Ever since the political parties figured out that "rousing the base" is an easier way to win than winning votes from the center, it's been that way.
Well, that and when the Republicans rediscovered "stuffing the ballot box", "vote early vote often", and "keep them brown people outa the polling place" a few years back.
The fact that Republicans have been systematically destroying the education system in the country says a lot about it too. Ever wondered why whenever they come into power, the first thing they do is start firing teachers? Now you know. The less educated someone is, the more likely they are to believe the bread-and-butter kookiness that comes from the Republican noise machine, and the less likely they are to have an attention span capable of remembering that these assholes were saying the exact opposite thing just a couple days ago.
I also know this makes a mess for the IT department when they have to inherit the POS I made. But just imagine how much easier things would be for the IT folks if they would provide people to help with these quick solutions so that they are designed reasonably well and are easier to support....
Actually, we have about 500 users using the application in 30 countries, and the application is actually quite stable. In five years, we've only had a couple hours of unplanned downtime, and half of that was a Citrix server problem (out of my control). Most of our planned downtime has typically been for upgrading servers (moving from SQL2000 to SQL2008 servers, or from a single Citrix box to a farm of Citirix servers for the application) and happens on holidays....
Note, I'm not struggling with the entire IT organization. The people in IT who provide servers: SQL servers, shared-drives, and Citrix platforms, etc. are fantastic. I ask for what I need and they work with me to clarify what's actually needed then cheerfully provide it. I couldn't keep this going without them.
Something you are saying here does not compute.
Seems you're getting a TON of support from IT with servers, from what should be a server-side application. Especially since you admit it already ties in to their existing databases.
Seems also, your little app requires a significant amount of money (in either parts or time monitoring) to support it.
Seems also, you admit that you gave incomplete design specs in your initial proposal and may still be doing so each time you propose it.
Seems also, we are still missing information from you. You say it's not the "entire IT organization." What are you doing, submitting this to the rejected Indian monkeys running your frontend helpdesk whose primary job is to handle people who are having "trouble" opening their email?
Have you submitted this to the head of IT? Or to the head of the server support desk? Or if not, where HAVE you been submitting it to?
I don't think it's IT's fault you are having this trouble. I think you're either holding information back from them deliberately, or you're so bad at communication that they can't make heads or tails of your proposals, or you're talking to the wrong damn people who are already under-budgeted and overloaded with crap from every OTHER person at your company that operates in this fashion.
IT infrastructure exists to help people get their jobs done. IT departments exist to support that.
IT has the following schizophrenic, ass-backwards requirements on their jobs:
1 - "help people get their job done." 1 - "develop new tools to improve productivity." 1 - "Make sure everything is running. At all times. 24/7." 1 - "Make sure backups happen all the time no matter what." 1 - "Make sure users can access data and make changes even during the backups." 1 - "Make sure everything is completely fucking secure." 1 - "Make sure the company doesn't get any legal liabilities exposed."
And yes. They're all labeled "Number 1" for a reason.
You want one thing. Fine. IT, meanwhile, is trying to answer to every goddamn idiot in the entire company who wants to place a different requirement on them. There's you, there's other departments, there's the lawyers, the CEO, the VP, the dumbass VP who wants you to open up a hole in the firewall so his kid can play video games in the office, the jerkass VP with a sub-80 IQ who's busy looking at porn all day but who gets kept around because he was in the same frat as the VP's at some of your biggest clients...
Professor Douchenozzle got a new iToy and wants it all working RIGHT NOW or he'll throw a temper tantrum and need to be put down for his afternoon nappies.
But why can't the IT organization come up with "quick solutions"? Are there no people in IT who know more than me who could make something "as good" as the POS I cobbled together in a week or two?
Because you asked the IT staff for a solution that everyone in the business can use. So they were trying to make one that would be able to handle the load, and the stress, and the security requirements.
YOU, on the other hand, cobbled together a piece-of-shit implementation that will cause nothing but headaches over time, will crash when it hits the Windows filesize limitations, and that can't be used by anyone but you.
I also know this makes a mess for the IT department when they have to inherit the POS I made. But just imagine how much easier things would be for the IT folks if they would provide people to help with these quick solutions so that they are designed reasonably well and are easier to support. Considering how much time and effort they have to spend on the back-end of it, dealing with crappy databases and data, it would probably actually require less time and effort if they availed themselves at the front-end when the business needed a quick solution.
