Slashdot Mirror
Consumer Tech: an IT Nightmare
snydeq writes "Advice Line's Bob Lewis discusses the difficulties IT faces in embracing the kinds of consumer technologies business users are demanding they support. 'Let's assume the consumerization of IT is the big trend many think it is. But using consumer tech in a business environment is a very different matter from being satisfied with consumer tech in a business environment. One of IT's legitimate gripes is that we're often asked to turn consumer-grade technology into business-grade technology with a wave of our magic wands. On top of the intrinsic technical challenges, there's this: IT doesn't have anything that even resembles a methodology for performing the business analysis we need to figure out what it means to put consumer tech to productive day-to-day use.'"
we're often asked to turn consumer-grade technology into business-grade technology with a wave of our magic wands
This is nothing new. We've been expected to do this with Microsoft Windows for nearly two decades now.
They jumped it some time ago. Itunes making you have to go through Apple to do *anything* is not just a walled garden, it's a prison. Yes, consumers might put up with that shit, but businesses won't.
Yeah, the $70 drive from Newegg is 7200 RPM, 2+TB, and has 64mb cache. The $300 drive from HP is 5400rpm, 320mb, and comes with a piece of paper saying it's 'certified' compatible with the server, and they'll replace it free when it dies 7-18 months from now (same as the $70 drive's equally short lifespan). What a bargain.
Spending more for SLC vs MLC? sure. Ditto, for the network gear. But don't kid yourself... "enterprise" drives are no less failure-prone than their Best Buy Brethren. Nowadays, they're *all* crap. :-(
Now the same clueless top exec buys latest and greatest toys to play angry birds or something and expects it to work in the corporate environment. All the deliberate incompatibilities and interoperability poison pills baked into the system is coming back to bite the tails of IT crews.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
I do IT support for a company of about 800-1000 people. All of our executives and corporate staff wanna use their goddammed iPads, iPhones, Androids, and other personal wotsits or doo-dads to do their work. Enough is a-freakin-nuff! We're a corporation and we need to maintain stability and compatibility over fancy and chic. You get a laptop. With Windows. And a BlackBerry... if you're lucky. Oh, and don't get me wrong... it's not like I'm being elitist or something. I love these consumer devices for home use. I have all sorts of digital toys. But they belong AT HOME!
for the IT department here.
1. lock it all down:
ive worked for companies that insist IT is the gatekeeper for everything from remote controls to pagers and cellphones. While you get great control, you also have no time or resources to dedicate to projects and ostensibly everything with a wall wart becomes "your job." Powerusers view you as some sort of hitler-incarnate so you wont get help or input from them at all.
2. trust your users:
im working at a company that embraces google apps, that trusts its users in the cloud, that appreciates anything that frees up resources so that projects can be accomplished and new achievements in the organization can be made. the downside to this is your IT support is often branded as a group of do-nothings as IT can really only help people with approved technologies. IT guys find themselves in elevators and hallways, cornered by desperate users who swear the problem theyre having in the cloud is something your IT department works on. If the bitching gets loud enough, you may end up supporting it anyhow, and that subset of 8 systems your team used to directly assist users begins to look like 'infinity.' you really need strong management for this type of environment to work. ready and open paths for users who bite off more than they can chew to safely make their way back to known desktop technologies is also a big plus. You can in some cases leverage power users to evangelize people in certain directions or help out where possible. Wiki's work wonders.
Good people go to bed earlier.
But HP will overnight me a drive once I send them a diagnostic report. And the drive has custom firmware and guaranteed to work with HP branded raid controllers
Spending more for SLC vs MLC? sure. Ditto, for the network gear. But don't kid yourself... "enterprise" drives are no less failure-prone than their Best Buy Brethren. Nowadays, they're *all* crap.
Really? With Seagate Barracuda LP drives I had a 95% failure rate within a year. (Different batches of drives in different servers in different data centers, FYI.) With Seagate Constellation ES I've seen 5%. Now granted, the "enterprise" drives shouldn't even have that high of a failure rate, but they are a LOT better.
Oh, stop your whining and do your job.
Don't go complaining to management when they want you to do something on the cheap. They're the job creators and you're nothing but a griping parasite. They could eat your job and shit it out in Bangalore before you can say "MSCE".
If you don't like the way business is done then go stand with the filthy stinking hippies in Occupy Wall Street. Otherwise, when we say "jump" you say "Minimum wage is good enough for me".
