Slashdot Mirror
How To Thwart the High Priests In IT
GMGruman writes "You know the type: They want to control and restrict any technology in your office, maybe for job security, maybe as a power trip. As the 'consumerization of IT' phenomenon grows, such IT people are increasingly clashing with users, who bring in their own smartphones, use cloud apps, and work at home on their own equipment. These 'enemies' in IT are easy to identify, but there are subtler enemies within IT that also aim to prevent users from being self-sufficient in their technology use. That's bad for both users and IT, as it gets in the way of useful work for everyone. Here's what to look for in such hidden IT 'enemies,' and how to thwart their efforts to contain you."
While some people get the policies wrong, in general the idea of IT policies is a good one; the only way to support business policies is to allow for sensible IT policies to exist. If the IT policies don't serve the business policies, someone's not doing their job right, but that's not a problem with the idea of policies existing at all. If you want to "thwart" your IT people, you'd better have a damned good reason.
For every problem, there is at least one solution that is simple, neat, and wrong.
Sounds like the article was written by a tool with no understanding of how enterprise IT works, and no grasp of what bringing alien, unknown systems into contact with critical infrastructure can lead to.
Don't care supporting home made IT solutions, just get the boss to buy it all for me so I know how to use it
Nothing more to say.
Management make the rules, if management say no iphones, and you then thwart them.... you've gone against management wishes.... which can be disastrous for a job you like.
Of course Iphones in this example was simply that.
The whole point of restricting devices is to prevent any conflicts that block productivity, and that's from the network ops side. From the security side, devices are blocked to prevent extrusion attempts as well as to prevent vulnerabilities from being introduced.
It has nothing to do with power tripping; it has everything to do with making sure the network doesn't fall apart. It has everything to do with making sure no one breaks into the organization and runs away with trade secrets or, worse, PII.
Viable Slashdot alternatives: https://pipedot.org/ and http://soylentnews.org/
IT is overhead. It's a cost center. It generally does not generate revenue. Maintaining an infrastructure costs the company money. Every time you want to bring in your personal equipment, we have to figure out how to support it and that raises the company's overhead. Instead of making IT justify why we don't want to support your Widget Of The Day, why don't YOU justify to the company why you're increasing costs and then work to have that increase added to IT's budget so that we can actually afford to support your crap without having to divert funds away from things that the company has already approved?
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
I'm all for this, so long as all concerned realize I'm no longer responsible for keeping everything working. Here's my pager, keep the paychecks coming!
I certainly understand that users want to use what is easy for them but they need to understand that they don't set policy. I listen to any reasonable requests and if they fit within our policy (or if it makes sense to change the policy to allow it) I will authorize their request. However, understand that I have been working in IT for over 20 years and know a thing or two that you probably don't. Its not a power trip, its my job, it is what they pay me to do. Employees need to understand that its not personal. If their request was denied I had a very good reason to do so. Get over it, move along.
Hi:
I'm a technical writer who has, on occasion, been up against an SME for whom nothing is right. My current fellow has five distinct levels of 'no.' It doesn't matter what the question is, he'll start with one of them and work his way through the list. None of our user or technical documentation can be done by anyone but him. (Don't worry, he checked with himself and he verified this.)
The reason is fear. He has a need to be the unimpeachable expert whose wisdom cannot be challenged. The result is user hostile documentation written to serve one function: to demonstrate how intelligent the author was. I swear he must have taken writing lessons from a Vogon.
The thing is, he knows his stuff but cannot abide actual teamwork. Ergo, he's fear driven.
Just saying.
none
The best way to beat Priests in Mana Drain, obviously. No mana, no spellcasting. No Psychic Scream spamming, and certainly no healing!
There's a spot in User Info for World of Warcraft account names? Really?
Seriously? We don't want uncontrolled portable devices on our networks because we don't control them. We can't force-install AV software (if it even exists for your favorite no-name phone/player/tablet/whatever), we can't even do basic cleanup of them without your cooperation.
And that only describes them as a potential vector for attack. We also can't control who else has access to them, can't wipe remotely without your permission, can't keep you from leaving it, complete with the latest super-secret corporate strategy on it, in the bar at a random trade show.
Dislike of portables has nothing to do with controlling you, and everything to do with controlling and protecting what the company pays us to - Their IT infrastructure and digital IP.
It's the sort of stupid article you'd expect from an organization that is supposedly all about information technology, but is so backwards that they're endlessly pestering me to take a free subscription to their dead-tree edition. If their web site isn't even worth visiting for free articles, why would they think I want to spend the effort moving their magazine from my mailbox directly to the trash?
Help save the critically endangered Blue Iguana
Yeah, they might have prevented hackers from installing malware on company servers and making off with credit card info for 45.7 million customers. But just think how much these arrogant SOB's would've slowed down the rate of application development and innovation going on there.
Dear GMGruman,
Go fuck yourself.
Yours sincerely,
Pretty much every sysadmin anywhere that's been tasked with providing IT services to keep a business running as productively and profitably as possible, in spite of people like yourself.
The article starts by saying there are good IT people who help you and bad IT people who make things difficult. From there he just whines and whines about nothing. His only advice about "thwarting the high priests of IT" is to complain to the CIO. Of course everyone complains to the CIO about the tech staff, but he or she will apparently be dazzled by your insight that some IT workers are good and some are bad.
The only non-obvious thought in this article is referring to bad IT workers at the "High Priests of IT." However, it is only non-obvious because it is really stupid. And if you actually go around saying "the High Priests of IT" then you are a bigger dickhead than almost any IT guy ever met.
Democracy Now! - your daily, uncensored, corporate-free
Have you ever stopped to consider that maybe you are, in fact, wrong? Have you ever stopped to consider that you may be making stupid requests where "no" is the only reasonable answer? Have you ever stopped to consider that maybe the documentation you're producing isn't up to standard?
Business teamwork isn't about making everybody feel good. It's about getting the job done. Sometimes the job is in fact best done by one person who really knows his stuff. Often times this person will have to waste a lot of his time shooting down stupid requests and ideas from teammates who don't have their shit together.
As an end-user of software systems, I much prefer the documentation written by the expert. What you consider to be "hostile documentation" I consider to be explicit, detailed and factually-correct. In fact, I get far more pissed off when I read documentation that was clearly put together by somebody who wasn't an expert. Maybe it reads more like a novel, but it often isn't as helpful because such documentation is rife with factual errors.
IT is often the "prevention of information services department". User figures out a better way to do something, IT blocks it. Prescribed methods of doing things don't work well; user goes around them, IT blocks or complains to management. User wants something done, IT demands business justification and signatures from at least two executive VPs. User does it himself, IT finds out and makes him stop.
you are either less than 2 years at your first job out of college or you are a complete IDIOT! You clearly are hoping to start a flame war with the 85+% of the slashdot population that is IN IT.
This from the "Smart User" blog. Well played, with the oxymoron. By virtue of the profoundly deep understanding of the environment he is redressing, I can only assume the author is a member of these United States congress :/
It works for government and non-profit as well.
The simple way to eliminate IT roadblocks is like removing a node from a binary search tree: isolate and fire.
New Economic Perspectives
It neglects the most important aspect; security. At my place, you circumvent IT, you get fired. That's the level of information we are dealing with.
This was probably written by the dude who routinely roots his box (calls Dell to get the BIOS reset code, uses a bootcd, et voila) so that he can install PC anywhere because it's VITAL for his side business and he knows IT will say "no".
It's already been covered how stupid it is to think a company only has IT policies as a power trip. But beyond that, do you really think it's appropriate to view your coworkers as "enemies" who need to be "thwarted"? It's bad enough that the "CRUSH KILL MAIM!" rhetoric has broken into politics, do we really need it in the workplace next?
...services but refuse to follow-through after the fact?
I am the network admin/server admin/helpdesk manager for a small online-based college (not private but part of a state system). Our department is moving to a new building in February or March so, of course, I wanted to order a single server to provide file, print, antivirus, WSUS, DHCP, and other necessary services for our office. We are well-positioned to grow in the next five years (which is our lease period for the new place) so a single server should be sufficient while allowing for additional capacity later on.
Of course, our central IT department insists that they will provide these services to us. Our new director is onboard with this (anything to save a few bucks I guess) despite my repeated warnings and lamentations of the lack of support and follow-through that central IT has always had. This is the same central IT who gives us 6 hours of notice before a 20 minute non-emergency web outage in the middle fo the week. This may not seem like much but when you are completely online-based AND registration is in full swing the outage is less than ideal. This is the same central IT that takes 4 hours to make a permission change on a share that only a few of us access (negating the need for change management). This is the very same central IT who lost an entire communications server because the backups were corrupt and they had it configured to run RAID 0 on two drives. And yes, this was a production server.
So earlier this week when I put in my request to have access for WSUS, DHCP, etc. with a month and a half of lead time for them to figure things out I was told that they have several high-priority projects that they are working on now and cannot do this until February 1st.
I am compiling a list of issues already but I am not looking forward to the stares and glances I'll get from my coworkers when the server goes down or "maintenance" is conducted without warning at 2:30 on a Tuesday afternoon. Our CIO can't manage to extract herself from a paper bag let alone an entire IT shop. The next few months are really going to be quite painful methinks.
I'm just sick and tired of the big IT departments that insist on providing services but no/slow support. All it is for them is a control issue and it drives me nuts. I think the last straw was when the tech ops director told my boss that "anyone in [citking's] position would ask for one just to have as a toy." This is why I sometimes hate my job.
"This food is problematic."
The article is complete flamebait, and many other posters have pointed that out.