See above, you fucking incompetent nitwit. They offered you the solution that would WORK FOR THE ENTIRE COMPANY. You wanted everything now and for zero cost.
You've gotta be even crazier to give the average off the shelf techie root access to a FDA regulated nuclear physics control system...
You've got to be even crazier than that to let some fucktard with Ph.D and delusions of grandeur plug a rogue box into any network connected to same. The IT staff are likely to check into what they are doing - the script kiddies about to have a field day with Dr. Fucktard's New Playpen, on the other hand...
Re:This is not the logic you are looking for
on
Is Sugar Toxic?
·
· Score: 1
Why were you going into bars and restaurants where people smoked, if you found it so unpleasant?
Because there was no way to get around it and still be social?
Used to be every bowling alley was filled to the point of a haze with smoke. Same thing for every damn bar. Most restaurants too.
Pain in the ass when your buddies want to go bowling, or grab a meal, and you're not wanting to be the spoilsport. Besides, I like bowling. I'm just not a fan of being exposed to so much goddamn cancer stick fumigation that I start hacking up a lung.
Re:This is not the logic you are looking for
on
Is Sugar Toxic?
·
· Score: 1, Funny
Those who follow procedure - come to us, have a plan, have an expected ROI or some measure by which they can show it will be a productivity gain, work with us on implementing what they want in a sane and secure manner - get priority.
Assholes who put a rogue box on the network, cause a bunch of security holes, and THEN demand we "make it work" because they want something right now or else they'll throw a temper tantrum? They don't get priority. Not until they learn to do things the right way and stop causing security holes and liability problems.
If you are putting functionality request in order of how much you like the user
No, we are putting requests in order of those people who are going to actually work WITH us, who have a defined plan of what what they want to do, who are willing to give US the time to do our Due Diligence with regard to legal and network ramifications of what they are asking for.
On the other hand, when some douchenozzle plugs a rogue box into the network, our response is what it has to be because the lawyers and PHB's have ordained: box goes off network. Box STAYS off network. They are invited to RESUBMIT their request with proper documentation and actually follow the fucking protocol this time.
Ever considered that at your other places, the problem is probably not "slow IT people", but "an understaffed IT department that spends all their time just putting out fires and dealing with stupid crap cause by people plugging in unsupported crap to the network" that, due to "Priority A-1 Keep The System Running At All Costs" screams, never has the time to work on new features?
Oh, and since he's in a medical AND educational facility, now add in the interference of not just PHBs and Lawyers, but also Douchenozzle Tenured Faculty With Delusions Of Grandeur...
1 - Who replaces the hardware should a piece fail? 2 - Who is responsible for keeping the software updated? 3 - Does the solution fit into an existing update checking/patching/maintenance setup, or do we have to spend 20 man-hours or more per week out of an already shortstaffed IT desk to try to confirm that it is properly patched and maintained? 4 - What does it expose the rest of the existing network to? 5 - Who maintains it and has the maintenance passwords/keys/etc if you (or whoever installed this rogue piece of shit) get hit by a bus? 6 - What legal liabilities does it, or does it not, potentially open the company to? 7 - Who controls the access to it and maintains any user lists it may keep? 8 - How do we ensure that you clean off fired employees from said user lists in a timely manner if they had access?
9 - Who covers all of the above if you are on vacation, let alone hit by a bus and in the hospital or deceased?
HIPAA is one "argument." If you're in an education, FERPA. If you're in a legal profession there are similar data-privacy laws. Likewise for many other fields.
This is why "no rogue servers" exists. "But it's not run by IT" is a small part of that, see also what if you got hit by a bus, add in how does it integrate, and finish off with what is the legal liability potential.
"Not-invented-here syndrome" is the pitiful sour-grapes excuse of assholes like you who think going behind IT's back is a good idea and never fucking think about the potential ramifications of your actions until we're putting out the fire you started while you stand back trying to come up with excuses to tell your boss about why your rogue server just resulted in 10,000 credit card numbers and personal info files getting into the hands of some hacker.
Users have learned through experience that IT hates them, and they're usually right.
If you're the kind of user who's learned through experience that IT hates you, you are the kind of asshat who keeps doing things you're not supposed to be doing on the network.
Why is there no working relationship between IT and the rest of the company? Because IT's contradictory jobs (in revolving priority list) are:
1 - "Provide services (defined by what the PHB who knows precisely jack shit about anything except screwing secretaries)" 1 - "Keep everything running." 1 - "Keep everything secure." 1 - "Keep us from getting into privacy lawsuits."