Who do you think you are, anyway? We're the motherfucking job creators Bucky, so you better check yourself and get back to your little hole and do some coding or sysadmin-ing or whatever it is you do. There's a reason I'm getting the big bucks and you're getting the increased co-pays and that reason is "I know what's what and you know jack shit."
Now close the door on the way out. I'm glad we had this little talk. And if I hear that you even whispered the word "union" I'm going to put my size 11 cordovan brogue ($370 at Nordstroms) up your bony ass.
You are welcome on my lawn.
departments who see no middle ground between "100% supported" and "not on my network ever".
Because there is no middle ground.
If we help you out of the kindness of our hearts once, you will never. ever. let us forget that.
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone.
It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process.
But not like support support it, just help solve any problems with it.
THAT is why so many IT departments have an all or nothing policy. They know what the road to hell looks like.
I don't expect you do this for every crazy piece of hardware out there...
Just the ones that *I* like.
You'll get a lot further if you appear to mean it when you say you'll support yourself if they'll just not actively ban the device.
You want to run the thing, you want it to be yours, but you want someone to bail you out if you can't make it work. That is the nightmare IT scenario. That is the one that sucks tons of time from the group: When users want to run their own devices in their own way, but want IT to fix it when there's a problem.
Now I should say such a situation would be feasible, but only if you are willing to hire a bunch more IT people. Have a large enough group and sure, you can have people to do all the hand holding as well as all the all the central functions expected (like making network and all the servers work, developing new custom apps, and so on). However in a typical IT environment where there are not many support people, hand holding takes time away from other tasks.
Basically if you want to use your toys that's fine, but don't expect IT to want to waste time on them. They are your devices, you deal with them.
In terms of the "not on my network" I don't usually support that idea but there are cases where it makes sense. Security is a concern with companies and if the management decides they want only approved devices on the network, well then that is what IT has to enforce. There are reasons for that too: User devices are the biggest source of problems easily. I work at a university and we do allow for personal laptops and other things on the network. 99.9% of the time when there's a virus or other issue, it is from one of them. Of course they bypass one of the layers of our security, our border firewall, since they come inside the network, which makes them a bit more dangerous.
To me wanting IT to support your personal devices is the same as wanting the motor pool to work on your personal car. It just isn't reasonable. Your stuff is yours to do with as you wish, but don't expect corporate support to help you out. They have other things on their plate.
The GP has no idea what "support" means.
The PROBLEM is that every single person out there has the same attitude towards "support" that you do.
With you it is your iPhone.
With someone else it is something else.
A third person has a third product.
And pretty soon it is "every crazy piece of hardware" (and software and website and so forth).
The problem is that if IT provides 50% support for X ... there will be calls from people wanting help with something that falls on the other 50% of X. Eventually it is 100% support.
If you want that to change, then get a business case together and get management's approval and IT will get the additional funding / staffing / whatever to provide the support.
Otherwise, deal with it. IT is there to support the management approved users on the management approved software with the management approved hardware.
I'm a doctor. We use Motion LE1700 tablet PC's running Windows XP SP2 (no joke) for our EMR (electronic medical record). I saw a physician colleague running our EMR on his iPad2 and thought "wow". At first I didn't care. Then I thought of two ways that I could really take advantage of running EMR on my iPad2. So I asked our IT dept. They've always said, "we are happy to help you connect to the EMR on your home computer", but now I learn that they meant Wintel or Mac home PC, not iPad. I really have NO idea what you folks mean when you talk about some dividing line between "consumer tech" and "business tech". So go ahead, brow-beat-up the new guy, explain it to me! -- Josh PS FWIW, same organization has custom written an iOS app and given free iPod Touches to physicians to access hospital patient care data, so it's not like the organization does not realize the opportunities in leveraging personal "consumer" tech for business purposes.
Why do I have to support your purchase?
You're asking why you have to do your job?
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
This is BS. Webmail, FTP, USB drives, etc etc. All of these are allowed (maybe not by choice) technologies essential for business. They are easy for non-tech to use, so they get used. They are all much bigger vectors for intrusion than an iPhone.
A fool throws a stone into a well and a thousand sages can not remove it.
iPhones fully support exchange activesync, with remote wipe and everything.
In the mail settings, you add an account, and tap the first mail type in the list "Exchange"
Feed it your email address, then password. Done.
It uses the encrypted outlook web api (Same as the web app in a browser would over https) so works on the internal wifi as well as outside on 3G.