The solution to home brew IT and people wanting to use their own devices is simple. Setup Citrix VDI or something similar. The Citrix receiver runs on everything.. iBlah, Android, web browsers, etc. The "cutting edge, tech savvy users" can use their lame devices, and all of the application code and information stays safe on the corporate network.
To flip the author's logic back around him, he suggests that users using their own devices are making things easier on corporate IT. They are empowering themselves at their own cost. Good for them. Let them pay for their Citrix licenses and infrastructure costs. If they really want to "partner with IT" and be an "IT ally" (to use the idiotic author's verbiage) , they can go ahead and come up with some funding. Nothing makes friends like throwing money around.
All right, Mr Gruman you have trolled and since I'm one of your bad guys I'm going to respond and enlighten you:
I have best practices that tell me to control these things that you want to let roam free. I also happen to have laws, and some of these laws have very large financial penalties or the possibility of jail time.
Mr Gruman, how many attorney generals have you had conversations with after someone went ahead and did what you wanted done? I'm willing to bet it's not as many as I have had and that you've never had to deal with the results of your company making the international news because someone decided to bypass IT.
Your insight into how to play dirty politics to get your "Toy" into the office shows your complete lack of an understanding of how the enterprise works. Is your department going to pay for the budget for the time needed to support your toys?
These code phrases are code for things like "mutli-million dollar fines", "angry attorney generals", "class action lawsuits", "criminal negligence", "security clearance", "ethics", "privacy" and other such things.
You see this is what happens when some petty ass whiny twit such as yourself goes to the CIO and says I want my toy and the IT department won't let me have it. The CIO comes to the IT department and says, "why won't you let this twit have his toy" and we're going to come back with something like "federal law, accountability, public relations disaster".
You know what Mr Gruman, I have never, ever lost that argument. When you take into account that regulation is only increasing the odds that I might lose that argument drop even further.
Now Mr Gruman, instead you should try the tactic of saying "IT Department, I want to use this toy for business purposes and not just as a toy, can you please look too see if we can?". You might have a perfectly legitimate case, and it might be very reasonable to do what you want, but you have to ask so that we can see if we can do that without avoiding nasty code words.
Just remember my code words can and have cost companies many millions of dollars when someone blew them off and ignored the IT department.
IT departments are plumbers: they provide the infrastructure for a utility. There is nothing wrong with being a plumber. It takes a lot of skill, experience, and smarts to be a good one. The only difference between IT and actual plumbers is that actual plumbers don't think they have a right to godlike control over everybody's bathtub.
...but I stopped counting how many times the author recommended trying to cost people their jobs for actually doing them after the third time. I'd like to offer something more insightful in response, but I'm afraid I'm left with "What a smug asshole."
Proud member of the Weirdo-American community.
(This is my second comment to criticize this article. But I can't help it, because this article sucks.)
Okay, so he's saying that if IT doesn't you to do something they are bad "High Priest of IT", you should complain to the CIO.
His advice represents a horrible deficit of office political savvy. For example, hasn't it occurred to the author that policies are usually set by the CIO himself? So if the CIO is an asshole, he'll just agree with you that the person you are complaining about is bad and do nothing for you (since you already assigned blame elsewhere, he doesn't need to do anything for you). If he is decent, then he'll feel a need to defend his employee, so he is still less likely to do anything for you.
So wouldn't it be better to explain to the CIO what you want to do and why you want it, instead of complaining about an employee? This is more likely to get you what you want. And even if the CIO can't give you what you want he or she is more likely to find half-measure to appease you. This also means that IT will be more agreeable with you in future, because you aren't a whiny asshole.
Democracy Now! - your daily, uncensored, corporate-free
I know how to break into one in about five seconds. They're an enormous security risk, and I'm not an "enemy" because I don't think they belong on my network. If Apple wants to made a ruggedized iPad designed to hook safely into a domain based corporate network, then I'll consider that a business machine, but until they do, I'm going to call the iPad what is is - a toy. Period.
Occasionally living proof of the Ballmer peak.
The article is about dealing with IT admins to whom management has punted the responsibility of making the rules. Such punting results in the IT department becoming a self-reinforcing institution interested more in preservation of its own power than in serving the company's needs. When research and development spends weeks waiting for procurement authorizations while payroll cuts checks to them to sit on their hands, management has become mismanagement.
I answer calls for an ISP which recently realized that if you allow employees to go on Facebook and YouTube at work, yes they goof off a bit more, but they also are much more patient when trying to walk 80 year olds through turning their modems on and off, and putting up with them trying to use the To: field in Outlook Express as a URL bar (not that anyone over 30 knows that you can actually put something in the Address bar).
The ironic part though is that you can still tell that our IT guys have a blatant anti-Apple bias which is really irritating considering about forty percent of the people who work for the company have iPhones. When iCloud first launched I could go in and update my calendar in there with the one generated by the scheduling app the company uses, I could do it during my breaks or when waiting for customers modems to power on when I had nothing else to do. That way I always had my work time table with me, and it was on both my phone and on my MacBook at home. A few days later they disabled this so I had to go back to using exchange and Google Calendar (apparently Gmail, Google Calendar and Google Docs don't provide the same risks as iCloud?).
When I asked about the change I was told that it was due to traffic spikes (apparently sites automatically get blocked when users are using them. Go figure a whole bunch of people at work wanted to access their iOS device data on iCloud.com). When I asked my supervisor about it he told me that the network guys didn't want to reauthorize it because Photo Stream would hog bandwidth. That's right, we allow Facebook and Flickr and YouTube, but by golly people looking at condensed versions of their photos from their at most 8 MP camera phones are going to just crash the whole damned network!
And people in IT wonder why end users hate them.
so they don't take the blame and have power to say no to some stuff like who bring in their own smartphones and other stuff that people like a CEO think is some thing at home is cool and want it at office. Even if some thing that is for home use and does not fit well in enterprise use or people with there own PC's that you can't control stuff like AV software some may even say I have windows antivirus 2012 and I payed $50 for it so I am good.
...and I am sure I don't have to explain to anyone here why.
I get the feeling that this article was written after Galen Gruman (the author if you didn't take a look at the article) brought in some "shiny new toy" couldn't connect to the network or some network resource and the expected IT to come rushing to his side to support a technology that they are not supposed to and don't have the time to and so they didn't. The enemy? Seriously now. I would suggest anyone and everyone here worth their salt in IT write a nice email to Galen Gruman explaining why he is the enemy. I cannot recall reading a more BS article in recent memory.
Brought to you by Carl's Junior.
A better headline might be: "Writer get pissed that IT guy called his new gadget a Toy."
While I'm sure he's got a good point that IT people should not talk down to other employees, he needs to hear a few horror stories to understand our concern about his new "toy".
I was brought in to trouble shoot a network that was completely down, idling over 100 workers. Naturally, the CEO called everyone who had any IT experience, so we had a crowd of upset and confused people. In short - it was a packet storm. What caused it was an employee bringing in his own device and connecting it to the network.
The employee wanted a wireless AP for his laptop, because he didn't like the Cat5 cable. The IT staff said "no", so he install his own Linksys. You see it coming - no encryption, default password, etc. Well, it was slower than the wired connection, so he figured he could get twice the bandwidth if he connected TWO Ethernet cables. The port he selected was connected to a different switch, and soon a packet storm erupted.
Yes, the IT manager made several mistakes, including buying non-managed switches. But the bottom line is the employee cost the company dearly for his "toy".
What's funny? The guy was bragging to his buddies about how smart he was, not knowing the IT manager, CEO and I were standing behind him. Fired on the spot he was.
Place nail here >+
Excuse the rant. Realistically, IT has a number of jobs:
1: Keep stuff running.
2: Keep stuff accessible by users.
3: Keep stuff secure. Yes, this can inconvenience someone, but better a teed off muckety-muck than a wholesale breach where all the goodies are stolen to an offshore firm.
4: Comply with regulations.
Do you know how many fscking regulations an IT department in a midsize company has to deal with? In a typical organization, you have to deal with Sarbanes-Oxley (either because your firm or one of your clients is publicly traded), HIPAA, FERPA, or many other laws? Then there are the stipulations put on a company by contracts, like PCI-DSS. Then there are things you sign with a client like vague crap like "all computers will have antivirus programs running on them". Yes, the bean counters sign that, but it really means that I have to license copies of McAfee for the multiple IBM Power Series 795s doing the back end database I/O just so that "t" is crossed, and "i" dotted. Yes, the chance of finding a virus on the AIX boxes is flat nil, but it keeps the customer happy.
If I'm in IT and cannot allow you to VPN in or use your precious iPhone to access Exchange mail without restrictive policies (like blocking the camera, long passwords for unlock, etc.), it isn't that I have a pogrom against your sorry ass, its because when you are at the bar drinking with your friends and you leave your phone unlocked (or even worse, jailbroken to get around Exchange policies, then left without a PIN) in the bathroom stall and report it lost, guess what department how has to report to the public about an unencrypted security breach as per California and other laws? Definitely not sales. Definitely not HR.
Also, users have a choice. Want local admin access to your desktop? All the critical company resources like Outlook will be on Citrix. This way, there is a definite barrier between a compromised workstation and the core functions of a company, such as the database with accounts payable, receivable, internal applications and lots else. Don't like that? A locked down policy where one doesn't get to choose even their screen saver is just two commands away.
Of course, on sensitive sections of the company like the finance department, the desktops are locked down 10 ways from Sunday, but there will be a Citrix application available on a remote server so you can do some personal Web usage and not risk completely tossing the company's salad if the Web browser gets breached, even if it is "just" that user account that gets nailed.
So, don't take it personal when an IT guy says no. We are not correctional officers who view you as inmates. In fact, we will bend over backwards to try to get not just what you need, but what you want. However, we won't bend over forwards.