Of course, none of these "generate revenue." So PHB's want IT to also be chronically understaffed and on a shoestring budget. And then PHU's (Pointy-Haired Users) show up. So first, the understaffed IT staff on a shoestring budget are always busy putting out fires because of the douchebag PHB wants to download porn and jerk off in his office while simultaneously wanting them to "keep an eye" on the network to ensure that users aren't going to sites like youtube on company time. Then, 18 PHU's show up and all want their email on their phone. And it's 18 fucking types of phones from as many carriers.
Oh, and then some douchenozzle gets the bright idea to forward his email to GMail instead. Except that once you do that, your email could be subpoenaed and google will never bother to inform you. So now confidential patient records, or student records, or lawyers' records, or a thousand other privacy violations are just a subpoena or stolen password or GMail account hack away from exposure.
Or some douchenozzle decides we aren't "quick enough" in setting up Wifi so his little fartbag daughter can play games on his iphone on daddy-daughter day. So he brings in a WAP and plugs it in somewhere out of normal view without any fucking security. Bam, welcome to "Open Wifi Free-For-All day", the entire network is fucking exposed because someone plugged in an unsecured WAP behind the firewall.
Or a thousand other things that go wrong every day because some shitheaded moron decided he just had to circumvent IT and that he could "do it himself."
Want to know who we hate? It's not "users." It's users who don't fucking think about the consequences of their actions.
Guess what. You fuck with your plumbing, it voids the warrantied work from your plumber. You fuck with your house's electricals, it voids the warranty on your electrical work. You fuck with installing a pool or patio without having drawings and engineering checks to ensure you didn't screw up the drainage pattern, your foundation repair company's "lifetime warranty" is void.
So why the fuck do so many people think that going behind IT's back is a good idea?
The dept. head in this example is the type you should actually talk to to find out how you can (mirable dictu!) make your services better.
The dept head is the kind of stuck-up douchenozzle who didn't bother to talk to IT. The dept head is the kind of shithead who wants everything "now" rather than giving IT time to do their jobs.
Try working in IT for a while. Be on pager 24/7 in case something happens, working 8 hours a day onsite and another 6-8 at home to keep things running. Make sure your network is secure so that there isn't a FERPA or HIPAA or other privacy-based lawsuit breathing down the company's neck. Be consistently running with about half the staff you actually need, antiquated servers, and piddly-shit funding that's the first thing every PHB wants to cut because it "doesn't directly generate revenue" while mouthbreathing morons complain that you and your staff are "not quick enough" to make everything compatible with their new fucking iToy six months before the damn thing even was available for purchase.
And then get some douchenozzle screwing things up further, wasting your time, creating a direct line into patient data (and yes, "Mr. Smith scheduled for surgery with Dr. Jones at 10 AM Friday" can turn into a HIPAA violation right quick even before you consider the idea of a hacked rogue box trying to infect/attack other parts of the network) by plugging a rogue box into the network that's not been remotely vetted for security.
"IT should do everything for the user and make every fucking iToy immediately work" types make me sick. You idiots don't know what it takes to make things secure while still interoperable, you don't have a fucking clue of all the things IT is stuck doing on a shoestring budget behind the scenes, all you think of is "me me me now now now wah wah wah."
Nope, I'd just quietly get the MAC and blacklist it. No network traffic for you. If I'm asked to buy a CalDAV server, I'll buy real server hardware and run it in a real server room. Not under some guy's desk where the custodial staff can kick the cable.
And if he complains about it not plugging and working anywhere in the building? Well he shouldn't have been buying shitty Beast Buy-caliber hardware with faulty ethernet cards.
He's a doctor, a faculty member (professor), and a division head (administration/management). I promise you he's not a moron. There's a substantial amount of career achievement and hard work implicit in those credentials. Furthermore, he's actually made time to understand how to set up his own Linux server, and he's come here asking for advice. Even if you think the course he's pursuing isn't the right one, need you take this tone?
He's a tenured faculty. This means he is a douchenozzle with the emotional maturity of a 5-year-old who enjoys getting into dick-waving contests.
He's an MD. This means he has spent a couple decades amassing extremely focused knowledge while ignoring most of the real world around him.
I refer you to Q, from Star Trek: The Next Generation: "just because someone is omnipotent and omniscient, it doesn't mean they aren't also an idiot."
Step ONE from an MD should have been to ask whether this was feasible within HIPAA regulations. Step TWO should, since he's tenured faculty, have been to ask about possible FERPA entanglements. The fact that he didn't even consider these makes him a Grade A Bleeding Moron.
