past.
The beard-strokers can stay at home, and make way for those that have a future.
In five years time, I'd expect people to go back to the way things ran in the 80's, only far nicer and more graphical.
Use my own computer, at home, connect to the office network, get the equivalent of a virtual desktop of a virtual "work computer" ... do work.
Why the heck would I, as a developer, database administrator, whatever, need to be in the physical office? It's 2011, right now I wonder why I go to my office in KC, when I'm either working on web apps being deployed to our hosting facility in California or am troubleshooting accounting issues on our Citrix farm somewhere on the east coast ... I don't even know what state the farm is housed in, I don't need to, it's a computer on the net, why would I even care?
I think the only reason I go to the office now is because the baby boomer bosses like to walk around the halls once a week and see people at their desks ...
"Flame away, I wear asbestos underwear"
Cloud software and services will enable this to happen. The companies that may have trouble with the Gen Z is the companies that do not move to the cloud.
Among some of my clients, it's already the case that many employees spend vast segments of the workday tweeting their buddies, updating facebook pages, re-writing their linkedin profiles, playing online games. etc.
I guess that's what you get when expect people to be responsible.
This is probably obvious to most readers here, but I have seen more then enough of large companies to know how much they dislike and fear change, and how they want to maintain their petty control to the detriment of everyone else. If this had happened 10 years ago, we wouldn't have needed Google, as there would be a number of companies with similar styles competiting with each other. Now we have two types of portable devices, Apple and Other. On computers we have Apple, Microsoft, and Other. On concoles we have Nintendo, Sony, and Microsoft.
Google / Android / Linux are doing well, but if more companies had realized this sooner, we could have a dozen companies in each field. Hell, Microsoft might even have gotten stamped out, rather then being the bane of computer geeks the world over.
Business is not going to tolerate smartphones which are slaves of the phone provider and tell them everything. That's why Blackberry is so successful. You can have your own Blackberry server with crypto between your server and your employees' phones. Crypto for which no external provider has the keys.
There are companies that let you bring your phones into the building? I had hear of such places...
I bet you have internet access and radios at your desks too!
didn't think anything was weird about being able to connect my laptop to the company network...
jacks0n may have been overly harsh, but he makes a good point. A friend of mine was in a certain air force, and his officer once addressed the group. Paraphrased, he said that their only job is to deliver missiles, and if you're not delivering missiles you better be making it easier for somebody to do that. IT is the same: your job is to enable by default, and disable only when you absolutely must. Now, when it's your job to answer for breaches, everything looks like a threat, yet while that's an understandable and useful frame of mind, it needs to be balanced with getting real work (remember, delivering missiles) done efficiently. Safety standards are useful, but there's a reason combat aircraft turn off anti-collision lights on missions.
In this case, I don't see portable electronics going away. In fact, I see them become more powerful, more highly-personal, and more popular, so IT Departments would be wise to find a way to keep them useful without compromising too much in security. Calling them "toys" or "whiz-bang gadgets" is a rather poor attitude for a geek who's supposed to see their uses better than the unwashed masses.
In my experience the biggest problem with corporate IT is risk aversion. Process is a substitute for trusted personnel, because it is hard to have the latter in a large organization, and it is easy to have the former.
If there is a massive security breach, the head of IT is likely to get fired over it (or maybe somebody one level down/etc). However, just about anybody in IT is capable of leaving open a door that would allow such a breach. So, there are tons of rules to try to prevent this, and tons of checks to make sure the rules are followed. Of course, a security breach is just one thing that can get messed up, and there are a million other bad things that can happen, and a bunch of rules to go along with each of them.
In a smaller company you hire people you trust, and actually invest in them. Sadly, that seems to be something lacking in most corporate IT departments. If you can't trust your employees, then you try to control them instead. It sort-of works, but it tends to prevent anything good from happening in the same way that it tends to prevent anything bad from happening. Mostly it is about having somebody else to blame when an underling turns out to be fallible.