Employees are warned about the remote wipe feature, both in the employee handbook and directly when I'm asked if they can get their mail on their phone.
Users can even log in to web mail and perform the remote wipe and remote password reset features on their own, including from home, and most importantly whenever they need it.
Otherwise it has been one of the more simple non-windows devices I've had to support on a windows network. :P
I come from a Linux/Mac background as well, which doesn't translate the best to running a windows domain. I'm the reverse equivlant of the ditsy windows admin installing x11 and gnome on all the servers so he can remote admin them
The less I have to do to dig deeper into the windows world, the better.
Most android devices are basically as easy, but usually also ask for a username instead of extracting it from the email address for the first try.
Only two people with android ever had mail problems, both solved by removing and re-adding the mail server entry.
I'm just thankful the CEO is no longer using that blackberry... BES was hell!
not exactly...
What if there are security or protocol requirements for accessing my network or my apps that your phone does not support or are easily bypassed on it? How can I support that?
What if your phone requires some hotspot technology that I do not have?
Blackberry was able to get away with this by having enterprise level security and good outlook integration -Android and iPhone -probably not.
IT depts sign off on things that they know will work with existing infrastructure or with the expectation that there will be budget to add the necessary pieces -this bypasses that process and puts IT in a difficult position -esp when some exec decides they want to use their latest toy....
I'm just sayin'
Assuming we're going with the GP post's question RE an iPhone my answers to your questions would be as follows:
1. The Managing Director bought it because he got annoyed about the blackberry outage.
2. Sadly the Managing Director controls your budget, ergo he says what you do and don't support.
3. It's an iPhone, it supports ActiveSync and provisioning profiles but you should know this already, given you read slashdot.
4. Because you set the policy on the exchange server to require good passwords on all devices connecting via ActiveSync. If you don't know this you really shouldn't be administrating an exchange server.
5. See point 3.
6. You know it's encrypted because you googled iPhones and know that the any iPhone 3GS or above has encrypted memory. Thus why wiping is so quick, it just deletes the encryption key.
7. See answer 6.
8. See answer 3. Provisioning profiles.
9. See answer 3. Provisioning profiles.
10. Private VLAN it and employ port and wireless isolation.
You've not given any questions here that you should even be asking users apart from questions 1 and 2 which are legit questions. The rest are stuff where you do the research and tell them the answer.
Then your exchange servers are broken or your IT shop is clueless. iOS uses ActiveSync, which is designed to connected to Exchange servers (it's licensed from Microsoft). Of any Microsoft products, this has to be one of the easiest to configure and maintain that I've seen and that's saying a lot.
It's also completely worthless from a security standpoint. No encryption. You have to expose parts of your Exchange infrastructure to the Internet as well (Yes, you need to do that to do OWA over the Internet also). Since good security practices teach us that if you expose a system to the Internet, *eventually* you will get hacked.
Good For Exchange (GFE) at least provides on-board encryption for email/calendar/contacts, unlike ActiveSync. And you don't need to expose your servers to the Internet to provide services. Then again, GFE is crappy software.
Anyway, if you think ActiveSync is a viable solution then your corporate environment is either unconcerned or unaware of the serious security issues posed by it. Hmm...does that mean your IT people are clueless?
No, no, you're not thinking; you're just being logical. --Niels Bohr
No, it began with businesses buying and managing Unix workstations for their staff.
Where it started to fall apart was when businesses thought it would be cheaper to buy Microsoft systems instead. There was a little TCO problem there. Microsoft users were managing their own systems, and they were doing it badly. Not only was their actual job function was being diluted, it also created some truly monstrous infrastructure train wrecks. That problem still isn't solved. Businesses simply think it's normal.
Parity: What to do when the weekend comes.
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone. I don't expect you to support it, and most others don't either. At a basic level, I expect my IT department to not *actively* disallow use of such technology, which is what I see all the time, departments who see no middle ground between "100% supported" and "not on my network ever". It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing, fixing any server related issues in the process. I don't expect you do this for every crazy piece of hardware out there, but it would nice if you could be *helpful* as I try to figure it out myself.
I hate to break it to you, but whenever you allow something on your network, users will, from that moment on assume that you take full responsibility for their equipment. I've seen it many times. It happens on my network on a regular basis. Even if you don't demand supportability for *all* devices, company owned or not, from your IT people, a large contingent of users do just that. At most companies, as soon as IT says, "okay, you can use 'X'" IT is forever responsible for making it work. period.
