Slashdot Mirror
Sorry, IT: These 5 Technologies Belong To Users
GMGruman writes "The BYOD (bring your own device) phenomenon hasn't been easy on IT, which has seen its control slip. But for these five technologies — mobile devices, cloud computing services, social technology, exploratory analytics, and specialty apps — it has already slipped, and Forrester and others argue IT needs to let go of them. That also means not investing time and money in all the management apps that vendors are happy to sell to IT shops afraid of BYOD — as this post shows, many just won't deliver what IT hopes."
Typical user conceit "This is MY dingly dangly, it lights up and makes my balls feel warm! Oh SHIT, I BROKE the DINGLY! IT FIX IT FIX IT FIX IT."
Rinse, Lather, Repeat.
Ok...I didn't read the article. But the problem with mobile devices, cloud services, etc, isn't IT's lack of control. It's not the stability of the network. It's the security of the data itself. It's a little tricky to safeguard your patent research documents if they're sitting in your iPhone email. Even more difficult if they are up in Dropbox, unencrypted, where "mistakes happen" and other people can gain access to your account by an oops by the service provider or a sharing oops by yourself.
Believe me, I'd really rather not be responsible for managing data access. No matter how dumb people are, it's IT that gets blamed for lack of security.
We simply have created a separate subnet and SSID for BYOD, staff register with upper management and we put their device on this network. It isn't terribly complex but it gets the job done.
Then let them have the security and stability while you're at it.
This is the 3rd post from info world about BYOD in the last few days can we give it a rest.
Speaking as a customer of BigCorp X, where there's a battle between the big, bad meanies of IT and the hip, 20-somethings with their fashionable iWhatever du jour which they can't live without, and the 30, 40, and 50-somethings who are trying to mimic them:
I'd rather your corp have a locked-down corporate environment in which data security is respected and my credit card and other personal information (including purchase history) is safe. Or, as a vendor/partner, the confidential information I had shared with you.
I'll take the risk that some hipster isn't going to come up with an earth-shattering revelation about which color of gradient fill should be used on the company website because he was shackled to his desk instead of breathing free as a bird sprawled out on the office roof with his iPad.
Most breakins occur through the weakest link in security, which is exactly what uncontrolled used of these gadgets represent.
I'm not a lawyer, but I play one on the Internet. Blog
Is to allow users the flexibility to maximize their productivity in ways that they understand...
and to get fired for negligence when those users, who could not be expected to understand the ramifications of all their actions, cause major damage to the corporation.
We just beat this guy up a few days ago and maybe he should have to do a year long stint as a sysadmin for a large corporation full of people taking his current point of view before writing again, or maybe he is being controversial on purpose to drive readership.
That said, he does have some merit in the idea of using your own apps for presentations and such with no requirement on the back end, in this one narrow area I support his thinking as (IMO) it leads away from the standard Microsoft model of Windows + Office and that's a good thing, get weened off the M$ teet.
An example of this was a project I was given at a local college to replace slide projectors with a photo archive + scanning, My solution was a Linux based platform running Gallery 2 photo software, the opposing solution was a $40k Windows package and that was without the support included.
So my solution = hardware cost with no licensing charges or other soft cost and a tidy support package that was affordable, the solution that won was of course the $40k package.
The reasoning? The dean of IT felt that we were teaching people real world skills and that meant using Windows, IT's complaint was "We don't know Linux".
"If any question why we died, Tell them because our fathers lied."
Infoworld is flogging this relentlessly, but I'm not seeing it at my company and friends are not seeing it at their companies. Anecdotal, I know.
They should be prepared to have their device remote-wiped. Or at least the work partition on the device.
And some devices do have negative impact on the network. See previous issues with Apple like:
http://www.macrumors.com/2010/04/17/princeton-university-details-ipad-wireless-networking-issues/
If you let them. If it does not make business sense to allow 'ownership' like this in your environment, then just set policy and be done with it. There is no magic here.
---- Booth was a patriot ----
GMGruman is not a nerd; he is a self proclaimed "Smart User".
His articles are designed to troll IT staff. He comes off like he thinks that users should be empowered to manage their own security, when most of the users I support can't even manage to use Office without messing up a spreadsheet.
In the world of expect change. Many corporate campuses are moving towards a guest only wifi which allows for all the Boyd devices to work. Technologies like UAG from Microsoft allow this to be safe and viable. Corporate systems will continue to evolve and be web based. as for support , companies are saying that BYOD are self supported. that means all everything on them including software.
What's this, the third "article" from Gruman in the last week or two? WTF Slashdot. Seriously.
"The cost of freedom is eternal vigilance." -Thomas Jefferson
He talks a lot about how his 5 things are personal for the user and IT is used to providing uniform solutions, so IT cant help. What he breezes over is that much of what IT does (and is up at night about) isnt really about providing software and services, but data and infrastructure, and that his 5 technologies (well maybe not social media) are all dependent upon IT provided data and infrastructure to be useful. When the unaffiliated device or software tries to connect to the infrastructure or data that IT is responsible for is the interesting problem area here, and he glossed over it without really adding anything new to the conversation.
Another article from GMGruman plugging his own article while expressing his contempt for standard IT practices. His last article posted to reddit, highlighted his fundamental misunderstandings about IT security. This is just another nail in the coffin Even a basic google search shows how utterly idiotic his stances are on corporate tech. Seems as though he jumps on the curtains of the newest trend, then either glorifies or demonizes it without actually comprhending. Example http://www.technologytell.com/gadgets/54796/pc-world-calls-ipad-buyers-idiots/ My condolences to their in house IT who must auto-forward his calls to a queue that noone answers.
My ignorance is a perfect shield against your logic.
That's fine and all. But the network you want to use all those devices on belong to the COMPANY paid for by the COMPANY.
And IT is in charge of it working properly and reliably. Because it's their JOB.
Now... put your little toys away and get the fuck back to work or you're all fired for not doing your JOB.
[...] business collaboration, client management suites, file syncing, infrastructure as a service (IaaS), innovation management and ideation platforms, mobile device management (MDM), platform as a service (PaaS), productivity, public social media, security and identity management, self-service BI, smartphones, social marketing management tools, tablets, videoconferencing, and video platforms.