Highly irregular that the first thing IT heard about it would be an 'open this port on a firewall request'; which is basically taboo for anything storing security sensitive info anyways -- proper security design is a major factor, including requirements such as server administrators at arms length from devs of the application and from auditors/security team.
Actually, that's usually how this crap happens. "I want project X set up yesterday so me and my fellow tenured people can do it immediately." - IT response, "Give us some time to look into it and ensure we can come up with a solution that meets regulations.
A week later: "IT is too slow. I want it yesterday. I'll just go kludge something together (or have my incompetent Indian grad student do it) and plug it into the network."
Happens all the time, especially when you have douchenozzles with tenure running around. IT can only "see" the device once it's plugged into the network jack, and even then if they're monitoring a ton of machines, they won't know it from an iPhone or Blackberry or iPad until it either (a) pops up as unscannable, (b) they get the "open a port for my kludge project" request, or (c) it attempts to send some data packet that triggers an alarm.
A good IT manager would get their users what they need so that they don't have to attempt to do it themselves.
A good user would talk to IT about it. From the question given, it sounds like Mr. Tenured Douchenozzle Who Ignores FERPA and HIPAA just went and set his own crap up without even bothering.
So I think we have already determined he is a lousy user who is too full of his own ego to bother with following protocol.
In short, stop being a condescending ass and let the professionals do their job. If I knew an untrained "division head' was setting up unauthorized networking equipment, I would avoid that hospital like the plague, as I don't want hacked equipment broadcasting my medical history to the world, understand?
We had a thread similar a while back - I explained that there are reasons IT does things. It has nothing to do with wanting to "spite" the users. It has plenty to do with ignorant users thinking that the crap they can pull and plug in to their house does not work in an enterprise-level environment with any sane security policy, even before you get to federal privacy laws like FERPA and HIPAA.
The questioner obviously has some grasp of technology. That should make him reasonably understanding of why the IT department, in a situation where data breaches = potential multimillion-dollar lawsuits, has to be extremely fucking careful about what is allowed on the network and what is allowed to see the outside world (and in turn be seen). He should have started from the beginning talking to them about what would help make things work, rather than going behind their backs.
"I am head of a clinical division at an academic hospital
Oh fuck. No wonder this is happening. He's "taken aback" because he's a douchenozzle with tenure. Oh yeah, and now IT has to deal not only with HIPAA but also FERPA data privacy regulations with the server he's kludged together without any care for security.
You're precisely right. There is a REASON that there are policies - in this case, federal law that can turn into massive, multi-million-dollar lawsuits.
I always am amused when someone kludges something together behind IT's back because "it's easier" than actually following protocol to get a function. If you need a function, we'll work with you to get it done, provided we can legally do so. If we can't do it, we will tell you why.
Going around behind IT's back is asking for trouble. Worse than that, it ensures that IT looks at you askance from that point forward. There are users we work with and have no problem with, and then there are the assholes who do something behind our backs and cause trouble when we have to chase down their mistakes. Guess who gets first priority on the list of new feature/function requests?
Antivirus programs are an important part of any sytem to protect you against virus infection. They work well against almost every virus.*
*-more than a week old *-that hasn't already infected the system *-that doesn't exploit something in the system running lower level than the AV program *-that doesn't exploit some hole in the code of the AV program itself *-that doesn't successfully evade detection just-long-enough to shut down the AV program from behind *-that doesn't successfully exploit people via social engineering and scareware tactics
Grad students traditionally act as assistants to professors - I take it your security model takes this into account and provides a safe, yet workable mechanism for making sure they can do this without also letting them into the student records?
Actually, it does. The professors are just being lazy and think that "letting my grad student use my computer and my profile" is "easier" (read: lazier) than actually putting documents into the area the students are allowed into.
If you try to apply that sort of model to a moderate sized university, it won't work. A University IT service needs to think more like a (good) internet service provider.
Funny thing: if you give the users unlimited install rights, you end up reimaging 50% of the campus computers every semester.
Slashdot Mirror
Ever since the political parties figured out that "rousing the base" is an easier way to win than winning votes from the center, it's been that way.
Well, that and when the Republicans rediscovered "stuffing the ballot box", "vote early vote often", and "keep them brown people outa the polling place" a few years back.