Oh, and my OS bias? Whatever gives me the least amount of problems and keeps the pages/calls/texts off my cell. I've been in the business too long to give a crap about what Netcraft states.
You have a problem because your funding model is broken.
Set up an IT shop where people can buy tickets which entitle them to support for standard computers as well as tickets which entitle them to support on the non standard latest widgets. Money comes out of their budget and goes to IT budget. Problem solved. They will have to justify to their own management why their widget is costing $2k per year to support vs $20 for an XTerm.
Same goes for network storage, backups, large email inboxes any resource. Let people pay, then the justification is their problem. No pay, no service. IT then only provides the services that the business needs and not those it doesn't, and those services automatically get the funding they need by the fact that they were purchased. Those people and departments which demand a lot of resources then automatically pay a lot of money and the services they need are properly funded.
Resource allocation on the IT side becomes trivial. People bought support for Widget X on the shop? You need people able to provide support, hey look, you got money too.
Deleted
When I worked in IT, we never had a problem with ANY customer who wanted to be "self-sufficient".
What we had problems with were the people who wanted to use their own notebook, tablet, whatever, with their own software, but then wanted us to support it when they screwed it up.
Yep. There are a lot of incompetent IT people out there.
The problem is that most of the non-IT people are even more incompetent at IT tasks.
And management is not very good at managing.
The easy solution to this is to build a business case for whatever change you want and send it to your boss.
You boss then sends it up the ladder until it gets approved and IT makes whatever change you wanted.
It's all about money. It should be easy for you to show how you'd be more productive (in terms of $X) if you had item A at cost $B.
I have seen a lot of "foolish and stupid" IT policies. Which is why you need to communicate to the BUSINESS via the "business case" for the changes you want.
IT should be IMPLEMENTING the policies that upper management has decided upon.
If you don't like those policies then convince upper management that you'd be more productive (in terms of $X) by writing a business case for the change(s).
As for being fired, who cares? It happens.
I'd rather go into my next interview saying that I was fired for enforcing the policies rather than saying that I was fired because the systems were cracked and all kinds of company / personal data was downloaded.
Lets all go post our feelings here: http://www.infoworld.com/t/consumerization-it/how-thwart-the-high-priests-it-180296
I just love his title "smart user"
"If any question why we died, Tell them because our fathers lied."
Every other department that uses IT pays for it. Those who use more IT services, or otherwise cost the company money from their IT fuckups, pay more. Eventually, they learn to work WITH the IT department to lower their overhead costs so they can meet their budgetary targets. That means doing the kinds of things that the idiots best represented by the author of that article abhor: the things recommended/enforced by those "High Priests" as best practices.
I mean, yeah, there are bad IT people and departments out there, to be sure, just like there are bad users. Unlike bad users, though, bad IT people and departments don't last very long.
-SS "Teach the ignorant, care for the dumb, and punish the stupid."
This 'article' is clearly written by someone who's never had to even think about securing an office network. He's right, I don't want users plugging personal laptops into the network, or checking company email on smart phones that aren't PIN locked, or installing TeamViewer/GoToMyPC on their systems, or countless other 'toys' that put the company at risk for a little extra convenience. What he fails to mention is that circumventing these policies in a corporate environment can be cause for dismissal. If he worked at my company, his badge would already be revoked and his accounts locked out.
Flat out, this person is a threat to his employer, not a role model.
-- This sig is only a test. If this were a real sig it would say something witty. --
Don't rise to this asshole author's bait. He's a troll or he is ignorant, and the right answer is neither that people should nor that they should not thwart IT, and the right answer is neither that IT should smack them down nor that IT should give them everything they want.
The right answer is that the people who feel they need to thwart IT are a valuable resource. They are people who have a need that is not being satisfied. That need should be explored and a resolution found. Sometimes the answer is, "No, because it would not be safe / cost-efficient / legal." Sometimes the answer is, "There is already a way to do that, but not the way you are attempting to do it." Sometimes the answer is, "We should add that capability, because it will make the company more profitable."
The idea that it is all X or all Y is fundamentally rooted in "us versus them" mentality. It is a bullshit, douchebag mentality which is, unfortunately, actively fostered by assorted self-righteous nincompoops and the kinds of people who watch the UFC not for the display of physical prowess and grace, but because they like to see people hurting each other.
Don't rise to the bait. Users who are trying to thwart the system are a valuable resource. You want to plumb them to discover unserved needs, underserved needs, and opportunities to improve training. You also want to help them understand why they can't do certain things so that their frustration doesn't fester and become a morale issue.
It is easy to see why the author is a writer. He clearly would not operate well in a more team-oriented context.
Stop-Prism.org: Opt Out of Surveillance
... when IT departments were given unlimited resources to buy and support whatever anyone in the company wanted. You can't have it both ways - you can't consider IT as company overhead that should be squeezed for budget and headcount until they bleed *AND* also say that IT has to support any wild technology the rest of the company wants to use.
So - sure use anything you want - just don't call me for help when you want to integrate your wacky personal software with the ERP system and the data warehouse, or when the SOx auditor wants to know how your 2 TB USB drive that you have been using to store all the key business data is being backed-up.
How about this: Partner with me - give me the time, money and headcount to research the technology and how it will affect the existing systems. Take the time to understand the risks as well as the benefits, and don't assume that just because you saw it on a web site or a trade show, that the new technology is actually ready for use in the enterprise. Assume some of the responsibility for doing your own research on issues and how to resolve the inevitable problems - don't just throw it all over the wall and consider IT stupid for not instantly knowing how every SW/HW in the universe works. When you do find problems (and you will) consider that perhaps this new technology may not be perfect, it may not work as advertised or it may simply be the wrong solution - and instead of blaming IT for the situation - admit it's not working and work with IT to get rid of it.
Or, just keep being a complete dick and and see how that works for you...
wait until they hit the parking lot and then do some U-Lock justice on 'em! - that'll change some attitude tout de suite!
just because YOU or the AV company hasn't head of one dosen't mean that it does not exist.
This is true even of viruses targeting approved platforms. No AV solution has perfect detection, save one: a fully capability-based environment such as Bitfrost, Android, or the Mac App Store sandbox.
You want to install whatever you want in your computer, beyond the actual tools required to do you job? Fine by me. But when your computer stops working because some stupid game messed up your drivers (*), or when you brought a virus-infested pendrive from home and it destroyed the OS (*), or when your computer is discovered to be running pirated software instead of all the properly licensed stuff we are required by law to have (*)... will you take responsability for it? Or will you blame the IT guys? Users who want all the freedom but none of the responsability can go screw themselves.
(*) All things that really happened to us.
Pro tip: if you want to install some software that is safe, harmless and legal, go talk to the IT guys. Be friendly and reasonable and they'll probably install it for you. I've even tweaked the controls of console emulators for people that asked nicely (they had their boss' permission - yes, really). Just don't be a jerk, do whatever you want knowing that fixing it will be someone else's problem. If you do, don't be surprised that the IT guys are trying to thwart you all the time.
Obviously this article is trash. However there are a lot of folks in the comments making some good points about how sometimes IT admins can be over-protective, too controlling, not understanding, etc. I have worked on both sides, first in IT then as a user engineer. When I was in IT, I helped my users. I would reach out to them, ask them if they needed something before they had to come to me. I made it my job to make their lives more productive - because that *was* my job. If that's all I'd done my whole life then I would right there with some of the people in this thread who are vehemently defending IT as if it can do no wrong.
However, being on the user side I can relate to those who rail against IT as well. My current company has a great department, one I'd be proud to work for myself if it paid more. But in the past, some companies I've worked for can't seem to administratively get out of their own way, from the CEO right down to the help desk staff and "marketeers." The IT staff was aggressively controlling for no reason, constantly wasted money on things we didn't need, and their personnel all banded together under the "WE ARE IT" banner, refusing to compromise. All requests, no matter how small, had to go all the way up the corporate ladder before they came back down again, just because one asshole wouldn't listen to reason.
Like anything else, there are good IT admins and bad IT admins. I understand why some people in this thread would fight for IT against this fact, because the article is unfair flamebait. But realize that not everyone is you. Some people are terrible at their job and some of those people work in IT. I have found Sturgeon's Law applicable to many situations, and judging from most "normal" users' attitudes toward their IT department it is no less relevant here. In the end though, hiring incompetent IT staff is a huge burden to a business, and those that care to select their staff carefully will do better than others. As for InfoWorld, I'm guessing they published this not because they view it as fact but because they're a shitty rag of a magazine trying to appeal to the lowest common denominator of readership to boost their numbers. I am curious as to why timothy allowed this to be posted.
Or maybe he knows EXACTLY what the result will be.
Most networks/systems have "evolved" over time in an "organic" fashion. That is, things were added and then fixes where added to get everything to play together in a minimally acceptable fashion.
Now, if you can convince non-IT people that they're just as knowledgeable about IT issues as the IT people, that means that you can get a LOT of billable hours dealing with the impact of the new changes.
Say that Frank in Accounting "needs" a wireless router attached to the network so his new device (which doesn't support your standard for encryption/authentication) will work ... and it needs access to the Accounting servers ... because Frank "needs" it to work that way. That's a lot of re-design of the network and the servers and so forth.
So from a consultant/contractor point-of-view, this is a GREAT IDEA!!!
Just tell Frank that the IT department is being "bad" by refusing his perfectly rational and reasonable request and that he needs to work around them to maintain his productivity. Or get the IT department marginalized so that contractors can be brought in to do the work that the IT department is incapable of doing.
When the Nimda and Code Red viruses hit, because someone connected unauthorized equipme3nt to the network, it shut down the company for two days each time.