When the user says, "I want Salesforce instead of Sugar", and their only rationale is that a salesman that specifically targets non-technical folks told them it's prettier, your job is more than handling the SSO component and Office connector. You should explain the more fundamental differences, for everyones sake. Then let the company decide based on a rational set of pros and cons. That's not the same as ruling with an iron fist.
on inside of a big, fortune 1000 corporation.
i deal with personal information every day, and i have received 0 training in my department on privacy.we get training on some govt regulations once a year, but most of the coworkers cheat on it. they also spend a lot of time shopping online and visiting 'funny websites', alot of which are not blocked by the IT staff.
people plug their phones into the computers all the time. its the easiest source of power.
---- i know it all sounds bad.
but think about this, you said you are worried about your credit card number getting out.
how secure are credit cards? do they require a password? no. you just walk in, give someone a number, and you get stuff.
think about THAT system for a minute. just think about it.
imagine creating Paypal, but never having passwords. you just tell someone your email address, and they give you stuff. thats basically the way the credit card system works.
---
think about the HIPPA law. companies that deal with HIPPA actually do take precautions. why? because the HIPPA law says they can get sued for a ton of money.
there is no HIPPA for credit cards or your purchase history. why? financial companies own congress. they literally own congressmen.
life is funny man. life is funny.
If you bring you own device and 'you' can get it to work on the infrastructure provided as is then fine. But when you can't, just sit down and shut up, do some work. I'm fine with that.
Ubiquitous computing and network connectivity is what we all want. But given some of the crap hardware/firmware sitting between you with your shiny and your cloud I could seen and admin going postal before giving a rats ass about what you need now that you have a phone that's smarter than you are.
Keep your devices off it and you can do what ever you want with them. Just dont come to me when they break.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Where do I pay money to stop this Infoworld astroturfing?
My staff has access to servers that talk directly to the back end systems of banks and other financial institutions. Want to log in to the same network with your new spyware ridden Android phone? No, no, a thousand times no. Get over it.
It's like buying go-karts and then expecting to drive them on freeways. There are rules in place for a reason, and it's not to harm your fun. Build your own network and play all you want on your time. I own Metallica t-shirts but I don't waltz into work wearing them and saying "This shirt belongs to ME, HR guy! It helps ME make money for the company, and your dress code doesn't!"
Best idea yet! Blackberry's on the right track, keep the work tools at work and locked down, just like...tools! Buy yourself an 'internet appliance' of your choice to play with on your own time. Keep in mind, when Verizon or nApple encourage a new purchase when they cannot(sic) fix your toy, please do NOT call me. Sme goes for when your ID is stolen or your Fecebook account is hijacked.
I cannot fix blind consumption with no consideration of consequence. Have your cake and eat it, too.
Imagination drew in bold strokes, instantly serving hopes and fears, while knowledge advanced by slow increments...
2) They want to print - they demand to print
3) Find some AirPrint windows driver some guy wrote in his garage and load unknown code into your Windows server
4) Works well until iOS 5 comes out
5) Users update to iOS 5 on their own and they can't print and scream at IT.
That's just one scenario....
1) User gets great idea of hooking up an Apple TV to a presentation display so they can send their iPAD crap output to it
2) Scream bloody murder when someone "unauthorized" sends their screen to the display instead.
Or.....
1) Buy a bunch of iPADs, spend about 15 minutes unboxing them and turning them on.
2) Quickly realize what a hassle it is to manually install apps and settings on all of them and they have better things to do
3) Run to IT to install all the apps instead.
Or....
1) Buy a bunch of iPads for a classroom, set up an Apple ID, associate a credit card with it, buy needed apps for it, save password because it's a hassle to keep re-entering it
2) Scream bloody murder when one of the students decides to go to the app store and buy a few games to play using the instructor's account during class instead of doing classwork.
The way it should have worked was...
1) Identify a need (want tablets in a classroom setting that can do x,y,z)
2) Ask IT to identify a product that meets those needs securely and effectively
3) Wait for IT to figure out how to manage and deploy said devices (and if that takes too long, work with our management to identify appropriate priorities for us -- i.e., what doesn't get done in meantime
Bottom line, I understand IT is a service organization ... but I also understand we are overhead to the bottom line and understandably management wants to minimize the expense spent on IT as well as expect us to keep data secure. So we have to do horrible corporate things like try to control costs, and justify expenses towards the goal of improving productivity. I love my iPad. I think it's cool. But it's a personal, entertainment device. Repurposing it for business or educational use takes effort and time to figure out.
This article is written by the same braindead PHB who wrote the "high priests of IT" article. He's trolling Slashdot for cash (page hits). I say the editors should be at least considering blacklisting his submissions at this point. He's one of the biggest submission trolls on Slashdot right now, and the only one doing it for money.
"When information is power, privacy is freedom" - Jah-Wren Ryel
He's going on about the same bullshit. But he doesn't interview anyone in IT at any company that is actually IMPLEMENTING his claims.
This guy cannot even tell the difference between a "device" that is "owned" by an employee of Company X and a service provided to Company X by Company Y.
No. There's a HUGE difference between using a outside company to provide a service and allowing people to bring their own laptops into the company to connect to the company's private data.
And you STILL don't see the difference.
Why is /. linking to his articles?
mobile devices
cloud computing services
social technology
exploratory analytics
specialty apps
And STILL not a single interview with an IT VP from any health care company allowing user-owned devices to connect to private data.
Why is /. still linking to his articles?
This has to be the tenth article about BYOD and the terrors of the hated IT administrator that I've read in the past two weeks.... Is somebody out there lobbying the "journalists" to write this drivel?
Here's a question... Do you want to give your personal information to a company that is fine with BYOD? How about one that puts your personal info in the "cloud".
How about this... if you bring your own device and during a random audit it's shown to not be 100% up to date with the latest security patches, you are fired on the spot. You might think it's harsh, but that's the reality those bad guys in IT face every day. They're in charge of corporate data protection.. which frequently means consumer data protection. The users who are moaning for the latest iDevice need to understand that yes the iPhone is awesome, yes it's easier to use than a Blackberry, and yes it can be infinitely more productive.. but until Apple builds a decent permissioning and provisioning system for it, it's never going to be accepted by corporate IT departments. If you want to use your iPad, lobby Apple, not your IT admin.