No, no, you're not thinking; you're just being logical. --Niels Bohr
Bullshit.
With a 95% failure rate you could have had seagate tickling your balls while they tried to figure out what was going wrong ... right up until the point where they should you how your power supplies were frying the drives.
That is simply unbelievable to anyone with 1/4 of a clue.
Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
No, because in a "good organization" the sales guy is running on a workstation that doesn't allow ordinary users to install software, among other things. And support staff were not busy yelling at the engineer for using a personal laptop because they don't have to. He finds that he can't get on the corporate network with it.
How do I know this? Because I've been advising organizations about secure system design for the past 20 years. Before that, I spent 15 years writing operating systems. So I've had a bit of experience watching other people's designs break while mine don't. What's your background?
Parity: What to do when the weekend comes.
Years ago the kit you used at work was faster, better and more powerful than your home consumer devices. Today it's the reverse and what you are forced to use at work is totally crappy next to what you have at home. Thus consumerization of IT is necessary to even get your own work done.
Or to put it more simply, my companies OS is XP with Office 2003.
-Xen
the most common "failure" is due to how the drive firmware handles bad sectors
- a "enterprise" drive passes the bad sector info to the controller to allow it to remap and also use it as a predictive failure indicator.
- a "consumer" drive remaps internally and depending on the firmware it will try to recover the sector an in general hang/timeout on I/O while doing this
When a Raid controller sees the drive hang/timeout on I/O it is considered a "failed" drive. While people will argue that all it takes is a reset and the drive is good to go - it puts the array in a degraded state which puts data at risk and also reduces the array's performance - and don't forget to count the $in someones time dealing with it.
'...if only "Jumping to a Conclusion" was an event in the Olympics.'
This has been the IT Challenge since VisiCalc sold Apple ][s.
If you want to have a bitch session about it, I'm not entirely without sympathy. Just don't let it blind you from forming real strategies to meet the challenge.
Maybe I got lucky. I got to watch our Burroughs mainframe high priests do nothing but bitch while the workers gave up on them and bought and tended their own DOS boxes. In a very few years those priests were gone. It was a sharp lesson. You've got to deliver what your internal clients want, or you're history.
You're 126.4% correct. However, it's insecure and foolish to attempt supporting products that you do not have the skill sets to succeed. As I (and others) mentioned in earlier posts on this thread, the way it goes is that if you allow something into your environment, 95% of the time that's tantamount to sending a broadcast to the entire organization that whatever it is is now fully supported (and supportable) by IT.
I have no problem implementing new or existing technologies which can improve performance and, most importantly, the bottom line of my organization. Introducing technologies which cannot be effectively supported (and effectively supporting something means having the skills, processes and resources to do so) is only going to be detrimental to the entire organization. Please note that I'm talking about *large* organizations.
Identifying and implementing technologies that can enhance the ability of users to *do their jobs* is a core function of IT. If your IT organization isn't doing that, they're doing it wrong. That said, implementation is more than just installing the software or hardware and tweaking the configuration. Processes need to be developed, redundancy and fail-over needs to be designed and implemented, IT resources need to learn how to use and support the technology, users need to learn how to effectively use the technology, infrastructure may need to be upgraded, enhanced or even completely replaced. I could go on, but hopefully you get the point.
And that's just the technology aspect. How do you pay for the new technology? How do you deal with senior management that's afraid of change? How do you realign your human resources to support the new technology? Do you need more people? How are you going to pay for them? Again, I could go on and on.
My point is not that IT shouldn't innovate or support new technologies. It's that if you just deliver a pallet full of iPads to the loading dock and start handing them out (or open the doors to unknown, untrustworthy personal devices) without the appropriate planning, engineering and implementation, you're setting yourself up to fail.
No, no, you're not thinking; you're just being logical. --Niels Bohr
No. The job of IT is to keep things running smoothly. Letting people buy any random crap they think is neat, and then make IT support it, is almost 100% counterproductive to that goal.
Furthermore, unless you're the CEO or my boss in some other way, you don't get to add every single piece of technology under the sun to the list of things I'm required to support for you. IT (or those up the food chain from IT) decide what gets supported, not random people who think that iPads are cool, so they should purchase one and IT should be required to support it as if it were a product they researched and decided to use themselves.
"16MB (fuck off, MiB fascists)" - The Mighty Buzzard
Say'n what? That you buy into marketing hype that can not possibly be true? First I've heard of them, but reading their claims for what they can do for iPad/iPhone devices .... hhahhaha bullshit :)
I don't buy into the marketing hype. I did something which may be alien to you. I *implemented* it. And not by my choice either.