There was a not on the door, asking us not to reconnect to the network until IT verified that PC was virus free.
The timestamp on that note was 4am - they had literally been there all night fixing this.
Mark Edwards
If IT's job is to protect the network, can't IT make the privileges finer grained to protect the network without interfering with legitimate R&D? You could allow unapproved computing devices to write to storage that is scanned on write with the device owner's credentials and mount unapproved storage devices (e.g. USB connected phones or CD-ROM media) with scan on read. E-mail servers, for example, should scan any attachments that the user sends (SMTP) or appends (IMAP). Scan any file written to the NAS.
And if you're worried about trade secrets or PII being copied in the other direction, that could happen with mere paper and pencil.
And I'm not talking about Hanes.
If you are dealing with the feds, the meeting the requirements of the Sarbanes-Oxley act is a fact of life. Failing to deal with the requirements can essentially mean the death penalty for the company because the feds won't do business with you if you are out of compliance.
The Act essential deals with setting up security and policies that prevent someone from being able to game the system. A Buyer can create a PO, but cannot perform A/P functions do pay the PO and cannot receive the product. Just a simple example.
But in my company, many, many people got their panties in a twist when we started taking away their ability to do things and requiring them to abide by policies and procedures. It can be a big culture shock to small to mid size companies that grow into a larger markets with the Feds.
One of the biggest headaches was enforcing the use of standard cell phones and disallowing the storage of data in the phones. Anything that comes onto premises, had any kind of connectivity with the network and then left the premises is now tightly controlled and locked down. All the laptops have encrypted hard drives and even USB drives are automatically encrypted when they are connected if they are not already. If you have dealt with sales people, you know they don't like that one bit. Shit, I can't even install and use iTunes or any other mp3 players.
So to the feds, this is a Big Deal and people can and have lost their jobs for trying to game the system because otherwise, the whole company could be dead, figuratively speaking.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Please explain who else should make the rules.
Management should make rules in broad strokes, leaving the details to IT departments, much as the U.S. Congress makes rules in broad strokes, leaving the details to administrative departments. But management's rules should also incorporate a means for appeal of counterproductive patterns of decisions on IT's part, and the article describes such an informal means for use when no formal means is available.
May I in return make the rules how a surgeon has to operate?
Yes you may, at a polling place. I'd explain further, but a flamefest over nationalized health care is off-topic.
The same "we could be more efficient" could be said of many accounting policies. Gee wouldn't it be faster if the person who issued the PO could approve the receiving document and authorize payments?
Why do we really need to have competitive bids, I'm sure my brother-in-law will give a good price.
We don't need risk management to authorize credit for this customer--I'm sure they're good for it.
We can value these incredibly complex securities at a $1 billion.
Yes, lots of IT rules and requirements are PIAs, but in many cases they are global optimization versus local maxima.
There's always a way to get the data out. If you work with people most of them will work with you most of the time. If you set yourself up as an impediment, people will humour you with lies and work around you.
You may occasionally catch one, but most will keep it out of your sight.
I guess someone just denied him using his new toy on their work network so he got all huffy and puffy and wrote an article about what. What a child! Here's what I seriously just posted as a comment back on that site:
Clearly, you have no idea what you're talking about and are just mad that someone didn't let you use your new little toy. It's standard IT law that nobody can just bring in whatever they feel like and it's IT's responsibility to throw it on the network with no research, testing, or thinking about the consequences.
No, you're not putting an internet capable mini-fridge in your cubicle on the network after bringing it in without warning or asking ahead of time and yes, I'm going to call it a toy. And who knows if your fancy new android phone contains viruses because you thought it was a great idea to download anything with the word "free" in it from some rogue third party app store. And I'm not throwing your new tablet on the network just because you promise it's malware-free and not going to use immense amounts of data.
Seriously, what planet are you on right now? Because back on Earth, IT departments don't just throw things into their enterprise systems because some employee asks them to. Why would you even recommend they all do that?!
My understanding is that Iran got the bad news from a personal flash drive.
I used to work for an organization that took securit very seriously because just one quick glance at our upcoming product would have enabled our competition to getbthe jump on us. even so the it people were constantly battling malware brought in on personal flash drives.
the solution another client used was to lock all the pcs in cabinets physically disconnected from the Internet. because I worked remotely I had to transfer a file to the clients network. I had to get someone who was trusted with the cabinet key to do that for me.
everyone had a second computer for web browsing and personal email. our work machines used Ethernet KVM extenders.
Request your free CD of my piano music.
Some states have programs to give personal financial reweards to state employees who save the state money.
if that doesn't work go to the press.
Request your free CD of my piano music.
I can never figure out why some of my co-workers want to use their personal devices for work anyway. My personal phone is just that, personal. I can wish my employer would get rid of the Blackberrys and Windows XP, but until that happens, I'm not going to loose any sleep over it. When I travel on business, I carry 2 laptops, mine and theirs (and increasingly a tablet and the company laptop). That way I don't have to worry about any auditing that might reveal something I don't want my employer to know, even if it's just my bank balance stored in the browser cache.
I don't want to put my personal equipment on the corporate network either. While it would be handy to get on the WiFi AP at the office, it just doesn't matter enough for me to have anything I look at on my phone subject to review by the IT department. Besides, I'm at work.
"Well, good luck finding a judge that doesn't run a bestiality site."
that I would hand over to her my most valuable domain name to her in rerun for her packing up my stuff.
She wanted my domain because she gets the ad revenue from just one very popular article there, and had the idea that I had changed the password to prevent her from maintaining the article.
I did nothing of the sort. I told her I would be happy to remind her of the password that she and I agreed upon so it would be easy for both of us to remember.
but I was not willing to send it to her in cleartext email because of The Russian Mob. I suggested she call me instead. that phone call would last less than thirty seconds.
She refuses to call or to figure out how to use encryption. instead she is spreading lies about me.
I guess that makes me a High Priest of IT.
Request your free CD of my piano music.
"The technology that has been here for a long time and should have been thoroughly tested has security holes they didn't know before. Let's bring in this new and untested technology, because I don't know about any security holes in it"
Sounds good.
Wow. That really takes pretending to be ignorant so as to twist words to win an argument to a new low. If you can't work out that "my company" usually means "the company I work for" then you have a very low reading age and could not have possibly written the words above.
Why do you think this is so important that you will be so dishonest as to pretend to be so ignorant of very simple English usage just to make a silly point in an argument with a stranger?
Then to go furthur and built a strawman, soak it in fuel and set it on fire on such a fake misunderstanding? What is your real problem here?
i thought this article was about priesthood and religion (Christianity, Catholicism and Eastern Orthodoxy) in the information technology field. i didn't know that priests in IT can be 'enemies' that are easy to identify.
I work at a law firm.
A group of users in our remote LA office did not want to use our existing centralized web based system of electronic discovery for their case work. There were many arguments. Speed, ease of use, their familiarity with a different product etc. IT was given some basic requirement for data storage and bandwidth that they needed. We setup an entirely different system for them locally in the LA office. This required about 100K of equipment, additional rack space, and a network engineer to fly there and get everything going. The company of one of the products refused to certify our design because we wanted to use some virtual servers so two physical servers had to be used as well. Eventually the data was growing several TB a month which was about 20X the estimate we were given. We rapidly outgrew our lower end HP SAN was put in place (which based on their estimates should have been adequate for at least 5 years) and way outgrew our centralized disk based backup system that goes over the WAN. Two reasons for that, one is the amount of data and two was the DB method used by the vendor appears to the backup system as a complete change of the data, not block level so dialy incremental backups were 10x bigger than they should have been. Eventually people from other offices got involved with the same case and they had to use that system remotely and from home. We were able to get the client installed on Citrix for them. That actually held up our timeline for getting rid of Citrix and we had to renew for an additional year. This system was not part of our DR plan either. If the LA office fell over one night, we would have nothing but the raw backed up data offsite and no quick way or specific plan to get a comparable system back online (no one wanted to pay for that). Being that the system was not WAN friendly either, other services in the LA office started to suffer and we eventually had to increase our WAN pipe. About 2 years into this, the original group of users that pushed so hard for this system so they could be "productive" left out company and went to work for their client directly. We were left with a bunch of equipment that was kind of still in use and no easy way to migrate the data into our firm standard electronic discovery platform.
Long story short. I don't actually know how much more productive that team was by using this different system we put into place for them, maybe it was more than enough to pay for the equipment and everything required to make it happen. Maybe it wasn't. I do know it was a major PITA getting money from anyone to actually support the entire process. They were hung up on the original costs but did not want to take into account the additional bandwidth, SAN disks and expansion, backup system space etc..
My opinion... When user wants something IT related to happen, they rarely know what backend IT involvement is required to actually make their dream come true. What may seem like something that may cost $500 and take a few hours to implement could actually take $60K and months to get going correctly and it may never actually be "correct" (lack of DR, accounting, recovery, security, remote capability, backups etc). Not many organizations have the true ability to measure the users desire for one offs and assumed costs it should take to the ACTUAL costs and time it really takes. Like I stated earlier, did the efficiency and savings the group thought they would get from this different system really more efficient and a cost saving for the company as a whole? No one will ever know.