There is no phenomenon, this is just a group of mobile device providers astroturfing to get their devices into business. Unless the devices can be managed by Active Directory or Linux backend they have no place in a business environment.
I am slightly concerned that the majority of people reading this mans articles have done after seeing link on Slashdot. His intended audience is presumably people who believe that IT departments are a self created entity and are entirely responsible for corporate governance and the reasons for it. We all know a little knowledge is dangerous. Please can we not give him any more attention.
He's posting on InfoWorld (not known for insight) and then sending the link to /. because no one reads InfoWorld's website.
If his articles were so amazing then people would be going to the original source, wouldn't they?
Instead, he's sending his links to /.
Seriously, this guy is a hack, his articles seem slanted and unprofessional, poorly sourced, etc. I get that InfoWorld is desperate, but why is Slashdot helping him with free advertising?
--- Generation X: The first generation to have SIG lines inferior to their parents... ---
Infoworld has always painted IT as a walled fortress that
1. never lets the users be free
2. does not respond to management
3. it always behind the times
4. does not respond to the external business environment
5. does not make the applications screens look like the ones from 24 and Mission Impossible.
6. IT people are huge security threats
7. IT people are fungible 'resources'
Infoworld has been spewing this anti-IT crap,FOREVER. Recognize them as your enemy.
Infoworld feeds management delusions. Infoworld plays on the fact management has no clue.
There are about a dozen or so Infoworld sister publications. And Gartner. They all peddle the same IT is evil problem and peddle the same Snake Oil and Silver Bullet solutions.
IT is about solutions to problems. Not devices or platforms.
Should 'Users' be doing IT's jobs?
Should not the Users being doing the job they were hired to do?
Maybe IT should do the COO's job. And fire all the incompetent management that slurps up this Infoworld FUD.
Why not let the janitor do open heart surgery? The janitor wants 100% success, while the heart surgeon is going to say you only have a 50/50 chance. Why not listen to the pleasant janitor that is telling you what you want to hear, rather than some Big Brained, Alpha Male, Hard Assed Surgeon who speaks truth.
So don't let Infoworld's outright muck slinging attack make you doubt yourselves. We are IT. We are Gods. We make it look easy. Everyone that can use a toaster thinks they know better.
Brush off the puny lamentations of the Users and the MSM.
Now maybe if work where to end when it's time to go home maybe then there will be less need to have the secure documents out of the office.
The problem with BYOD/DIY IT is multi-fold, and it's strongly related to users being unwilling (and unable) to take responsibility for their own decisions.
* With a myriad of Cloud services, everyone using something different. Massive datasets of information end up in a disparate group of services, suitable for only one person's use. It makes the employee irreplaceable until the data is migrated to something else that others are able to access.
* Security. I really shouldn't have to expound on this, on Slashdot of all places. At issue is not only the security of what individual users are working with, but the security of the network as a whole as each individual uses
* Information management/security. This is similar to the previous point, but goes further. Who owns the data? Who has access to the data when the employee leaves? It's difficult (if not impossible) to gain access to important business information which is on an employee's personal device or cloud service associated with a non-work mail address.
* Service reliability. In-house IT may have a history of fucking things up and making a mess of things, but at least someone competent can come along later and, even in many of the worst situations, retrieve it. With Cloud services, there is no such possibility, and there are no backups (in all likelihood). What happens when a Cloud service (god, I hate that word) eats an important document? I've seen it happen, and the user comes crying to IT anyway; the burden falls on us to 'recover' the document, because that's what they're used to. They have no ability to discern why it's not possible.
* Device reliability and employee productivity. I'm not going to be able to do anything consistent if I'm hamstrung on both sides when a user's device breaks. I can't replace it with another machine/device from stock (because I haven't been given the budget or time to provide such things). In all likelihood, even if I had such a device I couldn't restore the data to it that needs to be restored, because there's no consistent means of providing those backups.
* Time. IT is going to spend a lot more time per-issue and spend a lot more time doing absolutely nothing - also known as sitting on the phone, on hold, waiting for support. Sure, less time will be spent on implementation projects in the medium term, but long term this will be problematic.
* Professional degradation. This plays heavily on the "time" issue previously mentioned. I can hardly make a career in IT if the things I'm supporting are fleeting and not exactly technical, just another stupid UI to dig through. This is a short-sighted approach, and is as bad for organizations as it is for me. You won't have people considering IT if all they can do is generalize in 100 different closed and locked product UIs, with their biggest technical skill being knowing how to call support. This will eat into user's time, eventually, as people stop going into IT. When companies eventually want a turnaround, competent IT for in-house maintenance (or MSP) will be fewer and far between, costing quite a bit more than previously.
In short, Cloud services look appealing to users because IT is unappealing to them. IT gets in the way and prevents them from doing things; IT does not provide them with the tools they (think) they need. They look elsewhere, which makes IT look bad. When that backfires, IT then looks bad again when we're unable to recover their data from a proprietary service we have absolutely no ability to reverse engineer.
*** Let me make a pointed warning about a very specific "cloud" service: AutoTask. This is the biggest steaming pile of shit I have ever seen, and it's about as bad as it gets for vendor lock-in. Managers love it, it's got all the right sales words to describe it. It doesn't work, however. Not only are the use fees fairly high, but the product doesn't work. I've seen it display wrong numbers, lose records, display different data depending on which person is logged in (erroneously, regardless of supposed credentials), and i
~/ssh slashdot.org ssh: connect to host slashdot.org port 22: too many beers
This is like the fifth article this year talking about how users bringing their own devices into a corporate network are inevitable, yadda yadda, and here are some flashy new programs and services to keep it all under control that we happen to have developed and want to sell to you!
Well you know what wins, pundits? PCI and/or HIPPA.