I'll also point out that I mentioned, in another post in this thread that GFE is crappy software. The only advantage it has over every other competing product is that it provides strong encryption on-board the iphone/ipad/android. That's critical for my organization and the *only* way we would allow those devices to store company emails. I don't really like it. It has many quirks and doesn't always work. However, it does, substantially, what my organization needs it to do.
So stop talking out of your ass. You're stinking up the place. Have a nice day!
No, no, you're not thinking; you're just being logical. --Niels Bohr
Like many intelligent folks, you've missed the point.
Your assertion, that a competent admin with a complement of appropriately selected hardware and software could safely allow a great many consumerish devices on his network relatively safely, is totally correct. But misses the point that 1) Not all companies will spend the money for appropriate switching, firewall, and security tools such that an admin can accomplish these goals. Because, regardless of skill level if the device doesn't do it, it doesn't do it. and 2) That the added workload on your already overworked admin (who, if he's still employed, is probably on a much smaller team than he used to be, or all alone) might be enough that the company HAS to add another administrator, which means the company is incurring a massive expense for additional personnel in a down-economy solely so the special snowflake crybabies can look at fucking Facebook using your WiFi on their plastic penis-extenders..
What business benefit do we get from working through these machinations for our users? And BUSINESS BENEFIT means measurable, quantifiable contribution to PROFIT. Not .commer b.s. about feelings: MONEY. How does my company benefit from Special Snowflake's iPadroidreo in a way that it couldn't (more cheaply) by buying same user a standardized mobile device?
Who did what now?
Here is what happens when IT meets consumer tech.
My new iPhone has built in email contacts and calendar. I point it at our exchange server and give it my password and it "just works". "Well holy shit", says the IT dept, "that just won't do". "We can't have users looking after themselves" So they tell me I need to get "Good" mail. First I have to buy a license to use it, and then they dick around a week getting it to work. Now my email is "secure", because we just can't run the risk of the KGB finding out when I'm having lunch next Thursday, or how many meters of #6 cable we buried last week. How is this better you say? I'll tell you. Before Good, my phone would go ding, I would look at the screen and see "Meeting with Fred, 11:30, big boardroom". Now I get a ding, and my screen says "Event!" I unlock my phone, I open the Good app. I enter my Good password. I wait 30 seconds while things are decrypting. Finally the app opens fully. I push the button for calendar and see "Meeting with Fred, 11:30, big boardroom. The entire process now takes 45 seconds, where it used to take 0 seconds.
The badge for unread emails used to tell me how many unread emails I had. Now with Good mail, it increments with every new mail received. Then if I read the email on the computer, it increments again. Yes, that's right. If I receive 5 mails and read them on my computer my phone now says I have 10 unread mails. (Apparently it is not our IT dept's fault that this "Good mail app" they have forced on me sucks so bad. It's all Apples fault, just ask our IT guys, they'll tell you.)
If you came into my office with that attitude, I would tell you fuck off and also make sure your shitty device NEVER touches my network. You piece of shit device gets onto the corporate network strictly on the terms the company sets and I enforce it. If you dont like it, fuck off.
No, you wouldn't. You see, there's a certain underlying reality here that you're in conflict with: When somebody says "I need my device that I carry with me at all times to connect to the company's mail server", they're saying "I want to do more job more efficiently." Guess what? In the eyes of the people paying your paycheck, those dudes win. Your job is to supply data to them and you know damn good and well you'd hook them up and then go back to browsing Slashdot and posting fun little short stories about what you'd do in an alternate dimension where you actually had any authority to tell anybody to fuck off. Your problem is *not* gadget happy employees.
Now answer the GP's questions
I did. But I guess I have to explain something that's actually really really obvious. If supporting all these devices has a measurable impact on the bottom line, you make the case and get a policy set. You nail a sign to your door that says "We will not hook up your iPad." If you can't make the case, then your job isn't going to be as easy as you'd like. Boo hoo.