Wait till your Owner/CEO/CIO gets a cease and desist notification from $MegaCorp just because one of the whiz bang employees left major holes in their home network. It happened to the company where I work, and fortunately I am not the engineer responsible for the network. We had a policy that allowed for the very "openess" you want. The network and systems engineers had warned the owners but they were "put in their place" because they were "preventing" money making employees from doing their job. In our case on a Friday evening one of the owners received a call at home from a BIG legal firm representing $MegaCorp informing him that he must immediatly cease distributing their copyrighted IP or face $MM in legal costs and loss of our "good name". Panic ensued and the network and systems engineers spent the weekend finding out what had happened, plugging the holes, and the following Monday trying to not say "I told you so". The moral of the story: We plugged the holes, re-wrote all security and systems policies. The "openess" is now gone, replaced with tightly controlled environment. Sales are up, profits are up, and no more threats from $MegaCorp. The offending person, well he had egg on his face and is now happily compliant with corporate policies and providing excellent service to his clients.
PROTIP: When answering to yourself, ensure that you're logged in as your alt or have "Post Anonymously" checked.
I own the company, so they either do as I say, or I fire them.
I conversation I regularly have when someone brings their laptop into the office:
User: Why can't I access everything on my personal laptop like I can with my work laptop?
Me: Your laptop isn't a member of the domain, would you like it joined to the domain?
User: Will that do anything to my laptop?
Me: You'll get a new profile but I'll copy your old one over, there will be some small differences. And if you ever leave you might not want your laptop to be a member of this domain anymore, so remember to copy your profile back and remove the domain. Also as an administrator I will have full access to everything on your laptop.
User: It's ok, I don't need it joined to the domain.
Me: Have a nice day.
We recently had to setup security for those that wanted to use smart phones for email clients. We send lots of email regarding clients and recently became aware of state statutes where we would have to notify every person if someone lost their smart phone with 2 or more pieces of personal information in an email about a person. In an effort to allow the smart phones, but reduce risk we decided to use a policy management system that would give us access to wipe the phone if it was lost. Management did not want the risk of being finned for lost data, or the media debacle it would bring (remembering the VA debacle over lost laptops), but people wanted to use their smart phones. So we had to meet in the middle, people could still use the smart phones, but we still maintained control over the data. We have not fully opened up for remote work yet via laptops etc... as I cannot get approval to spend the money on the software to help with that, until then I am stuck between management wanting no risk and users wanting remote access. A rock and a hard place.
Kosh: "Understanding is a 3 edged sword, your side, their side, the Truth."
Fearful underlings are, but far less often than most users believe. Many user requests for using their own devices are simply due to the users not understanding the problem. Example: Many industries have record-keeping requirements and data-retention requirements. When users store and process data on their own devices, these could be violated. Many industries also have data-security requirements. Except for users that are expert system administrators on their own devices, again, allowing users to process data on devices they administrate themselves is not a good idea and may even be illegal. That said, with a competent IT department, a user that is also a system administration/security expert will get added privileges. But these are the rare exception.
Most users have no idea what the risks are and allowing them to do their own risk management is not acceptable. Case in point: I am a security expert, but I doubt I could really make a current Android/iOS/Win Phone device secure. There is not enough access, not enough stability and not enough experience with these devices. Surprises may happen at any time and are a lot more likely than, say, on a stable Linux distro. Hence I would not even ask to be allowed to put sensitive data on such a device. And anybody that does is very, very likely does not understand the problem.
So, no, typically the problem is on the user side. IT departments could be more understanding and more clear about their policies, but that is also a staffing, budget and management problem. If IT always has to roll out the big guns to enforce a policy, it is not a surprise that they will get defensive.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Maybe you have never worked with stupid requirements that Feds enforce but I have. This stuff is life or death to company. People can and will get fired instantly for breaking it. So like others have said, it's not that we want to impede the user, we have no choice.
I knew from the moment I read the words "my corporate network", there'd be a reply like yours.
Yet within his phrasing is the response to your post.
He didn't say "my" network. He said "my corporate network". Therein lies all the difference: it's the corporation's network. It's corporate (i.e., for the purpose of achieving corporate objectives). Also, he's responsible for it, hence the "my".
The network is not a happy commune, from each from his ability, to each according to his need, lol. Refer to the excellent post above which spells it out in black and white. The purpose of the network is to achieve corporate objectives (laid down by the corporation), not do watcha wanna do.
IT is not only information technology, a Toys R Us of gizmos for people who think they're still in high school or a college fraternity. It's also information security. As laid out in the post I linked, IT/infosec is responsible for enforcing corporation information policies.
As for CEOs: CIOs should man up. I could be mistaken but I think most CxOs are chosen with the consent of the board, so the CIO shouldn't be solely beholden to the CEO. The CIO should tell the CEO that allowing random devices violates corporate information objectives, and exposes the company and the CEO to liability, especially since the CEO has such far-ranging access.
I'm not a lawyer, but I play one on the Internet. Blog
At least IT nitwits know how use socketpuppets properly. What are you, a developer or MBA twit?
OK, I'll admit that when somebody says "my" X, there's an element of ownership being implied.
But most people understand that that just means "the company's X, which I'm responsible for".
Hence, stuff like "no pointing guns other that at the target on my range".
"no defacing of books in my library"
"if you want something from my maintenance dept., you'll have to check it out"
Most people understand the "my" just means "there's somebody actually responsible for this X, and it's not going to be a tragedy of the commons situation".
Perhaps he should have stripped all qualifying adjectives from the phrase: <del>my corporate </del> network. Then you get into a "network, which network situation":
Bush Rice China Hu Who Koffi Annan - YouTube
I'm not a lawyer, but I play one on the Internet. Blog
I work in a small (~25 employees) R&D office, located nearly 1000 miles from corporate HQ. We have no full-time IT staff, but do have a couple of people with significant IT admin experience (though their current job descriptions don't explicitly place them in that area). We provide our own tech support, and clean up our own messes. In return, corporate generally leaves us alone. Everybody wins -- we can set things up in a way that is sensible for an R&D facility, and they don't need to fly somebody out every time something breaks.
A worse threat than the "high priests of IT" are the middle managers who polarize the workplace, teaching people to scheme to overcome management or other departments in order to stake out their own special "turf", often to the detriment of everyone. It occurs in physical space management, office furniture, catering, and contracting companies. In a recent environment I saw, there were _five different_ ticketing systems, only one of which included inventory management, and that department wasn't used by the shipping department because their staff had not been taught, and thus had rejected, the system with inventory management. So they wasted the time of their most important staff filling out and passing around Excel spreadsheets with no tracking of who added, or changed the inventory, of the equipment.
Wi-fi access was worse. There was a written policy banning wi-fi devices without encryption, and a security policy that relied on external firewalls and low internal security. Much of their internal software relied on this to operate. But a casual scan for wi-fi devices revealed unauthorized access points without passwords, inside the company firewall, at _numerous_ locations. The IT staff was actually _blocked_ by the VP in charge of security and told they'd be fired if they did "unauthorized" scans, because it set off alerts in the VP's very expensive and mostly unused "security management toolkit". That security VP was _not_ IT staff: they were an MBA who dressed well and did beautiful pretty flow charts and slides slides, but didn't understand the field.
This idiot is obviously some troll with an axe to grind because IT wouldn't let him have his way. If someone puts a personal device on a network that I am responsible for the security on and doesn't talk to me first, I will see to it that they are severely reprimanded. The second time they do it without permission I'll see to it that they are severely unemployed. And there will be no exceptions or excuses. So long as you work with me and add your device in a secure manor, I'll help you do it and support you. But on networks I am responsible for, its my way or no way. Again, no exceptions. And I make sure all company powers that be are aware of my feelings on that before I accept any client, and if they have issues with that policy they do not become a client because I am then unwilling to accept the responsibility for their security.
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
A process for regulating the discharge from a capacitor.
The formula for a doping compound that increases the efficiency of solar cell to 80%
A list of your customers and their feed back on your service or their future purchasing plans.
A spreadsheet of assay results from two years of mineral sampling.
All kinds of companies have I.T. departments and not all valuable information is source code.
When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
Our worst problem IT people usually get an urgent call to the high power laser lab after which they are never seen again.
The rest we just frame for various national secutity violations, the severity proportional to their dickitude.
We have a couple openings, BTW.
"The IT dept's worst nightmare are employees who *think* they know better."
Yes, but then you have the reverse situation. Those of us who really do know better, and have technical jobs that need doing - fighting with the IT department's inflexible rules is one battle we just don't need. Yes, IT, I really do need another virtual server. Yes, I really do need to know if/when/how the IT-dept backs the thing up. If IT can't/won't answer the questions, that's an interesting and unique message all its own.
My personal, and most recent favorite: yes, I really need another network cable in my office. Oh, the local switch is full, well, how terrible, now: how are you going to solve that? You aren't going to solve it? I know I'm not allowed to hang a personal switch on the cable, but we're just going to agree that you won't see it, aren't we? Grrr...
Enjoy life! This is not a dress rehearsal.
And if they get caught they will be fired...if they are lucky. Working around IT policies put in place to comply with government regulation for any reason looks suspicious. If the feds notice the results can be much, much worse. When I see violations to SOX or corporate policy I make it a point to inform the person violating the policy and their supervisor. I also send an email to my supervisor with the details of my observations and subsequent actions so there is a record that I did not turn a blind eye to the infraction. How it is handled from there is up to the person violating the policy and their superiors. I can't speak for other IT "dictators" but the way I look at it is if you get this office shut down it affects my job too @ss hole. As it happens I can see the old Enron building (now owned by Chevron) from my office. A constant reminder of just why SOX exists in the first place.
"A person is smart. People are dumb, panicky dangerous animals and you know it." - K
Who are your readers nowadays?
Instead, we prefer to be controlled by our corporate overlords. Be it Apple, Adobe, Facebook, Microsoft, Twitter, our telco or our cable provider.
Sheesh.
Park an unsecured wireless router in a drawer and turn it on. Don't plug it into the network of course.
The issue of these policies is to rule out technical failures/incompetence.