We're PCI compliant at my job, and we're damn sure going to stay that way. That means that yes, you can bring in your iWhatever, and oh look, an open guest wireless network! But you know where that guest network goes? The internet. That's it. You can check your corporate E-mail through the public web interface if you'd like. Don't ask us to help you connect it to the corporate network, because we're going to tell you to go pound sand. And you know what? We're perfectly OK with you being pissed off at us because _you're not the one who's ass is in a sling if credit card information leaks out._ We provide you with all the tools you need to get your job done. You get a nice shiny corporate laptop that you can take anywhere with you (because it will help you VPN in and run your virtual desktop back at the office) and you get a rather impressive smartphone so your E-mail and contacts are never out of reach. You can't sit here and tell me you need MORE than that to do your job effectively.
That's as far as I get before I skip to the next article.
-SS "Teach the ignorant, care for the dumb, and punish the stupid."
The biggest problem is that users have no clue what they are bringing in. In my environment, we have to worry about HIPAA, PCI and SOX. Guess what happens when you bring in a mobile device and want to attach it to our network?
I need to worry about:
1) minimum security standards (passwords, encryption, etc)
2) patches
3) etc.
With iOS, I can mandate a minimum password standard, with encryption as well as patch levels. So all is good. But still have to have a MDM agent.
WIth Android, unless you are on a Nexus phone, your phone will *NEVER* be patched up to date. Additionally, no "full disk" encryption possible on most of the Android phones, including Nexus!
Oh, he's been a writer for 25 years. Not a CIO, not a businessman, not a geek. He should go and actually try working in the real world.
It's a fluff piece about something the author overheard and assumed was trendy, but there is a real problem with BYOD (only then in the inverted sense of the article): people don't mind to be separated from their workstations when they leave work, and they willingly let them be administrated by someone else. But they will scream bloody murder when they are separated from their smartphones or pads, and they will certainly not allow anyone else to administer them.
Which has led to, for example, soldiers bringing their iPhones on missions, and running where-are-your-buddies software on them, and using that instead of their own blue-force-tracking systems. Obviously, armies are none too content with this, and try to forbid this (won't work), propose alternatives (badly supported/supportable - Apple, Google and Samsung just aren't very big on allowing you try pry into their systems and implement crypto on them, and they bring out new versions every half year), or they just bury their heads in the sand (which is what really happens).
Religion is what happens when nature strikes and groupthink goes wrong.
User perspective - does this thingie work for me?
IT perspective - does this thingie work for 1,000 users?
Does this thingie have a license we can support?
Does this thingie fit our security model?
Does this thingie fit our backup/retention model?
Does this thingie cause any problems with the other systems?
Does this thingie have a road map for the next 3-5 years?
Almost any user can handle a single workstation. Maybe even two workstations.
It requires a different perspective when you move to 1,000 workstations for 1,000 users running 250 different apps in 10 different segments across 3 continents and 5 languages.
The niche that the company is operating in might not be the same niche that the user sees himself in. Just as there are markets for mass produced goods/services, so is there a market for customized/personalized items.
I think Gruman is advocating the customized/personalized market niche (everyone at the company uses whatever they want to use / how they want to use it / where they want to use it / etc) when the experience of most of the Slashdot readers is the opposite (thousands of workstations and users with hundreds of apps and downtime that is measured in millions of dollars).
Car analogy - your motorcycle might have better acceleration, higher top speed and be more maneuverable than the 18-wheeler but they aren't serving the same market. Nor does the motorcycle scale to the 18-wheeler level at anything near the same price point.
Is that I'm the one in the noose when Joe or Jane User's device is compromised and something happens. I can't lock down the device or I'm Mr. Evil IT Guy. I can be held responsible if it causes trouble, and then I'm Mr. Incompetent IT Guy. Yeah, sounds fair :(
Not even going to read this one. I read this jerk's "How to thwart the high priests of IT" story last week. He's a self centered hater of anyone in IT. He thinks he knows best and to hell with everyone and everything that gets in the way of him doing whatever he wants on the network. Damn the consequences. I am sure this is more of the same.
What is this "tech-savvy user" you speak of?
There is a recurring discussion on Slashdot about the wisdom of putting critical infrastructure systems on the 'Web where any "terrorist" living anywhere in the world can attack it at any time.
That is the key to this discussion.
The IT department is tasked with keeping the private company data private. One of the reasons for that is so the company does not get sued for "losing" that information (or lose an advantage to a competitor).
Once the "tech-savvy user" connects his/her "personal IT" to the Internet it can be attacked by anyone, anywhere in the world, at any time. And losing your credit card info just means a problem for you. If the company loses the credit card info of their clients / customers / partners / etc, that's a problem for a LOT of people.
My problem with cloud services is that the departments that use them don't want to manage them and don't even know what "manage" means.
When Accounting buys a cloud based purchasing system, they didn't ask for IT input because they couldn't wait for IT to fit it into our schedule (which is pretty much determined by our budget). So now they implement a cloud based company wide purchasing system that everyone is required to use.
They, however, forgot that someone needs to handle password resets. They don't want to give the Helpdesk administrative access because there's no way in the to let them reset passwords without also letting them alter approval levels and see all purchase orders. So every request for a password reset goes to an accounting clerk... who is always too busy to handle them.
People complain that they have to remember a separate password for the system - Accounting didn't even take into account our request to use a system that can federate with our AD servers to let everyone use their AD password to sign on.
HR asks IT why ex-employee XXX still has access to the system after leaving the company - we say "Accounting automatically gets CC'ed on termination notices, they apparently aren't acting on them".
The CFO asks us how we can feed purchasing data into the BI system, we tell them "Who knows, we've asked for a data API 6 months ago and are still waiting for the beta release"
The purchasing system goes down for unscheduled maintenance during an financial audit, Finance asks us why we don't have a back up of the purchase data so we can run reports. What, they ask, would happen if that company went out of business!? We say "Hey, you sit across from Accounting, they chose the system and ignored our request to have data extracts stored here"
The CFO says "Hey, this system isn't quite working out - we want to move the data to a new service. Figure it out".
So while departments *want* cloud hosted solutions, they really don't want to manage them - they want something that just "works", but they don't often have a clear idea of "works" means. There's a reason why IT does a requirements analysis, RFP, and vendor evaluation before making a purchase instead of buying a system just because "When I worked at Company XYZ, we used this product and it worked pretty well".