"I like to lick butts!" by MobileTatsu-NJG (#32700246) (Score:5, Informative)
I was just talking about this to a friend of mine yesterday. I've been a "customer engineer" for most of the last 47 years. Back in the age of mainframes and minicomputers businesses understood that it took training and organization to install, maintain, and program their computers, but they started losing sight of the complexity involved in good systems design and analysis when the computer started looking about the same size as their typewriter. Now phones (which are really just smaller computers) are the same size as their old walkman. Consumers can't seem to understand that computers are multi-function machines with millions of interconnecting parts (if you include the OS and applications). Assuming you had a big open building with millions of parts and subassemblies that needed setup to perform specified tasks, and most businesses would understand the need for a small army of well-trained technicians to do the setups and maintenance.
So, in my area, a lot of small businesses have sprung up offering computer maintenance for $35/hr. These businesses are capable of handling about 70% of all the normal maintenance on a computer, but then, so is anyone who can read a manual or call tech support. Then they get assigned a project over their heads, take the customer's money until it is very obvious that they can't do the job, and then walk away. The customer calls me and gets pissed off because I charge $110/hr instead of $35/hr and successfully clean up the mess left by the other "geek". And when the next computer problems show up do they call a competent tech? No, they go right back to calling some half-trained moron who only charges $35/hr. Business is full of slow learners.
The bottom line is that many of the businesses out there are not designing their business processes, they are acquiring "business technology" by "jumping to solutions" without a plan. The "business-in-a-box" approach has never worked right. Most small businesses fail within the first five years, not becasuse their tools aren't adequate, but because their business decisions are inadequate. The technology decisions are just a part of the same lack of business smarts.
"The mind works quicker than you think!"
My point is it doesn't require specialised equipment or deviation from what most would call best practice. Any office where you're worried about standardised mobile devices should already have a patch panel, managed switches, a real router and if they have wi-fi at all non-consumer grade wifi access points (cisco or similar). If you're too small to have/need managed switches and VLAN's frankly you're just playing at being "enterprise". Anyway, it is often easy to support them without allowing them onto the LAN, the server active sync needs to connect to is the usually same one that provides outlook web access and done on the same IIS instance.
Support specifically for the iPhone is simple, put all the settings into a readonly encrypted and signed provisioning profile which is only removable with a full device wipe or a password. It takes about an hour to write and properly test a provisioning profile, I'm excluding the time where you decide what your policy is because you should already have one. Any more support than that isn't my problem, check it's not server side and affecting everyone, get them to restore their device and if that fails send them to an apple store.
This isn't special snowflake, this is good for productivity and the psychology of this is obvious. Any mobile is a very personal thing and an employee using their preferred device is more likely to check their email more often and not turn the damn thing off and shove it in a drawer. They're also more likely to understand the device, it's productivity features and make use of them.
Also for the record, calling the managing director a special snowflake tends to get you fired. Senior staff are usually where these devices turn up first.
For some reason IT folks think that all us iPhone toting folks are demanding that they support my iPhone. I don't expect you to support it, and most others don't either...It'd be nice if you could spend a few minutes helping me to figure out how to make my email work on the thing...
Ummm...make up your mind. Do you expect me to support your device, or can you figure it out yourself?
I don't expect you do this for every crazy piece of hardware out there...
So if someone has a different brand, screw them, but for you, on your chosen platform, I should be able to help you set up the services you need? You do realize that this attitude is common to every other user on the network, right? Which means, yeah, actually I do have to do this for every crazy piece of hardware out there.
Look, here's the deal...even if I never, ever have to touch your iPhone because you really CAN set up every configuration option blindfolded, in the dark, with one hand tied behind your back, I'm still responsible for keeping corporate data secure. That means, it's my butt on the line when you leave your iPhone at the bar and the confidential data you weren't supposed to have on there in the first place is now unaccounted for. It's my butt on the line when your Windows XP Home laptop -- which is still running the stock anti-virus and a/v database that Best Buy installed when you bought it four years ago -- introduces a virus into the network, infecting 37% of the other "Bring-Your-Own" devices (although, thank God, the servers are all patched and running current A/V, so they are safe).
Personally, I'd like to see the bring-your-own-device movement take off, and I can see several ways in which it can SANELY be implemented. In fact, we are starting to move in that direction where I work. But sorry, until I can honestly say that I'm reasonably certain that I have identified the likely risks of allowing users to bring their own devices, and I have taken all of the reasonable precautions to bring those risks to acceptable levels, the policy is "not on my network". I understand that may piss off some users. I can live with that. I can't, however, live with implementing a half-4$$ed BYOD policy, thus knowingly, willfully and intentionally putting my company's data at unnecessary risk.
MCSE? No, sir...I don't do Windows. Yes, I am an idealist. What's your point?