If the employees lie their way around IT policies and get caught, then the company can protect themselves because the employee acted with bad faith.
You can't prevent data theft/loss 100% of times. But you can ensure that does not happen by mistake.
Why can't
When I see violations to SOX or corporate policy I make it a point to inform the person violating the policy and their supervisor. I also send an email to my supervisor with the details of my observations and subsequent actions so there is a record that I did not turn a blind eye to the infraction.
How it is handled from there is up to the person violating the policy and their superiors.
Wow, I'm honestly surprised they haven't let you go already for making waves, but I suppose since it sounds like it doesn't happen that often at the company you're employed at, it's probably taking them longer to build a solid documentation case against you.
I can't speak for other IT "dictators" but the way I look at it is if you get this office shut down it affects my job too @ss hole. As it happens I can see the old Enron building (now owned by Chevron) from my office. A constant reminder of just why SOX exists in the first place.
So just to be sure I understand this correctly, you're arguing that inconveniencing people by placing restrictions that prevent them from getting their work done as efficiently as they could be by facilitating their use of devices and technologies of their choosing is supposed to be a safeguard against fraudulent accounting and business practices which are almost always perpetrated by top management? ;)
I'm honest enough to admit I lie to myself.
Are you seriously trying to tell me that having a unified IT hardware policy is a bad thing which needs to be thwarted? This is so wrong for so many reasons... just so many!
Security concerns; huge, cavernous security concerns
Standardized staff training becomes useless
Potential incompatibility with critical systems. What do you do when you cant do your job because your devices just don't work with everyone else's?
Inconsistent data formatting
Incomplete logging / downright zero logging - this leads to some employees being off the security and accountability radar altogether
Hugely increased costs for solving these problems
Increased tech. support costs to attempt to organize the multitude of problems a standardized and adhered-to policy would provide
I could go on, but any single one of these reasons is enough for you, as an end user in these IT policies, to just do what you are asked to do and get used to it. If you aren't happy using your company provided hardware, or you would rather bring you own phone to work, you do not have the right to attack the people making the policies or the policies themselves. Leave your iPhone in the glove box, leave your iPad back home on the mantle as a shiny digital photo frame and just use your work phone and laptop. Ingrates.
Of course, the real problem is governments continually passing reams of unenforceable and abuse-able laws on corporate governance, freedom of information, copyright etc. in a naive attempt to fix whatever scandal they read about in the Sunday papers. For good IT managers these are a major headache and liability. For bad IT managers they provide a wildcard excuse for restrictions, power-grabs and empire building. The only people they don't affect are the actual crooks, who weren't planning on obeying the law anyway.
In a survey of 100 programmers, 111111 thought that duck-typing was a good idea.
"So just to be sure I understand this correctly, ... almost always perpetrated by top management?
;)
No, apparently you do not understand it correctly. The feds placed the restrictions and he's ensuring some dip-shit doesn't get the company shut down and everyone lose their jobs. Nor are these breaches of security "almost always" perpetrated by top management.
Spend money for software for remote work with laptops? You need very little money for this purpose:
1. A VPN, with a public/private keypair per user. Please use an open standard, or it'll be horrible for anything but windows. And then there's no software to buy, you can use free software.
2. full disk encryption that locks automatically after some inactivity, or at least the parts that contain user data. You can get this for free as well.
If anyone steals the laptop, the user data will be useless without the encryption key and you can just no longer accept his key for the VPN. Done!
So at work we have managed switches at the core of our network. Cisco 2900 and 3500 series, so not pieces of crap. They have STP enabled, of course, if for no other reason than there is some redundancy in our network and as such it is needed. The "no screwing up our network" is another reason.
Ok but those are only the switches to the rooms. Withing a room, smaller switches are used for multiple devices. As you might have guessed, these are unmanaged. Maybe not the best idea but it wouldn't be 10x the cost to provide all managed switches, it would be way more since we'd have to run new wire and all that from the closets.
The good news is Cisco switches have an additional trap, which is if they see themselves on CDP they know there is a loop and can shut the port off. The bad news is that isn't perfect.
So one of our research labs has quite a complex internal network setup. Or more appropriately they have a complete clusterfuck. However we aren't allowed to dictate to research labs. They created a loop one day, and the Cisco switch just didn't notice for whatever reason. STP was on, CDP was on and it was looking (maybe because they had a Cisco device in there which was responding) whatever the case the way in which they created the loop was something the switch couldn't see.
Thus the network got brought down by a broadcast storm. Now their port has special storm control setup on it and that has helped (no more than a certain percent of their packets can be broadcast or it shuts the port off for like 5 minutes).
Even when you have higher end gear and work to prevent problems with new devices being placed on the network, shit can happen. There isn't a magic solution.
Another one, that I've seen numerous times, is a rogue DHCP server. Someone plugs in a Linksys router or something that starts handing out DHCP and a bunch of people can't get on the net. Other than having a network that doesn't allow any device until it is registered (doing something like dynamic VLAN assignment based on MAC) I don't know how to prevent that. DHCP doesn't have any kind of security in it. Whichever server responds to a computer first, that's the info it uses.
Congratulations on being trolled by the author/submitter, Slashdot.
The this-is-somehow-a-new-development department.
Religion is what happens when nature strikes and groupthink goes wrong.
I maintain a small network at home to provide internet to my family. I am regularly called a neurotic with a repressive attitude.
Problem: am I really neurotic and repressive?
My mother-in-law lives with us since a few months, far less than a year. Her machine is maintained by her son. Since years I tell him to update his mother's machine more frequently.
So now she lives with us, accesses internet through our intranet. Effectively it's an unrestricted tunnel of all outbound traffic with no tunnel from the outside. Which doesn't matter, as her machine has no open ports to access anyway, as configured by her son.
She wasn't able to use some programs. Theywere out-of-date for over a year. So she tried to update. It didn't work. So it was my fault. Must have been...
It turned out that the update mechanisms of the programs she tried were broken due to too many update steps not taken.
She uses browser-plugings for Java, Flash and the PDF-viewer, unlimited functionality, without any limitation on cookies and Javascript. Her antivirus software is out-of-date since months. She is accessing her bank account with this machine.
But it was my repressive, neurotic attitude that kept her from updating her machine. Sure...
I restrict the use of internet for our 13 year old daughter. She has an internet capable computer in her room. With limited access, which can be lifted temporarily. She chooses to not ask for these lifts but uses the machine of her grand-mother. Completely unattended, as she won't learn about the internet otherwise.
She got the machine on her own with these restrictions, fully discussed and accepted by all who helped buy this machine, both grand-mothers, my brother, my wife and me, not one single limitation on my own.
Actually, the effective restrictions are less, as there are no time restrictions on some internet services and no restrictions on offline usage.
My wife regularly complains about limitations which are due to her limited knowledge on computers. She just isn't affected by this on her mother's machine as she doesn't work on that machine. But she experiences restrictions on one machine and not on the other. So it must be my fault, as I maintain only the one with restrictions.
So it's not a problem of effective limitation but knowing another one knows better on a subject and is able to restrict access.
cb
Bravo bravo, very well put.
I'd like to add a small tidbit.
If a user comes to our department with a request for a certain piece of software that does X, we might deny that request and offer an alternative since we already have a license for software Y or we researched it and found that software Y is easier to use, has fewer problems, etc. This goes for hardware too.
I consider it a point of principle to give the best service possible within the framework of our IT policies.
We do have to say no on a regular basis.
This is the sig that says NI (again)
Until it breaks. Then the IT guy/gal needs to stay late and help fix the problem. Sometimes (and here's where the IT worker hits the alcohol)... get this... they suggested not to do it in the first place. After a couple times of this happening, IT workers get bitter and angry and don't want anything new on the network.
You'd be amazed what "I'd like to use device X on the network. Here's a couple devices for you, paid for by our department. Would it be possible for you to take a look at them for a couple months and let us know what'd be safe?" will get you.
Ack!
In order to create a stable and productive environment, it's necessary to control the network. Every device connected to it becomes a part of that network. If the device is connected to an internal port not controlled by a highly restrictive firewall or gateway, the network becomes exposed and possibly compromised to any malware, exploit, or virus on this device. Any IT manager who is required to provide a secure stable network infrastructure can't do this without policy and procedure. Of course, some managers out of laziness or ignorance implement broad sweeping policies from templates because they see 'High Security in the label' and probably don't get that more security=less accessibility. You may not get, and are probably not responsible for maintaining a secure stable network. If a virus infects the network it probably isn't your problem. If you take a balanced approach to the issue, you may agree in the final analysis that the people responsible for the network have a good reason for denying unfettered, uncontrolled access to the infrastructure that many organizations can't make money without. It would be like giving you a set of keys and alarm codes to the building and saying, "Hey make a copy for your friends if ya wanna." This analogy, of course, hangs on the sensitivity of the data, and the importance of IT in your organization.
are almost always perpetrated by top management? ;)
Your assumption is pretty off base. I think if you dug into it you would find that most accounting practices that causes problems aren't intentional and certainly aren't caused by upper management. As a company grows larger and consequently more complex, things will pop up in the books that would get the Feds to sock you even if it wasn't malicious.
My company, which primarily does manufacturing, had a situation recently made aware to me. We do perform internal fabrication for some of our final product so you have Parts + Labor going into that fab job. As an example we would be sending in $100 worth of labor and $1000 worth of parts and ending up with a final product worth $1250 instead of $1100. Chances are that everyone involved in the fabrication process weren't properly trained on how to move the material through our system and luckily we aren't required to follow SOX but that is a prime example of the kind of innocent crap that is going to get you screwed over. The malicious stuff, surprisingly, is less likely to be caught because the perpetrators of it are going to try to cover their asses on it. The innocent stuff is innocent so it's more likely to be left in the open.