Ah Yes, the ever so smart IT staff. Kinda like the Oracle dba, at my site who after being repeatedly warned by us "stoopid inguneers" that HR database was world readable to the outside world, had a "small" problem with personal data being released to the world. No us "stoopid inguneers" are not only trying to do our jobs, but keeping on top of the identity theft that resulted.Seems that the "inguneerin inturds" all have more understanding of security than the IT staff and refuse to connect their laptops running OpenSolaris/Linux because the network the IT staff installed at a cost of $5mil had so many security holes they did't dare risk problems with their own tools. Maybe you mean the highly qualified IT staff at a local university who decided to upgrade BlackBoard during finals week and had a "small" problem when the upgrade wiped out all the student final exams taken on Blackboard during finals week and deleted faculty gradebooks. The idiot CIO actually had the brass balls to "demand" that the students retake the final exams.
You give the person a Civic to drive. It's quiet, sedate, cheap, and boring.
You don't want a delivery employee playing Formula 1 while on the job. It makes them, late for deliveries because they get targeted by the cops and pulled over for driving a sports car (see "Ticket for LOOKING fast")
Their antics cause a crash and hurt someone? Lawsuit.
They crash the car on company time, they (and their insurance) expect the company to pay out for repair/replacement. Repairs on a Maserati cost more than BUYING a new Civic.
At the heart, this is about control of one's network.
If I say a device doesn't get on the network, it doesn't get on. Period.
Chas - The one, the only.
THANK GOD!!!
I've recently started at a government agency that has a lot of personal health information (think HIPPA). Connecting an authorized device to the non-guest networks (wired and WiFi) is a firing offense. End of story.
Most companies are not this strict, but the first SOx or PCI problem at any organization that affects the bottom line will cause the hammer to fall. If the Gen Z folks (and I was born in the late '70s) don't like that, tough.
Gen Z needs to get over it! The whiny-asses need to leave all of their stuff at home, and get used to using employer-proveded devices at work and to only using such devices for employer-approved tasks. That is the definition of work! I have used computers on the job, but only for what my employer provided the computer for. If I had tried to do anything else, or install anything, I would have been fired, as would be proper.
Waste time on facebook, twitter etc...on your own time!!
So, we're in the middle of a recession, and recent college graduates are going months without getting job offers, but somehow employers "need" to change for them? There seems to be quite a bit of disconnect from our present-day economic realities.
It's those low rungs on the IT ladder - those jobs that have gone offshore," said e-skills UK's Lux. As a result, she said the organisation is focusing on initiatives aimed at fostering "project-based learning" skills, so a new generation of tech workers can gain broader skills and plug into the UK IT job market as project managers.
Yep, make them all managers...because we all know the local the battle hardened industry veterans at the company are just as eager to take orders from the "new kid" as the off-shore team is...Riiiiight.
1. Not all organizations have the same security needs
2. For many people there aren't neat lines between work life and personal life
3. Turning this into a turf war doesn't do anyone any good.
I hope item 1 is self explanatory. There are places where I'd certainly hope that any type of personal device would be barred from connecting to the network. By the same token, there are organizations where it may not be nearly as important.
As far as item 2 goes my life isn't easily separated into work and personal. I'm sure I'm not alone. Policy at work is that company provided mobile phones cannot be used to make personal calls. They'll look the other way if it's a matter of a phone call here and there. Further a company mobile phone can be taken from me at any time. My calls can be tracked. Any data on the phone, no matter how personal, is available to them any time they want it. A calendar on my phone that only has my work schedule on it isn't adequate, but do I really want to have my marriage counseling appointments on there too?
Given that reality with a company provided mobile phone, who can blame an employee for wanting to use their own phone instead? As much as we IT folks see allowing personal phones to access our networks and house corporate data as a huge security risk, we have to understand that the desire to do so has a lot of legitimacy. Turning it into a turf war and just saying "No" isn't going to be good enough, even if we are certain it's in the company's best interest.
Far too often we in IT treat our users in a condescending manner and we move too slow. I overheard a sysadmin guy tell one of our Mac developers that he wouldn't get admin access to his own machine because we had to "protect him from himself". That's pretty much a direct quote. Never mind that the developer in question is far more qualified at configuring and maintaining a Mac than anyone on our sysadmin staff is. It's also very frustrating for staff to wait days or weeks for IT to get around to something that they themselves could take care of in a few minutes. So again, just saying "No" isn't good enough. Reasonable alternatives have to be considered and creative solutions are needed.