The purpose of corporate IT is to ...
allow company approved people to
access company data
using company approved apps
on company approved hardware
at company approved locations
with company mandated security methods
on the company approved IT budget and staffing level
to keep the company in business and out of court.
If you want different apps - build a business case for them.
If you want different hardware - build a business case for it.
If you want different access - build a business case for it.
If you want different X - build a business case for X.
WTF
I don't know how many times I have heard: "We know it is not our policy to make you support/fix this. However, your boss is requiring you to make an exception this time, since we have some important time-sensitive thing going on."
Mutually-agreed-upon responsibility limits don't work when upper management lacks the discipline to keep up their end of the agreement.
Hell yea! Now I get to take a vacation.
You have a problem with your iCloud not syncing? Call Apple! Best of luck. Problem with your iPhone talking to the Google Apps mail server? Well, you could call Google (ROFL), you could call Verizon, or you could call Apple. But, don't call me. What, the ecommerce store just vaporized and you've got no clue where it went or how to get it back? I don't understand why you called. Shouldn't you be calling Amazon?
Wait, you want it all to work? You want it all to work together? You want it all to be reliable? You want it all to be handled by someone familiar with the homogenous blend that is your particular flavor of technology? Then you need to call IT and do it their way.
I'm on a boat!
All arguments about devices aside, I see software-as-a-service as good for IT. The internal IT department is not tasked with installing, licensing, upgrading servers or storage, or many of the other costly and tedious chores of traditional IT work. IT can re-orient itself to providing a secure, dependable infrastructure for the internal users. After spending 20 years working in IT dev, test, and analysis, I think both IT and their customers would be better served by this model in many cases. The scope of the modern IT organization has become so large that IT cannot respond effectively to all the challenges presented to it. SaaS offers a way to decouple at least some business applications from IT departments. The only application to be installed and maintained is a Web browser. As an IT professional, I'm all for it.
Maybe my company should spin-up a risk management group that helps business units decide if they should move to SasS or not?
This really is a not as much of an issue as the author makes out. IT is all in favor of users bringing their own devices to the party as long as they accept that, much like you may own the briefcase, the documents and data contained therein remain property of the company and need to be protected.
If end users are prepared to accept the responsibility of protecting their data in line with the policies set out by the management of the organization (note i say management here, as opposed to IT) then the issue becomes one of personal culpability for breaches which IT is more than happy to shift to the user. Once people realize they can be fired if they leak data from their own devices they very often sing a new tune.
More often than not though, when users want to use ther own devices they want to do so with the same ease and level of support afforded to their company supplied equipment. This is simply unworkable. If its yours, you own it and you need to support it, not the IT department. Think of it like using your car for company business - You can claim back the milage but its your responsibility to maintain it or fix if it breaks down.
You also need to ensure that your personal equipment is good enough do the job and that you are licensed for all the right software. Don't think that, because the company runs Office 2003 that you can start sending 2010 docx's everywhere because it came preloaded on your new laptop. Likewise don't expect the company to pay for your upgrade to the latest MSOffice on your personal equipment. They might do, but don't expect it!
Likewise users ust also realize that they cannot have it all their own way. If its dropbox for file sharing then ok, dropbox it is for everyone. It makes no sense if 5 different departments use 5 different file shares. Dont blame IT if bob in sales prefers rapidshare to dropbox.
The state of IT security and systems is far more advanced than most users realise. Just so you all know, the second you connect your device (android, apple, windows et al) device to the corporate email systems or related services IT already has the ability to remotely wipe your device of any data or remotely access it. In the same way a company uses onstar or similar GPS services to track company vehicles so IT has tools to do the same on your devices.
Finally, there is a staggering amount of ignorance when it comes to IT and the people who work in IT for a living. For some reason someone who goes out and buys an Iphone or an iPad suddenly thinks they are able to talk over people who have far more experience and knowledge than them. Its kind of like buying a Prius and then trying to talk down to a Nascar or F1 pitcrew. IT doesn't actually think you are stupid, they just think you act that way when you condescend to them and claim to have more knowledge than you actually do.
Quidquid latine dictum sit, altum sonatur.
We've already had this discussion several times, this guy is an idiot who clearly has no real idea what jobs IT personnel perform or not. Admittedly it's easy for IT's accomplishments to become "invisible," because nobody notices when everything runs smoothly. They only notice IT on the rare occasions when something fails.
As a wise man once said, with great power comes great responsibility.
If we want the power to say "No" to users who are doing unsecure things, we have the corresponding responsibility to provide an easy-to-use substitute in a reasonable time frame.
Once everyone else starts seeing IT as "the department of no," or as unapproachable "high priests" (as a previous article said), the clock is ticking. Other employees now perceive IT as the enemy and will try to work around us by whatever means they can. And if these enemies include upper management, the outsourcing of the IT department won't be far behind.
I work as a Database/Web Administrator in a small (6-person) IT department in a public library system. Until about 6 months ago, I was doing general IT support, and still do from time to time; we're not hung up on formal job descriptions too much with a department this small. Do we sometimes advise people not to do things for security reasons? Yes. We've had to prohibit a handful of specific bad practices (generic logins) because of PCI compliance. But this is not the primary focus of our work. The primary focus of our work is helping other people to do their work more effectively. And this means providing solutions, not withholding them. It means if someone wants to do something insecure, we try to find out WHY they want to do it, and come up with a way to make things as convenient for them as possible. I have personally written multiple scripts to make peoples' jobs easier. (Example: on one occasion, I noticed that staff were manually running circulation totals from self-check units each morning. So I offered to automate this process, which saves them 5-10 minutes a day.) Because everyone knows us, and knows we will do what we can to help them, we have the credibility to draw the line where it matters. Many IT departments have forfeited this credibility, or never had it in the first place. IT should be an important part of the business, a strategic partner with a voice at the table - not a bunch of antisocial BOFHs in the back room.
I actually opted to RTFA and I'm not sure what the "5 technologies" are. I even looked at the printer friendly version so I wouldn't have to wade through tons of "next page" and didn't easily find the 5 technologies.
InfoWorld article quality is really declining when they put out stuff like this.