The fact that Republicans have been systematically destroying the education system in the country says a lot about it too. Ever wondered why whenever they come into power, the first thing they do is start firing teachers? Now you know. The less educated someone is, the more likely they are to believe the bread-and-butter kookiness that comes from the Republican noise machine, and the less likely they are to have an attention span capable of remembering that these assholes were saying the exact opposite thing just a couple days ago.
I also know this makes a mess for the IT department when they have to inherit the POS I made. But just imagine how much easier things would be for the IT folks if they would provide people to help with these quick solutions so that they are designed reasonably well and are easier to support. ...
Actually, we have about 500 users using the application in 30 countries, and the application is actually quite stable. In five years, we've only had a couple hours of unplanned downtime, and half of that was a Citrix server problem (out of my control). Most of our planned downtime has typically been for upgrading servers (moving from SQL2000 to SQL2008 servers, or from a single Citrix box to a farm of Citirix servers for the application) and happens on holidays. ...
Note, I'm not struggling with the entire IT organization. The people in IT who provide servers: SQL servers, shared-drives, and Citrix platforms, etc. are fantastic. I ask for what I need and they work with me to clarify what's actually needed then cheerfully provide it. I couldn't keep this going without them.
Something you are saying here does not compute.
Seems you're getting a TON of support from IT with servers, from what should be a server-side application. Especially since you admit it already ties in to their existing databases.
Seems also, your little app requires a significant amount of money (in either parts or time monitoring) to support it.
Seems also, you admit that you gave incomplete design specs in your initial proposal and may still be doing so each time you propose it.
Seems also, we are still missing information from you. You say it's not the "entire IT organization." What are you doing, submitting this to the rejected Indian monkeys running your frontend helpdesk whose primary job is to handle people who are having "trouble" opening their email?
Have you submitted this to the head of IT? Or to the head of the server support desk? Or if not, where HAVE you been submitting it to?
I don't think it's IT's fault you are having this trouble. I think you're either holding information back from them deliberately, or you're so bad at communication that they can't make heads or tails of your proposals, or you're talking to the wrong damn people who are already under-budgeted and overloaded with crap from every OTHER person at your company that operates in this fashion.
Oh you goddamn fucking idiot.
IT infrastructure exists to help people get their jobs done. IT departments exist to support that.
IT has the following schizophrenic, ass-backwards requirements on their jobs:
1 - "help people get their job done."
1 - "develop new tools to improve productivity."
1 - "Make sure everything is running. At all times. 24/7."
1 - "Make sure backups happen all the time no matter what."
1 - "Make sure users can access data and make changes even during the backups."
1 - "Make sure everything is completely fucking secure."
1 - "Make sure the company doesn't get any legal liabilities exposed."
And yes. They're all labeled "Number 1" for a reason.
You want one thing. Fine. IT, meanwhile, is trying to answer to every goddamn idiot in the entire company who wants to place a different requirement on them. There's you, there's other departments, there's the lawyers, the CEO, the VP, the dumbass VP who wants you to open up a hole in the firewall so his kid can play video games in the office, the jerkass VP with a sub-80 IQ who's busy looking at porn all day but who gets kept around because he was in the same frat as the VP's at some of your biggest clients...
You forgot the obvious:
Professor Douchenozzle got a new iToy and wants it all working RIGHT NOW or he'll throw a temper tantrum and need to be put down for his afternoon nappies.
Can we try to avoid unrealistic comparisons for the sake of argument? That would never happen.
Really? Then why does Dr. Douchenozzle think it's a good idea to practice IT without a license?
But why can't the IT organization come up with "quick solutions"? Are there no people in IT who know more than me who could make something "as good" as the POS I cobbled together in a week or two?
Because you asked the IT staff for a solution that everyone in the business can use. So they were trying to make one that would be able to handle the load, and the stress, and the security requirements.
YOU, on the other hand, cobbled together a piece-of-shit implementation that will cause nothing but headaches over time, will crash when it hits the Windows filesize limitations, and that can't be used by anyone but you.
I also know this makes a mess for the IT department when they have to inherit the POS I made. But just imagine how much easier things would be for the IT folks if they would provide people to help with these quick solutions so that they are designed reasonably well and are easier to support. Considering how much time and effort they have to spend on the back-end of it, dealing with crappy databases and data, it would probably actually require less time and effort if they availed themselves at the front-end when the business needed a quick solution.
See above, you fucking incompetent nitwit. They offered you the solution that would WORK FOR THE ENTIRE COMPANY. You wanted everything now and for zero cost.