1. Partition the internal network, 99% of any intranet is plain jane no problems... 1% is business critical and needs to be locked up.
2. Use remote access to virtual desktops and apps to access the 1%; do not allow the data to sit on remote devices (even desk tops in the office)
--------------------------------------------- "In the end, we're all just water and old stars."
bring my own devices to work. I am a developer. The platform for a developer is Linux. I use Linux on my laptop and IT is generally clueless about it. If somebody tries to lock the distro I'll use a different one. While it's Linux and I have the physical device I will always control it. Nobody can stop me.
Now, what happened where I work is that we migrated all internal e-mail and calendar to Google. Google docs are also in place. Makes it easy to work from your own device. Of course things are moving in that direction. All that "anti-virus locked down" crap is being left behind.
At one of the company I worked for where we had very strict security (and armed guards) they first tried to impose policy, and it did not work, as you point out manager/sales rep were trying to play the privilege cards.
So they made a slight change : one of the desk at the entry was cleaned, and one of the guard from the external security firm was given a stack of formular and people which wanted to bring their toy/USB/whatever , the guard made a toroughful description of the toy, and asked the person to sign a disclaimer which said in big black font (paraphrased) "you are responsible for any loss, any liability, any virus, any legal repercussion, any credit card breach which could happen during your visit" and "it will be your responsibility at your own cost to provide foreinsic evidence that you had no responsibility in the breach".
Nobody, even when the CEO visited, signed the formular (who would?), and nobody ever tried to bypass the guard. Who would ?
Why this is for real is that, this change is coming from upper management. When CIO prefers to use his iPad and MacBook instead of standard corporate devices, IT staff has to find a way to support them. And then also other employees can bring them to work.
I swear 30% of the responses I see talk about CEOs as borderline-psychopathic bullies who won't ever take no for an answer - and anyone who even tries to refuse a demand is escorted out the door before they've even finished saying the word "no".
Thing is, I don't believe I've ever known such a person to run a company. I've worked under at least one such little hitler (who was a middle manager), but IME those at the top know full well that they don't know everything, that delegation means you have to trust your staff to make sensible decisions and sometimes stop you from doing something silly.
In real world there are hidden agendas too. Kickbacks to an IT from software and hardware vendors are elephants in a room, speaking figuratively.
This the important part of an IT's motivation in every decision or policy.
Wow. Look, this is such a great challenge. When both sides of an argument have such strong feelings, in diametrically opposed directions, surely there's a chance to do some good in the world? It can't be that both sides are so wrong.
I mean, you IT folks are right: you keep the company network secure. And that's really hard, and also no-one really understands that it's hard, and you get the blame if it goes wrong. But, you know, if your company dictated what kind of paper you had to use, and you couldn't use your own, and when it ran out you couldn't write anything until Ink Technology had got you some more, and it only came in green; and you could only write on it with a Microsoft Pen, which you hated -- you'd be mad too, whether that was necessary for security or not. And you'd find a way round it, just like the users do.
So. Challenge: What radical thing has to happen to make this work? Redraw the secure perimeter somewhere else? Make most data available anyway? Get the government involved? Teach security in high school? What? I presume the answer is not easy, or obvious, or incremental. But if slashdot can't do it ...
- The Armchair Programmer
Bullshit from some "visionary".
If you need it for the job, the company will provide it. If you don't need it for the job, pay for your own damn bandwidth and keep your crap off the company network.
What a depressingly stupid machine.
How original! Yes, those dang old people. They sure can be rigid. I mean, they want you to work! Eight hours at a stretch!. I mean, who can do that? And of course, we certainly we never saw this story for generations x and y.... (Ahem).
To put not too fine a point on it, in this hiring environment, an inexperienced Gen-Z had better sit down, shut up, and do what the f*** I tell them to do in the way I tell them to do it or they're out. I have the money. They don't. They work for me. I don't work for them and I have better things to do than to accommodate a bunch of self-indulgent whiners.