Damn_registrars has no butt-hole. Damn_registrars has no use for a butt-hole.
I have worked for, or consulted for, many tech companies. The best had IT departments that saw themselves as ISPs. They made the assumption that the individuals were going to bring in viruses, dud devices, etc and built their network much like the cable company built theirs bulletproof. Connections to internal services were made in the same way as over the Internet secure as possible. Most workers were handed a workstation assembled by IT and it just worked. But if people had special needs or devices either they obtained their own bits or got help from IT obtaining special bits. At the time things like Macs didn't get much support as the IT would claim that they knew little about them. It worked well. Interestingly enough the head of IT usually had some bastard collection of old bits as his personal machine.
.zip files.
The worst had a convoluted proxy system, a wonky DMZ setup, Novell shared drives that nobody used, and the oddest selection of software that was mandatory on all machines; machines that they picked largely for their compatibility to Novell. Needless to say the head of this IT department had the best damn desktop machine in the company. Plus the best laptop that money could buy. Where programmers had trouble getting machines that could barely run the software they were building let alone a modern IDE.
The best company didn't trust their employees at all and designed their system around this. The worst company pretended that they could design a system where they could pretend to trust their employees.
The layers of stupid in the bad company were many. One good example was the dedicated email machine had a raid with a few terabytes of space. Yet in a 100 person company employees were limited to 3meg attachments (two floppies) and 10meg email account total. Plus many attachment extensions were banned such as
I am willing to bet that the bad IT company cost 3 or more times as much to run.
http://www.infoworld.com/print/181200 for one print page instead of three web pages.
Ant(Dude) @ Quality Foraged Links (AQFL.net) & The Ant Farm (antfarm.ma.cx / antfarm.home.dhs.org).
Because our stuff is secure not to allow people's own devices to utilize any of our resources. Wanna hook your ipad up to the wireless? Sorry. MAC address not on access list.
Wanna configure your email on your non-company assigned cell phone? Sorry, not in the device permissions. Or, if I decide to be mean, I'll let it on, and them remotely wipe it completely at my whim.
Work time is not time for you and your Facebook, so our web filtering blocks that.
Oh, we also read all your email on a whim, too, because it all belongs to the company.
you're being paid to work, don't like it, find another job.
The greatest idea if I ever heard of. The equivalent of FreeBSD jails on an smart phone. Business and private is sand-boxed separately. Practically two separate devices. Add VPN to the business sandbox and it's a killer app. Install all the trojans and viruses you want if you personal sandbox. Business won't be affected.
I am TIRED of GMGruman's garbage articles. He is a complete MBA PHB moron that has no idea what he is talking about. It's "news for nerds" not "clueless retards writing hack articles".
This is at least the third artcile and/or repeat from this blog. They don't reflect reality in any way and are poorly written.
As long as IT is responsible for the security and stability of the company's network(s), IT HAS to have the final say as to what gets connected to said network(s). The broblem with BYOD is that user supplied devices can compromise the security of the above mentioned network(s). If a user uses his laptop at home and at work, IT has little control over what may be installed on that laptop, including spyware, viruses and trojans.
Therefore, IT cannot allow users devices to be connected to any network that has access to sensitive data. I know that users do not like restrictions. Users need to understand that security cannot be compromised. IT needs to flexible, and evaluate user requests with an eye to granting them if they do not compromise security. IT, users, and management must work together as a team.
GMGruman is an out of touch jackass whose ignorant articles have somehow been self-promoted onto slashdot three times now. STOP POSTING THIS CRAP. Nobody with a brain wants to read this crap, it's plain trolling for pageview sake.
I know this is /. and the standards are pretty low. But this sort of garbage article posted purely to get money from clicks is a pretty poor even by /. standards. Can't we ban articles like this, the guy doesn't have the first clue about IT or enterprises, for that matter he doesn't even have a clue about users. So why post a pointless blog?
Really?
This article is really a statement of the obvious -- e.g., that IT should allow users to bring their own device, or to use cloud computing services. However, it seems to gloss over the fact that these platforms can and do put the company's proprietary information into the reach of external vendors, and in this era of e-discovery, security breaches, and warrantless wiretapping, businesses need to be selective about what data goes outside of "controlled" infrastructure.
What the fuck is GMGruman's problem with IT Departments? Did one of us tell you that you can't access Facebook or something? Boo Hoo, get over it.
I've dealt with the great and dreadful PCI-DSS for a few years now and it is painful when a "power-user" is the one responsible for answering the self assessment questionnaire. I want this joker to go through the compliance process on his own and then see if he still feels the same way about IT people.
Believe it or not Mr. Gruman, there is much more that goes on behind the scenes that let's you actually have a job, like the IT guys that keep infoworlds webservers running and secure so you can post your garbage. Think of it this way...remove the oil from your car and see how long it functions, that would essentially be the equivalent of removing your IT department and letting the "power-users" be in charge.
when the the law is so complicated and all these lawyers are waiting for a potential chance for a lawsuit to happen.
Just burn the constitution already. We are in the 21st century, we don't need those.
Look at China, the is no cost to compliance other than paying a tax/protection fee to the government. Even government agencies themselves use free software (free as in free beer).
Twitter: @dainsanefh
ridiculous articles about this?
Yea you play with your phone and tablet. I'll play with multi-million dollar servers with multi-million dollar storage serving the main apps the company actually needs to function to thousands of people, while Go on thinking we are innovative or can't handle your toys. We got other shit to do really.
If the company doesn't support your device, if the IT folks have no experience with it, why would they know how to fix it? Like take iPhones. None of us IT types at work have one. We all have either Android phones, or regular ole' dumb phones. I personally have no experience with an iPhone past having briefly played with one that a friend owns.
So, why should I help you make yours work? If you ask me to do that, what you are saying is "I want you to take the time and do the research I am too lazy to do to figure out how to operate this, and then teach me." Why is that my job? How about you do it yourself.
The answer "But then you know how to support it in the future," isn't valid either. Ok that's true for your toy, but not for the next person's different toy.