Fast, Cheap, or Correct. Pick ONE.
You've gotta be even crazier to give the average off the shelf techie root access to a FDA regulated nuclear physics control system...
You've got to be even crazier than that to let some fucktard with Ph.D and delusions of grandeur plug a rogue box into any network connected to same. The IT staff are likely to check into what they are doing - the script kiddies about to have a field day with Dr. Fucktard's New Playpen, on the other hand...
Why were you going into bars and restaurants where people smoked, if you found it so unpleasant?
Because there was no way to get around it and still be social?
Used to be every bowling alley was filled to the point of a haze with smoke.
Same thing for every damn bar.
Most restaurants too.
Pain in the ass when your buddies want to go bowling, or grab a meal, and you're not wanting to be the spoilsport. Besides, I like bowling. I'm just not a fan of being exposed to so much goddamn cancer stick fumigation that I start hacking up a lung.
You are clearly mistaken.
Death remains our nation's, and the world's, top killer.
Oh fuck you.
Those who follow procedure - come to us, have a plan, have an expected ROI or some measure by which they can show it will be a productivity gain, work with us on implementing what they want in a sane and secure manner - get priority.
Assholes who put a rogue box on the network, cause a bunch of security holes, and THEN demand we "make it work" because they want something right now or else they'll throw a temper tantrum? They don't get priority. Not until they learn to do things the right way and stop causing security holes and liability problems.
If you are putting functionality request in order of how much you like the user
No, we are putting requests in order of those people who are going to actually work WITH us, who have a defined plan of what what they want to do, who are willing to give US the time to do our Due Diligence with regard to legal and network ramifications of what they are asking for.
On the other hand, when some douchenozzle plugs a rogue box into the network, our response is what it has to be because the lawyers and PHB's have ordained: box goes off network. Box STAYS off network. They are invited to RESUBMIT their request with proper documentation and actually follow the fucking protocol this time.
Ever considered that at your other places, the problem is probably not "slow IT people", but "an understaffed IT department that spends all their time just putting out fires and dealing with stupid crap cause by people plugging in unsupported crap to the network" that, due to "Priority A-1 Keep The System Running At All Costs" screams, never has the time to work on new features?
Oh, and since he's in a medical AND educational facility, now add in the interference of not just PHBs and Lawyers, but also Douchenozzle Tenured Faculty With Delusions Of Grandeur...
What part of "not supported" don't you understand?
The part where we should allow his shitty unmaintained thing to get hacked and then start spreading problems across the network.
The part where, inevitably, some other loser throws a shitfit because we don't support his little piece of equipment and they can't get it to work.
The part where, inevitably, he leaves or dies and we're now expected to support it anyways.
Ok, here are reasons for such a policy:
1 - Who replaces the hardware should a piece fail?
2 - Who is responsible for keeping the software updated?
3 - Does the solution fit into an existing update checking/patching/maintenance setup, or do we have to spend 20 man-hours or more per week out of an already shortstaffed IT desk to try to confirm that it is properly patched and maintained?
4 - What does it expose the rest of the existing network to?
5 - Who maintains it and has the maintenance passwords/keys/etc if you (or whoever installed this rogue piece of shit) get hit by a bus?
6 - What legal liabilities does it, or does it not, potentially open the company to?
7 - Who controls the access to it and maintains any user lists it may keep?
8 - How do we ensure that you clean off fired employees from said user lists in a timely manner if they had access?
9 - Who covers all of the above if you are on vacation, let alone hit by a bus and in the hospital or deceased?
HIPAA is one "argument." If you're in an education, FERPA. If you're in a legal profession there are similar data-privacy laws. Likewise for many other fields.
This is why "no rogue servers" exists. "But it's not run by IT" is a small part of that, see also what if you got hit by a bus, add in how does it integrate, and finish off with what is the legal liability potential.
"Not-invented-here syndrome" is the pitiful sour-grapes excuse of assholes like you who think going behind IT's back is a good idea and never fucking think about the potential ramifications of your actions until we're putting out the fire you started while you stand back trying to come up with excuses to tell your boss about why your rogue server just resulted in 10,000 credit card numbers and personal info files getting into the hands of some hacker.
Users have learned through experience that IT hates them, and they're usually right.
If you're the kind of user who's learned through experience that IT hates you, you are the kind of asshat who keeps doing things you're not supposed to be doing on the network.
Why is there no working relationship between IT and the rest of the company? Because IT's contradictory jobs (in revolving priority list) are:
1 - "Provide services (defined by what the PHB who knows precisely jack shit about anything except screwing secretaries)"
1 - "Keep everything running."