If they want to form a start up for themselves, great, because after 10 years of running a business, they're going to think just like me. At that point, they might be worth hiring.
Please do not read this sig. Thank you.
I work in a classified environment. I can't even bring a Shuffle to work let alone my iPhone/iPad/MBA.
"Remember, always drink upstream from the herd". Anno.
"Works for me" is not good enough - if you don't put the software you have developed onto something similar to a normal users environment you are only doing half the job. If it's someone else's job to do the testing that's fine and someone else's problem - but if it's your own responsibility you should not be lazy and provide yet another vector for malware onto user accounts that should not be run as admin.
"Without deviation from the norm, 'progress' is not possible."
Perhaps the reason the rest of the corporate world is eating America's lunch...
Ask Me About... The 80's!
The article's author is right about employee demands. The Blackberry/iPhone has really changed how people are using their mobile devices, regardless of age. Take the generational issue out of the question, everyone in my office of any age who has a smartphone has asked for Outlook access--and almost everyone has one, also regardless of age. I work for an arts non-profit where only devices paid for by the institution can be "officially" set up to access Outlook. Of course, it being a non-profit, very few people have this privilege. (Really only our Director.) The question I get asked more than any other by far is "Can you set up my Outlook on my personal iPhone/Blackberry/Android?" They're not happy with an answer of, "No, we only do that if the organization pays for your phone." In five years, I've only been asked twice about a personal laptop, and never about an iPad. I get asked about once a week in regards to personal cellphones, and it keeps being brought back up. Everyone knows that their phone can do this and is vey frustrated about the policy in place. (The official response of, "You can use the web access", misses the point. That doesn't integrate contacts, calendar or task information. People want all of their information integrated in the way that their personal account works for them, otherwise they have to duplicate those listings. And we're not allowed to use 3rd-party syncing software like Google-Outlook calendar sync.)
A more flexible policy is needed in regards to cellphones, at least at my workplace. In the interest of not having to support 80 bazillion different cellphones, we should pick 3 specific models of phone (ideally a blackberry, iPhone and Android) and say, "If you get this kind of phone, we will set it up for you. We will include remote-wipe, so be warned about what will happen if your phone is lost or stolen. Once it's set up, we won't troubleshoot." Our staff frequently travels, and mobile access would make sense. It's just too bad that IT policy isn't helping our staff.
I agree with solios, that as basic tech competency becomes required for job performance and as more and more people get (in particular) smartphones, the lock-down model of IT security will have to change. (Full disclosure--I'm not on the IT staff. I'm an office worker who happens to be very frustrated by this, because as the liaison to the IT department in my office, I get stuck answering this question over and over and over.) IT staff should work with the people who do the actual business of the organization to find policies that both satisfy security requirements and meet user needs. Otherwise the system is broken, and staff members will try to find a way around it, resulting in even more glaring security problems.
It really almost at this point seems like telling someone, "I can't trust you to use this fork. You might put your own eye out, or someone else's. So eat with your fingers." It'd be really great if people in my office could eat with forks. There should be some way to make that happen, rather than insisting that they eat with their fingers as the permanent solution.
My company likes to think that it is unique and does things differently than everyone else. I guess it is safe to say that we are ahead of the crowd when it comes to this. When an employee starts, he gets his choice of Mac / Linux / PC. We are forced to support all platforms and it is a complete support nightmare. We are also forced to support every type of phone (iPhone, Android, Windows Mobile, and Blackberry), every tablet device, and software app ever made. The costs of allowing all of these toys are tremendous. We often debate how much we could save the company if everyone was using the same software and hardware, but the reality is that this is the culture of our company. IT is the business of dealing with people and if the company wants to spend more money supporting everything, than so be it.
For anyone who is currently dealing with this, I do have a few suggestions. First, do not force the users to use what you support. This never works. Do, however, keep a list of IT supported applications and devices. It only takes one event of downtime for an important person who was "using his own setup" to get management on board in requiring their employees to use only supported apps and devices. Make it clear if they do not use the IT supported applications and devices, that they are on their own. Always keep an inventory of desktops, laptops, and software. You should keep enough inventory to get you through one month or 12 ordering cycles. Having devices ready to go and in stock trumps choice and goes along with the Gen Z's short attention span and inability to wait.