What it comes down to is there are way too many things out there for a person to be good with every one. All IT groups will have a set list of operating systems, programs, devices, etc that they support. They'll be responsible for knowing how to do that. You can't then ask them to just turn that in to an unlimited set of anything that comes out, and expect it not to impact productivity.
Because you had the policy of "You use our stuff to store our data, no exceptions," and there is also an encryption policy, the incident wasn't a big deal. People fucked up, nothing happened in the end. Had those been personal laptops with company data but no encryption, it would have been a massive incident. Doesn't matter that it was just some petty thief stealing laptops, you would have had to go through the full "identity theft" deal with all the people who's data was on there.
Users just whine that IT says no because they don't like the answer IT gives.
A user wants X. IT looks in to what it will take to give them that in a proper, supported, fashion and gives a figure. The user gets all huffy because in their mind nothing should cost anything past the initial purchase price and then complains that "IT said I can't have this."
Where I work, we never tell someone no outright unless they want access to something they just can't legally have (we had a grad student who wanted access to all traffic in and out of the building). However frequently, what the user wants they are unwilling to pay for. Two examples from opposite ends of the spectrum:
1) A researcher says we need much faster network for a grant he wants. We have gig, but that is "old technology" to him. He wants terabit. Ok well I get Cisco to humour me and send me a quote. It is like $10-20 million dollars (basically to get a CRS-1). He gets all butthurt because it is so expensive, as though we could figure out a way to make it cheap if we wanted, or that we should just buy it (bearing in mind our yearly budget is like $200k) because it would "help him get grants". He just had no concept of how unreasonable his request was.
2) A researcher decides he has to have Macs for his lab, because he's a Mac zealot. We don't support Macs, this is official departmental policy not made by us. Our mandate at the time was to support Windows 2000 and XP (and related server OSes), Solaris 8 and 9, and RHEL and Fedora. That's it. Our central system was built with that in mind. Well we can't stop him form buying the Macs (researches do what they like with their money) and he "understands there's no support." He gets them... And can't make them talk to the NetApp. They won't work, and they don't seem to want to auth against the LDAP server. Despite "understanding" there is no support he whines and bitches and we look in to it. I find that ADmitMac by Thursby is a solution, one recommended by NetApp. We test it, works flawlessly. He refuses to buy it though, it is $100 per computer and that is "too much" even though $3500 per computer to buy the hardware was apparently ok. He wants us to buy it, though again departmental policy is we don't spend money on research groups (otherwise they'd all try to raid our funds) only on instruction and infrastructure.
In both those cases, the professors would tell you we said no. We didn't. We told them what they needed and what it cost, and they didn't like it. Their view is "IT should just solve any problem I come up with, even if it isn't their job to support and should bear any expense related to it."
People also never seem to consider man hours involved in supporting something. We don't have an unlimited number of IT staff (we have 3 in our case, and some students) and we have a lot of things to do. If supporting your personal toy comes on to the list, that takes more time. Maybe not a ton just for you, but then we really can't do it just for you. That's not fair. We either have to do it for everyone, or for no one.
One user brought in a couple of different models of two way radios (if they are still called that) from home and expected me to set both models up on some sort of private channel with zero documentation to look at. I haven't even touched anything similar since 1987.
The idea seems to be if it has some sort of electronics the IT guy will know what to do and if they don't they have the entire day to work on it even if it's got nothing to do with the workplace.
The tough thing is if you don't play along and at least attempt to solve their personal electronic problems they will be reluctant to come to you with something that is really work related and may cost jobs if it isn't addressed. In IT people are in the role where they can be sacked because a user didn't inform them of a major problem in time for them to fix it while the user gets to keep their job. If they hate you for cutting their net access communication gets a lot harder and nasty surprises increase.
You are reminding me of the flat file single user at a time "database" that has crept into my workplace, been used for key functions and required more support via blind guesswork over that past few years than the time it would take for me to write something similar. At least the idiot finally listened to my advice and it no longer has to run as "Administrator", but since I might "steal his ideas" I've had to work everything out without seeing the source code, and if I even wished to see it there are of course no copies of it backed up on a server or tapes. It's on his own personal laptop and I have to take his word for it that there are backups. Documentation of course does not exist in such situations. It has of course died spectacularly and deleted all it's data files on several occasions or been badly corrupted when a second user manages to get edit access - but that is something I CAN plan for and fix - hence having to spend more time cleaning up after it than it would take to set up a real database with a similar front end. Stupid office politics stops this happening.
Having zero control to prevent failure but complete responsiblity for bringing things back from failure doesn't sit well with anyone. Why do you expect things to be different when you put an IT department into that situation?
the ones who think byod is a bad thing are thinking of it completely the wrong way
byod is probably a godsend for IT and i can't believe most IT admins don't see it that way
why?
considering you are in charge if IT policy, simply have a policy for byod
employees have a choice of an IT division approved, supplied, and supported device, or they can byod
if they byod they must fill out a standard byod contract:
1. Employee waives any rights IT provisioned support for device.
2. Employee may not contact IT for device specific support. Employees can request appropriate usernames / passwords / addresses for their accounts. They may not submit "how do I set that up" or "how do I configure that".
3. If employee requires support for their device, and the support request is approved by their direct manager, employees pay will be required to pay full IT support rates from their pay charged at $XX per 15 minute block (a service time of 1 minute = 1 x 15 minute block). Attach appropriate SLA of support. Employee agrees that IT is not required to provide accurate estimated support service times for their device.
4. Employee agrees that IT may confiscate their device for the purpose of security checks.
5. Employee agrees that IT may confiscate their device for the purpose of security updates.
6. IT reserves the right to ban employees device from the network without notice.
7. Employee waives the IT division of any liability.
8. Employee, their direct manager, and associated senior managers, accept and will be held liable for damages incurred as a result of their device (including damages to IT devices, other employee devices and systems, data breaches, etc).
9. Employee, their direct manager, and at least one other senior manager must sign off on this agreement.
last point is the most important. employees will need to prove to their managers they need to byod
coz if they can't make a good enough case, it's both the employee's and managers asses on the line
as far as i'm concerned, you want freedom to bring your own device, you damn well better take responsibility for any shitstorms you cause
... and again? Same submitter got a really similar - and should I say verging on troll - story less than a month ago. How many times is it going to take for him to realize that an enterprise network is not a playground for its users?