1 - "Keep everything secure."
1 - "Keep us from getting into privacy lawsuits."
Of course, none of these "generate revenue." So PHB's want IT to also be chronically understaffed and on a shoestring budget. And then PHU's (Pointy-Haired Users) show up. So first, the understaffed IT staff on a shoestring budget are always busy putting out fires because of the douchebag PHB wants to download porn and jerk off in his office while simultaneously wanting them to "keep an eye" on the network to ensure that users aren't going to sites like youtube on company time. Then, 18 PHU's show up and all want their email on their phone. And it's 18 fucking types of phones from as many carriers.
Oh, and then some douchenozzle gets the bright idea to forward his email to GMail instead. Except that once you do that, your email could be subpoenaed and google will never bother to inform you. So now confidential patient records, or student records, or lawyers' records, or a thousand other privacy violations are just a subpoena or stolen password or GMail account hack away from exposure.
Or some douchenozzle decides we aren't "quick enough" in setting up Wifi so his little fartbag daughter can play games on his iphone on daddy-daughter day. So he brings in a WAP and plugs it in somewhere out of normal view without any fucking security. Bam, welcome to "Open Wifi Free-For-All day", the entire network is fucking exposed because someone plugged in an unsecured WAP behind the firewall.
Or a thousand other things that go wrong every day because some shitheaded moron decided he just had to circumvent IT and that he could "do it himself."
Want to know who we hate? It's not "users." It's users who don't fucking think about the consequences of their actions.
Guess what.
You fuck with your plumbing, it voids the warrantied work from your plumber.
You fuck with your house's electricals, it voids the warranty on your electrical work.
You fuck with installing a pool or patio without having drawings and engineering checks to ensure you didn't screw up the drainage pattern, your foundation repair company's "lifetime warranty" is void.
So why the fuck do so many people think that going behind IT's back is a good idea?
The dept. head in this example is the type you should actually talk to to
find out how you can (mirable dictu!) make your services better.
The dept head is the kind of stuck-up douchenozzle who didn't bother to talk to IT.
The dept head is the kind of shithead who wants everything "now" rather than giving IT time to do their jobs.
Try working in IT for a while. Be on pager 24/7 in case something happens, working 8 hours a day onsite and another 6-8 at home to keep things running. Make sure your network is secure so that there isn't a FERPA or HIPAA or other privacy-based lawsuit breathing down the company's neck. Be consistently running with about half the staff you actually need, antiquated servers, and piddly-shit funding that's the first thing every PHB wants to cut because it "doesn't directly generate revenue" while mouthbreathing morons complain that you and your staff are "not quick enough" to make everything compatible with their new fucking iToy six months before the damn thing even was available for purchase.
And then get some douchenozzle screwing things up further, wasting your time, creating a direct line into patient data (and yes, "Mr. Smith scheduled for surgery with Dr. Jones at 10 AM Friday" can turn into a HIPAA violation right quick even before you consider the idea of a hacked rogue box trying to infect/attack other parts of the network) by plugging a rogue box into the network that's not been remotely vetted for security.
"IT should do everything for the user and make every fucking iToy immediately work" types make me sick. You idiots don't know what it takes to make things secure while still interoperable, you don't have a fucking clue of all the things IT is stuck doing on a shoestring budget behind the scenes, all you think of is "me me me now now now wah wah wah."
Nope, I'd just quietly get the MAC and blacklist it. No network traffic for you. If I'm asked to buy a CalDAV server, I'll buy real server hardware and run it in a real server room. Not under some guy's desk where the custodial staff can kick the cable.
And if he complains about it not plugging and working anywhere in the building? Well he shouldn't have been buying shitty Beast Buy-caliber hardware with faulty ethernet cards.
He's a doctor, a faculty member (professor), and a division head (administration/management). I promise you he's not a moron. There's a substantial amount of career achievement and hard work implicit in those credentials. Furthermore, he's actually made time to understand how to set up his own Linux server, and he's come here asking for advice. Even if you think the course he's pursuing isn't the right one, need you take this tone?
He's a tenured faculty. This means he is a douchenozzle with the emotional maturity of a 5-year-old who enjoys getting into dick-waving contests.
He's an MD. This means he has spent a couple decades amassing extremely focused knowledge while ignoring most of the real world around him.