"Lack of speed can be overcome. In the worst case by patience." --Znork
There is a game I like to play in my office. What D-bag employee can I outlast now. After ready the article I think he would be at the top of my list. =)
As in most religions, it's the followers that turn people off to the religion. And Mac users are the worst.
1) The VPN we already have, the biggest price is the extra licenses for the Anti-virus. Most home users that bring in there laptops to me I have setup with free for home use AVs because they don't want to pay for McAfee or Norton, but somehow they still manage to not update them regularly (Like AVG's or Avira's update to a newer version) and end up bringing their laptop back to get the viruses removed and a newer version of the Anti-Virus installed. 2) None of the laptop users will allow me to install full disk encryption. They say having to use a password on their home computer is a pain, and I can't seem to get it through to them why it should be used.
Kosh: "Understanding is a 3 edged sword, your side, their side, the Truth."
He lasted about a week before we replaced him with a guy who realized his job was to make OUR jobs easier. He's quite good at it, too - he actually does make our jobs easier, which makes everyone more productive. If he was going to tell us, "Sorry, you can't use X or Y", he'd be out of here in a week too.
Sounds like you are the dictator, and worse as a Slashdot reader, obviously one who "thinks" they know IT. If you knew IT, you'd be IT. You're a luser, you'll always BE a luser. You're big man (or think you are) at your job. Pray you never have to change jobs where an established IT doesn't put up with that mess.
My job is NOT to make YOUR job easier. If you want "easier" call your boss, your boyfriend, or your therapist.
My job is security, compliance, and uptime. And if you deliberately fuck with any of that, and you will be the one shit canned around here, son.
I8-D
There's always a way to get the data out.
Yes. So?
Surely you aren't making the rather childish argument that we should abandon all attempts to secure sensitive information just because it's impossible to do so completely. Right?
"How to act like a total tool and make everyone in IT's job harder"
Sounds like a sales/marketing droid wrote this bilge.
--
.nosig
My last big company IT job had 3 major departments, all of whom had their own IT ideas, and at least one with their own IT person who did some purchasing and install and config of PCs.
There was a lot of time where dealing with resource competition and fighting the departments over standards was such a distraction, I told my boss we should just not bother -- cut up the PC budget among departments and let them figure it out on their own.
IT would provide LAN for free, but internet would be metered with costs based on bandwidth required to provide at least 25% peak capacity (when we he 25%, we would add more).
Email would be per mailbox with storage charges over 5 GB. File sharing would be per 250 GB consumed. Departments would buy printers and supplies.
Basically, IT would become an internal ISP/cloud provider and nothing else. The user departments would buy the laptops/Macs they "need" and could go batshit on storage usage, since they would be paying for it.
In my consulting days I worked in a lot of places across several industries. The idealized IT department you describe, where its staff care about the underserved needs of the company, does not exist. Anywhere. They are either drones, or good but frustrated technologists enmeshed in a system that really wants drones, not creative thinkers and talented problem solvers. And the good ones are never, repeat, never the ones in charge of the IT department.
CIOs have budget and they spend budget. But what they really get evaluated on is whether the CMO's or CEO's email crashed before The Big Presentation (tm) or whether their laptop got infected with a virus and couldn't stream Netflix in the middle of the afternoon. That's it.
And to be frank, the vast majority of the pro-IT posts I've seen here are those which run Windows networks. In which case, you have instantly failed the productivity test so go ahead, lock down every aspect of that OS--then at least they can't knock you on failure to Gestapo the heck out of the system when it comes time for your annual review.
Or you can do what I do, which is to find old machines gathering dust in a closet somewhere, install linux, do what I need to do to get the job done, and submit the end product to IT for publishing to production via a thumbdrive or email to an inbox, which if we want to be honest is the only file server corporate America really uses.
All the comments about submitting requests and going through channels and evaluating this and evaluating that and proper this and proper that don't fly in the real world of deadline-driven delivery schedules (and what industry isn't like that these days?). It's pure fantasy.
Do what you can, with what you have, where you are.
Wow, I'm honestly surprised they haven't let you go already for making waves, but I suppose since it sounds like it doesn't happen that often at the company you're employed at, it's probably taking them longer to build a solid documentation case against you.
Where I work, I get written up if I do not report a SOX compliance issue that I come across. We have employees whose sole job is to ensure SOX compliance within the company, and it's not seen as "making waves" it's seen as making sure the company is compliant with government legislation that would otherwise shut the company down PDQ.
Ceci n'est pas un sig.
Policy is a good thing. There are always unforeseen circumstances and while your users think IT is being disparaging by not allowing their "toys" it is virtually impossible to communicate to them the unimaginable risk that can be be created by 'just adding an access point so I can use the new iPad to surf the net' while they're at work. The fact is that while a lot of the mobile devices, or what-have-you, are capable of increasing productivity, all they really do is increase the cost of support for the company and allow the user a way to screw off a work without the boss knowing their doing it...but then I sell more firewalls this way...
Funny how nobody mentioned that guy ;) http://search.dilbert.com/comic/Mordac%20The%20Preventer
Du kan glomma dina ensama stunder, du kan lita paa teknikens under - Wilmer X
It was completely extremely vague and was probably punched out in 30 minutes to get page views. It didn't give any detailed examples. It gave some vague example of some random company somewhere advertising that they can block people from copying emails. There are a lot of trash articles generated on the internet that get attention. The guy could have atleast spent a little time to do some googling for some details and sited those.
First off it depends what IT department locks down, who they lock down, and how secure the data is they are locking down. IT people do not want to see TV reports of how customer got data got stolen from their company because someone was lazy and stupid. In the end, they would be blamed, because they allowed the lazy and stupid to make these mistakes.
1. It is perfectly common to restrict network access to company equipment. This is to make sure that viruses stay off the network. All you need is one person who did not run a virus checker and your network could be compromised.
2. Companies with sensitive data usually have encrypted hard drives. If your hard drive is not encrypted, then all you have to do is pop it out and run it as a secondary drive to get access. This is another reason why you need to use company equipment for anything sensitive. All it takes is one person to do this.
3. As far as touting a feature to block copying emails. The US government has had a vast amount of documents stolen by someone simply copying data to a CD and giving it to wiki leaks. Amazon, paypal, Barnes and Noble, etc... have my credit card number on file. I want this data restricted.
4. As far as the random company touting a feature where you can block copying of emails. That is standard in classified government environments. It is also common in places that have sensitive information about customers such as Financial companies, banks, etc... There are plenty of shops where this is valid. People often send passwords through email (even though this is against the rules in many sensitive environments). The company can have sensitive IP that gets passed around. Apple does not want details about its future products getting early.
5. There is typically a line drawn between a technical employee and a non-technical employee. I think techies should be able to install whatever tools they want on their laptops. They cannot remove some software (such as the virus checker or even turn it off even if they like their virus checker better). Typically, if a techie screws up his computer, the IT policy is is 'figure it out yourself' or 'we will re-image your machine and you will lose everything. We will do it when we get around to it'.
Non-technical people who don't know as much are usually restricted. To be fair, I have seen techies totally mess up their computers and expect IT people to spend vast amounts of time helping them. They really do HATE this. Most places they are not responsible for these kinds of things, but every place has its own corporate culture.
I have worked one place where you could not install anything. Every piece of software had to be reviewed and approved. I had no access. This was utterly and completely annoying. All you get from IT is, I don't want to have to support all of your tools. The policy should be 'if you break it, you fix it, go away'. Even though some techies cry and complain about how they want help RIGHT NOW because they have a deadline. I don't work in an IT department, but I have talked to IT people about this and it really pisses them off. Typically they go to their manager who goes up 3 levels in the chain, he goes over to another VP over the IT department. Then they get an email CCd to 30 people demanding support right now. The IT person has to help just to stop the complaining. Since in these types of environments, people who complain are deemed to be correct.
The Feds don't actually seem to prosecute anyone for SOX violations. It was supposed to usher in a new era of accountability with fines and jail time for corporate criminals. Instead it's just given IT more rules, more responsibilities, and less autonomy. It's shifted the burden of responsibility onto IT systems, instead of ethical failures being the responsibility of executives they have become "technical". Blame the software, blame the IT staff, it's all their fault now.
Imagine if management can click over to a security-cam-style split-screen view of 16 telecommuting employees' desktop screens. Would that help give management a piece of peace of mind?
If those attempts actually make the data less secure then yes, of course we should.
If you make your security arrangements hostile to the users, you'll make the users hostile to the security arrangements and they'll undermine them.
It is very clear that you don't work for a corporation or have any enterprise experience.
GMGruman needs to go back to work at the electronics counter at Wal-mart and leave the IT advice to actual IT professionals.
Here's an idea: I thwart your use of esoteric shit (esoteric, defined as "not controlled by me and my team" in this case) for the following reasons:
* I have limited time and limited resources. Supporting your so-called smartphone, tablet, or other personal device costs me time, which in time costs me money. This isn't time I'd otherwise dedicate to your office-supplied machine; it's time spent above and beyond that, because it's different and requires manual settings.
* IT Professionals don't just use random shit, typically. We select our gadgets and tools on technical merit not how cool it is. That means we're rolling out laptops with a standard image which we have QA'd to some degree and know how they will perform. We do this so we don't have to deal with things like, for instance, Apple products which can't retain a wireless connection to save their lives or be managed centrally.