Damn.
Some clients turned up and requested urgent and immediate net access - easily done since I've got a wireless access point nicely firewalled off from everything internal. One of them didn't want to use that but still wanted to get his laptop on the net so turned on some new iPhone wireless hotspot software and managed to jam everybody else in the room. Of course I couldn't touch his iPhone, I've never used that software on it, I know fuckall about iPhones anyway and he didn't know how to use it either, so it became a little game of channel hopping to try to give everyone access at once for more than about a minute. Eventually he went to lunch, taking his iPhone and it's hotspot with it, so normal service was restored and even a wireless mouse started working again (possibly coincidence).
The point is sometimes the desire to use the new toy that nobody in the building really has a clue how to use instead of the a simpler solution that works can get in the way of more than one person. The place to play with these toys is at home or when you will not be impacting on others in the workplace and not, for instance, in meetings where a lot of the people have come from halfway around the fucking world and really want to get things down quickly and go back there instead of being jammed by somebody that wants to use their new wireless toy.
That works when you have a small, talented group of people all in one room. But a startup that continues to act so lax when it grows to 500 people in four locations in three continents will soon become a shutdown.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
IT is a service and as such they must oblige the business. If they are a police force then the rest of the company will go around them, and that does not help either.
Face it, your job is to do what you're told and show up every day and use the tools your company provides you, so you can collect a paycheck. That's it. You're not there to change the world or do anything great. You want to do something great, go work for CERN, or some start-up doing something really groundbreaking (start-ups don't have IT departments), or start your own company. You're not going to accomplish anything at a company that has an IT department, because only larger companies have those. So why are you expending so much energy trying to make your employer change its ways?
While this is accurate enough as a description of the conditions many people work in I always find it a bit chilling when people describe it the way you do: as if it is inevitable, as if that is the way it should be. You use the word company. The very word should tell you there is a social aspect to a business, a company is a collection of people working together for mutual goals. The "company" that provides the tools, pays the paychecks, does or doesn't change its ways is actually a collection of people. All the legal and financial structures we set up around it don't change that.
Do your job with the tools you're given, and if they hamper your productivity, then so be it. Complain to your boss, and point out that he's getting reduced productivity because of their policies. If they don't change anything, then it's their problem: they're paying more to get the job done, in effect.
You're as human as your boss is, and you're both part of the company. If your boss doesn't listen to the argument of reduced productivity it's not just his problem, he will make it your problem, he will expect your productivity won't suffer while it does, he didn't listen to that in the first place. That will be bad for your motivation, motivation doesn't just come from paychecks. Reduced motivation translates to reduced productivity. You can't expect people to be just automatons. If that were true their jobs could be done by automatons. If you need or prefer humans then treat them as humans.
Others have pointed out that IT is a balancing act between individual and shared interests, and that it is one of the interdependent parts of a whole. That is true for each of those parts, on every scale, from business division to individual employee. No-one should expect to always get their way, and listen to reason when a confict of interest is pointed out to them. But no-one should expect to never get their way either, as that would imply someone else won't listen to reason.
We have everything posted for e-mail, VPN, all that shit, and we'll happily show people to it. Some people are happy with that. Others want us to hold their hand through every little thing. Still others don't want us to touch their stuff, until they fuck it up, and then they want us to fix it, but then back to no access.
Our problem is not with people wanting to use their own devices, it is with them wanting us to support them. They don't seem to understand if you want to own and administer the device, that means you are responsible for it. That means you deal with it. You don't get to do things your way but demand IT bail you out when you fuck up or get out of your league.
The "12 year old" comment shows the problem well. You simultaneously claim something is really simple, yet are petulant that someone won't do it for you. That is rather stupid.
As I said where I work, the servers are public info. We'll tell you what all the servers are and how to get at them. However if you want to bring in your own toy, it is your job to make it work. So I'll tell you what servers you can SSH to, if you need SSH (actually I'll show you the site that lists them). What I won't do is find you an SSH app, configure your iTunes account, download it for you, configure it, and hold your hand as you figure out how SSH from your iPad.
I'd be willing to provide that level of support, if the department was willing to hire sufficient staff to allow for that. However so long as I have tons of shit to do with the equipment we do own, I am not going to spend time on your stuff.
"These 5 Technologies Belong to Users--until they break, at which point you will of course be expected to fix them. Isn't that what we pay you for?"
It probably wasn't the first and it definately won't be the last...
I've seen our company lose too much time and productivity because someone decides to bring in their own device and attach it to the corporate network. Oops, did I still have a DHCP server running on that? Oh, sorry I took out a quarter of our network by serving up bogus IP addresses. But isn't my laptop just the coolest thing ever?
The problem is that in a shared environment, one loose canon can bring a large portion of the network to a standstill - or can completely compromise security and expose who-knows-what to the outside world. This is what IT's job is - its to stop that one person who doesn't know what they are doing from taking everyone else down with them. It is a thankless job, but entirely necessary.
I have read a few articles by Galen Gruman, the idiot that wrote this. He calls himself a "smart user". I personally think he is a short sighted idiot. He wants users to be allowed to put anything, application or equipment, on a companies network. That is just plan wrong. So many problems can occur from doing this that will cause a so-called "smart user" to lose their job not to mention the likely hood that someone in IT will lose theirs also for not enforcing company policy. If something will make the job so much easier, what is the harm in doing some work with putting a proposal together and sending it through the pipeline. Personally I never got made at someone for trying to make work easier if they did it properly. But there is a limit on resources and just because it makes one persons job easier does not mean that IT will support it. But if it makes 10+ peoples job easier the likelihood of it being tested and approved is better. Remember the company wants a good ROI.
There are two major products that come out of Berkeley: LSD and BSD. We don't believe this to be a coincidence.
No serious company should ever consider a BYOD policy ... only managers that have bought themselves "IT for dummy's" would believe this to be a good idea, because only they would believe they know all there is to know about IT after reading such a book!
Either that, or the people that are pushing such an idea are from hacker groups, hoping to catch some big fish with the spyware, malware that various networks are bound to end up with.