I refer you to Q, from Star Trek: The Next Generation: "just because someone is omnipotent and omniscient, it doesn't mean they aren't also an idiot."
Step ONE from an MD should have been to ask whether this was feasible within HIPAA regulations. Step TWO should, since he's tenured faculty, have been to ask about possible FERPA entanglements. The fact that he didn't even consider these makes him a Grade A Bleeding Moron.
Highly irregular that the first thing IT heard about it would be an 'open this port on a firewall request'; which is basically taboo for anything storing security sensitive info anyways -- proper security design is a major factor, including requirements such as server administrators at arms length from devs of the application and from auditors/security team.
Actually, that's usually how this crap happens.
"I want project X set up yesterday so me and my fellow tenured people can do it immediately." - IT response, "Give us some time to look into it and ensure we can come up with a solution that meets regulations.
A week later: "IT is too slow. I want it yesterday. I'll just go kludge something together (or have my incompetent Indian grad student do it) and plug it into the network."
Happens all the time, especially when you have douchenozzles with tenure running around. IT can only "see" the device once it's plugged into the network jack, and even then if they're monitoring a ton of machines, they won't know it from an iPhone or Blackberry or iPad until it either (a) pops up as unscannable, (b) they get the "open a port for my kludge project" request, or (c) it attempts to send some data packet that triggers an alarm.
A good IT manager would get their users what they need so that they don't have to attempt to do it themselves.
A good user would talk to IT about it. From the question given, it sounds like Mr. Tenured Douchenozzle Who Ignores FERPA and HIPAA just went and set his own crap up without even bothering.
So I think we have already determined he is a lousy user who is too full of his own ego to bother with following protocol.
In short, stop being a condescending ass and let the professionals do their job. If I knew an untrained "division head' was setting up unauthorized networking equipment, I would avoid that hospital like the plague, as I don't want hacked equipment broadcasting my medical history to the world, understand?
We had a thread similar a while back - I explained that there are reasons IT does things. It has nothing to do with wanting to "spite" the users. It has plenty to do with ignorant users thinking that the crap they can pull and plug in to their house does not work in an enterprise-level environment with any sane security policy, even before you get to federal privacy laws like FERPA and HIPAA.
The questioner obviously has some grasp of technology. That should make him reasonably understanding of why the IT department, in a situation where data breaches = potential multimillion-dollar lawsuits, has to be extremely fucking careful about what is allowed on the network and what is allowed to see the outside world (and in turn be seen). He should have started from the beginning talking to them about what would help make things work, rather than going behind their backs.
"I am head of a clinical division at an academic hospital
Oh fuck. No wonder this is happening. He's "taken aback" because he's a douchenozzle with tenure. Oh yeah, and now IT has to deal not only with HIPAA but also FERPA data privacy regulations with the server he's kludged together without any care for security.
Welcome to HIPAA requirements.
You're precisely right. There is a REASON that there are policies - in this case, federal law that can turn into massive, multi-million-dollar lawsuits.
I always am amused when someone kludges something together behind IT's back because "it's easier" than actually following protocol to get a function. If you need a function, we'll work with you to get it done, provided we can legally do so. If we can't do it, we will tell you why.
Going around behind IT's back is asking for trouble. Worse than that, it ensures that IT looks at you askance from that point forward. There are users we work with and have no problem with, and then there are the assholes who do something behind our backs and cause trouble when we have to chase down their mistakes. Guess who gets first priority on the list of new feature/function requests?
Antivirus programs are an important part of any sytem to protect you against virus infection. They work well against almost every virus.*
*-more than a week old
*-that hasn't already infected the system
*-that doesn't exploit something in the system running lower level than the AV program
*-that doesn't exploit some hole in the code of the AV program itself
*-that doesn't successfully evade detection just-long-enough to shut down the AV program from behind
*-that doesn't successfully exploit people via social engineering and scareware tactics
but the machine itself isn't much more than a reboxed Gamecube
Oblig: it's actually two gamecubes duct taped together.
Grad students traditionally act as assistants to professors - I take it your security model takes this into account and provides a safe, yet workable mechanism for making sure they can do this without also letting them into the student records?
Actually, it does. The professors are just being lazy and think that "letting my grad student use my computer and my profile" is "easier" (read: lazier) than actually putting documents into the area the students are allowed into.
If you try to apply that sort of model to a moderate sized university, it won't work. A University IT service needs to think more like a (good) internet service provider.
Funny thing: if you give the users unlimited install rights, you end up reimaging 50% of the campus computers every semester.