* Your crap introduces security problems above and beyond what is possible to regulate, short of running Snort on every switch port. In the past month, I have seen Android phones, Apple laptops, and Windows 7 systems which are "fully up to date" etc. running on 'secure' networks - and having malware of one form or another on them. In one such case it was a VIP's personal laptop, and the malware was both very intrusive and undiscovered by any of half a dozen antivirus/malware tools used to remove it. (I still need to isolate that forensically and submit it to 'the authorities' for inclusion... yet something else I'd not have "had" to do if it wasn't allowed).
* It usually goes like this: User wants to use Shitware Uberspunk to perform $office_task. They get manager approval, and everything goes fine. Then one of your (thoroughly planned) server/application/etc. rollouts breaks their very important program (or vice versa), and they're no longer able to "get work done". They bitch up the chain of command, and since stink flows towards IT when people don't want to deal with it, you ultimately need to find a workaround for their stupidity, even if the expectation was "no IT support" from the start. (Quickbooks crashing due to using Google Talk within IE is a good example of this, but there are a myriad others.) FWIW, shit 'cloud' services fit this mold pretty well, too.
I can understand that people want to have their cake and eat it too, but that's been the desire since forever. Cloud computing, mobile devices, etc. don't change this desire any, or make it any more obtainable: things still break; things are still incompatible; users still do stupid shit. The closest you're going to get is with a virtualized environment and remote desktops of some sort, allowing people to connect to them from a portal or mobile applications. We still can't do the modern equivalent of supporting Bonzai Buddy - on the contrary, we're more overworked now than IT has ever been before, and extra burdens often mean having to pick between "patch important systems for security" or "replacing aging hardware".
People who write shit like this (and think like this) should just stick to tort laywering and politics.
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
I see people come in to the office all the time wanting to get their toys on the network. I tell them "come back with something that doesn't' have a picture of a piece of fruit on it".
Did his IT professional tell him that he could not attach his root kitted iphone to the network? Did he get told that they lack the infrastructure to make an Xbox HPC cluster?
Sorry, I work in a very large environment that has had 3 years of shitbag cowboys doing what they want and what someone says to do and not thinking of how to have a functional and supportable environment. I'm not an IT priest, but I know what best practices are and build systems to those standards. Ever try to support 600 servers running 7 different distro's of Linux at what ever release level was available at the time? Mix in 4 versions of Solaris and of course 0 documentation on anything.
Want toys? Great, you support them on your own and not on my network!
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
Your assumption is pretty off base. I think if you dug into it you would find that most accounting practices that causes problems aren't intentional and certainly aren't caused by upper management. As a company grows larger and consequently more complex, things will pop up in the books that would get the Feds to sock you even if it wasn't malicious.
Nice straw man you built there, but I was actually responding to the ENRON reference in the original post by ArhcAngel by making the point that a good IT staff ensures compliance but ideally not at the expense of the major efficiency losses incurred by saddling the employees with technology that inhibits their ability to do their job.
To be clear, as somebody who has done consulting for various IT compliance regulation auditing preparations in the past, I completely understand that companies have to do it, despite the idiocy of the fact that if you try to reprimand a corporate officer that way, you're pretty much guaranteed to get canned so it really doesn't do anything except give the federal government a reason to come down on you for the stupid little things you mention while most of the time the higher level management who facilitate the major FRAUDLENT activities are guaranteed to be able to keep going until a news report comes out, the stock price tanks and the feds show up. :P
All that aside, however, what I have absolutely no patience/sympathy for are the admins who try to blame SOX and other compliance standards for not doing their primary job effectively, which is ensuring that they provide and implement the best technical solutions to meet as many of the individual needs of their fellow employees as they can as efficiently as possible.
I'm honest enough to admit I lie to myself.
Where I work, I get written up if I do not report a SOX compliance issue that I come across. We have employees whose sole job is to ensure SOX compliance within the company, and it's not seen as "making waves" it's seen as making sure the company is compliant with government legislation that would otherwise shut the company down PDQ.
Only if the people you're reporting aren't corporate officers, a.k.a. the people who facilitate/actually perpetrate most major FRAUDULENT activities. :P
I'm honest enough to admit I lie to myself.
You want your "device" on the companies network? Sure, either:
A. Sign this document that says you and you alone accept all responsibility for any problems related to the network and that you will receive no help from IT in getting your "device" to work.
B. Convince management to pay to send me on the training course required to correctly provide IT support and administer the "device" and amend IT policy appropriately.
I just loved this bit.
"After all, the chances the IT person knows how to do your job and what tool works best for you is close to nil. He or she has no basis for disparaging your tools in that way."
That statement works both ways you know, let me demonstrate:
"After all, the chances that someone without an IT background knows how to do your IT job is close to nil. He or she has no basis for attempting to undermine the companies IT policies by insisting that an untested and unsupported personal device be allowed access the company network."
Still, I suspect that the article was written to generate hits. I mean, nobody could write for an IT web site and be that stupid, can they?
The real problem is that users are morons and admins are bureaucrats of the worst kind.
None understand the other, so will likely impose their own will.
Users need to realize that their ipads (and any such walled garden device) are a source of grief in a workplace, even if you choose to ignore personal security.
Admins need to realize the whole concept of a locked down network is outdated and flawed. Same goes for antivirus. You can't keep the whole universe safe, but you can protect the things you care about. And those intelligent switches you cherish are also the main attack vector for intrusion, avoid if you can.
People with very little computer knowledge are the ones that should be locked down entirely, IMO to the point where they can't store any files at all, much less execute them, and don't have access to secrets. But labs, technical depts. etc. should be given free hands to shape their parts of a network. And no. companies do not need any all-pervasive policies unless you're a bureaucrat.
Personal anecdotal evidence suggests otherwise. In 10 years at a corporate headquarters of one of the largest corporations in the world ... only one instance of fraud was found, and that by a low level manager.
Ceci n'est pas un sig.
Hmm, well, there's a lot of trolling here for sure, but further down in the article he does make this point:
Here's an easy test: Is the standard proposed by IT higher for what you want than for what IT provisions? Take mobile -- if encryption or app revocation is required on smartphones, it should also be required on laptops that hold much more sensitive information. An honest requirement should be enforced equitably.
I'm not an IT guy, so I have no response to this. But his argument makes sense to me....
Uhhh, why? Are you responsible for the budget? What does it matter to you what software they use? Just because you think your choice is superior, based on your "objective evaluation" doesn't mean it is. I can argue that everybody should use the GIMP, but the graphic artists are going to want Photoshop. It's not my place to tell them they can't use Photoshop if that is what they prefer. Nothing wrong with making your recommendation, but at the end of the day it's just that, a recommendation.
Personal anecdotal evidence suggests otherwise. In 10 years at a corporate headquarters of one of the largest corporations in the world ... only one instance of fraud was found, and that by a low level manager.
That's funny, I used to know somebody who had a similar anecdote to yours. He worked with a major accounting firm called Anderson...
Let me offer you a personal anecdote of my own which is that one of the things I've noticed is that out of all my friends and people I've met in various industries over the years, the biggest difference between the people I know who came out of situations like this relatively unscathed (be it from Enron or something as recent as Solyndra) and those that didn't, is that the people who didn't take a hit from it were the sort of people who never really trust the people running the companies they worked at.
I'm honest enough to admit I lie to myself.
If we already have a piece of software that does what the employee wants to do, then we are not buying other licenses, unless the employee can make a very good case that he needs product X.
I am not talking about the mainstream products like this, I am talking about smaller less important programs, like Copernic, etc.
This is the sig that says NI (again)
You obviously don't work in IT. :)
Rule 1. Don't trust the users.
Ceci n'est pas un sig.
You obviously don't work in IT. :)
Rule 1. Don't trust the users.
Oh I don't, but unlike management, I don't feel the need to keep them under continuous surveillance. ;)
I'm honest enough to admit I lie to myself.
U: "I need iTunes on my work PC"
IT: "Why would you even *want* to do this. Bring in your iPod."
U: "Full disk encryption is a pain in the ass, what with the second password. Please turn it off on my laptop."
IT: "You carry vast amounts of sensitive employee data on your laptop. And there's no second password. It's just the screen you enter your single password looks different."
U: "So?"
IT: "You've lost your laptop twice in the last 3 years. You leave it in your back seat. Even though we've told you not to."
U: "So?"
U: "I don't like X (the very expensive, very capable software package the whole rest of the team agreed to use, and be trained on at additional great cost). I used Y at my last job and I want to use that. I want you buy it. And I'll probably need some additional training."
IT: Checking records, user missed most of the training on X.
U: "I want to use KTBICS (known to be insecure cloud service) to share files amongst my team"
IT: "You're a finance group. Handling SOX related data. And we already have a corporate approved, secure service that does exactly the same thing."
U: "Well, we're already using the non-commercial free version of KTBICS to share the same data, so we don't see what the problem is."
U: "I want you to install IIS, SQLserver and .NET on my desktop PC for testing."
IT: "We've built a sophisticated, secure dev/test environment to do exactly this."
U: "I forgot about that. But since I have to deliver this week I won't have time to finish the project if I have to learn how to use the approved platform. So just install everything on my machine. And I'll need the Internet to have access."
IT: (check records...user blew off training on the dev platform, which would have allowed them to spin up everything they needed in about 5 minutes).
IT: "Ummm....When is your due date, and what IP addresses need access?"
U: "It's due this Friday. I don't know what IP addresses need access, so just let everyone in.".
U: "I don't want to use X. X is made by Microsoft, and I have moral objections to using Microsoft products. I want to use open source package Y." .NET applications on Windows Server 2008R2 in C# using Visual Studio with a SQLServer backend? Something made clear as far back as the job ad you responded to?"
IT: "If you have a moral objection to using Microsoft, why did you take a job on a team developing