Second, it has been my experience that each department is wanting a different setup for themselves. Get involved with the IT app and system design process. Have the department head sign off on the desktop setup. Schedule recurring reviews to make sure their tools are good. Most people just want to "fit in" and will copy the setup of the next guy.
Third, create dedicated IT help desk employees. These should be the only members of the IT staff that should be helping people with issues. This model can easily eat up all of your personnel resources if allowed. It is important that the IT staff working on projects are given the ability to continue working on projects. This also allows you to directly assign cost towards the support of this philosophy of IT.
Bugger that. I want the IT guys handling my medical or financial information to put security above productivity, because if that stuff is mishandled I'm gonna be delayed much longer getting my life back in order.
That I agree with. My university gives professors and grad students admin on their machines. I wouldn't go to a hospital that did the same, however. There is a balance, and it varies with the sensitivity of the data.
Hoots of derision would follow any attempt at prohibition at the media company where I'm employed. Sure, there's some (evidently outdated) mention of the banning of such devices, including (gasp!) cameras, but no one here really expects the ban to be enforced. We are a "First Amendment" company, and our corporate leadership is firmly on the side of openness in accessing any and all information. We are an information company. As the publication of the Ellsberg papers made clear, access to crucial public right-to-know information is what it's all about. As long as employees refrain from corporate misconduct and corporate espionage or betraying company privileged information, we're pretty open. No one searches our bags or persons for thumb drives, iPhones, etc., laptops, CD's and so on. We are trusted until the time comes when we have been found to have broken the confidentiality agreement with our employer; that is, when our misconduct has come into the open. Even die-hard defenders of corporate paranoia and secrecy admit that the company's policy is the only right one, given the company's purpose.
But perhaps I have missed the point. Are we supposed to be scared because there's talk out there about restricting employee access to their own media storage devices? Fine, So stop us from remembering. See how that works.
... Supporting external devices isn't a matter of relaxing, not if your IT division is competent. Providing Wireless access points and deliving access to external devices in a secure fashion requires a huge capex investment in terms of IT time and resources. Integrating universal threat mangement to provide a stable business IT platform while allowing external devices is expensive and time consuming. Revamping central achitecture and adjusting your application deployment model is time consuming and expensive - especially if you don't already use a Citrix desktop/published app solution. Training the helpdesk to support users on the new devices is expensive. And justifying that expense in how much value the new functionality brings to the business is difficult.
And honestly? Most users who've thought it through don't want it. Do you really want to have your work email on your personal phone? Do you really want to be locked down by corporate proxy policies on your phone as well as your computer? Or do you want to use your phone to check facebook and youtube when the boss isn't watching? Do you want to know that if your phone goes off at three in the morning, it's something you might actually care about.
Being able to use your Ipad for taking notes in meetings is awesome and being able to save your notes to your shared document store is very convenient. But when the cost of making it happen is easily in the 6 figure range and often looks like 3 years salary for your PA - do you really want it that badly? Or could you just write the notes down on paper, or use your own mobile data plan to email the notes to yourself?
Managers will find that if staff bring their own equipment, the company does not have to pay for it, equals savings, equals more profits, equals more benefits payment to management. Hence they will allow it based on the condition they don't run any risk which means they will issue a rule to be followed by all staff: "you are allowed to bring your own equipment as long as you install our software package X and sign a letter confirming that you will not use your laptop for anything else but this company's business purpose!".
One thought would be to enable IEEE 802.1X (http://en.wikipedia.org/wiki/IEEE_802.1X) on both wireless and wired ports for access to the corporate network.
Then have a public vlan with no access to the corp net but access to the Internet, filtered or unfiltered as you like, with guest ports and guest wireless. I believe IEEE 802.1X can be configured to switch to a public vlan if authentication fails.
Works fine on paper with Cisco/Windows. Not sure about other switches, operating systems, and devices.
Also not sure if it is practical but it beats trying to find unauthorized devices accessing the network and yelling at people.