I may be a little cynical, but how big is your company? You enjoy a lot more freedom than I did in product development at my previous job and in most places where I do consultation now. I can understand a sysadmin being a little wary of a consultant, but you and your fellow programmers seem to enjoy a level of trust at your company that I don't see anymore at most larger places. As for your IT department being competant and knowledgable, I suspect that many IT professionals are at heart, but they have become jaded by restrictive or unreasonable company policies.
Maybe a good example of the corporate IT environment will be the example of my (recently) former company: a major computer manufacturer. I signed a nondisclosure agreement, so I won't give anything blatant away, but you can draw your own intelligent conclusions.
I agree with most of the comments made: that company policy and actual security are two very different things. My point is, that a company that deals with computer manufacture and OEM releases of Windows should know better. All companies have small beginnings, and people talked about the good old days when I came to the team. But by the time I got there, people in product development had computers with no cd/floppy drives and locked cases so they "couldn't steal the RAM" (all pitiful 64 MB of it) and you had to save all your work on the network where everyone else could access it if they really felt like looking. My machine had an 8 GB hard drive. After my OS, normal security measures and applications, not to mention management-inspired insanities, what was I supposed to do with the remaining 1 GB of my "brand new" computer's hard drive space?
To be fair, in 1997, it was running on a Win95 network, but in 2002 it was still running on the same basic infrastructure. For security reasons. Management was so terrified of theft of ideas and possible piracy (like people didn't have their own broadband at home) that security searched you and your belongings every day for discs/diskettes. No more notebooks or working at a place other than work. Not even for management. You had to check out discs and RAM for a system in the lab, which was the only place that had computers with drives outside the server room, the actual manufacturing floor, and six offices used on rotation by managers. This was primarily for demonstrations when you were teaching tech support staff about new products, services, or OS releases. I had to introduce serial ATA to 30 people at a time in my building, while being monitored by security and recorded, with a checked out copy of a Windows XP beta edition and one stripped-down computer case because that was all that they were willing to give me.
And then came WinXP. All the systems complex-wide were falling apart, being 4-7 years old, so they upgraded every box to 128 MB RAM and 8 GB hard drives. Then they installed the OS as soon as it was released. Needless to say, systems were crashing everywhere, none of the company-wide software applications were even XP-compatible, and there was a general state of chaos. There were real security holes everywhere, but corporate HQ touted their trend-forward steps for their shareholders. For a year this particular location operated in total darkness while their crippled and villified 10-person IT team tried to allocate resources and time to fix everything. Not only did Corporate expect IT to magically fix everything; they expected an entire manufacturing, customer service and tech support center to operate with unreliable documentation tools, poor shipping fulfillment software and customer information database vulnerabilities.
Things are running more smoothly now, but this event illustrates the problems with so many companies, both tech-related and not. Most corporate-level managers still think it's 1985 and things are as simple as MSDOS 6.0. They can program in QBASIC. If they had any technical experience, it's long out of date. These are the people who set the policies that drive your IT practices, especially in larger companies. Kudos to all the businesses that still give their IT staff the power to use their own discretion, but they are becoming rarer every day. In the end it's not the intelligence of the end-user that needs to change; it's the education level and experience of the person setting technical policy that needs to change. If this means the company's CEO spending a 2-week internship in Engineering, why not? He's still getting paid. If the VP of sales needs to understand that she can't guarantee a client that her company uses this or that security protocol, fly her down to a local sysadmin's office for a month. Corporate practices need to change before industry standards will change. Until then, we all just need to hang in there.
Slashdot Mirror
I may be a little cynical, but how big is your company? You enjoy a lot more freedom than I did in product development at my previous job and in most places where I do consultation now. I can understand a sysadmin being a little wary of a consultant, but you and your fellow programmers seem to enjoy a level of trust at your company that I don't see anymore at most larger places. As for your IT department being competant and knowledgable, I suspect that many IT professionals are at heart, but they have become jaded by restrictive or unreasonable company policies.
Maybe a good example of the corporate IT environment will be the example of my (recently) former company: a major computer manufacturer. I signed a nondisclosure agreement, so I won't give anything blatant away, but you can draw your own intelligent conclusions. I agree with most of the comments made: that company policy and actual security are two very different things. My point is, that a company that deals with computer manufacture and OEM releases of Windows should know better. All companies have small beginnings, and people talked about the good old days when I came to the team. But by the time I got there, people in product development had computers with no cd/floppy drives and locked cases so they "couldn't steal the RAM" (all pitiful 64 MB of it) and you had to save all your work on the network where everyone else could access it if they really felt like looking. My machine had an 8 GB hard drive. After my OS, normal security measures and applications, not to mention management-inspired insanities, what was I supposed to do with the remaining 1 GB of my "brand new" computer's hard drive space? To be fair, in 1997, it was running on a Win95 network, but in 2002 it was still running on the same basic infrastructure. For security reasons. Management was so terrified of theft of ideas and possible piracy (like people didn't have their own broadband at home) that security searched you and your belongings every day for discs/diskettes. No more notebooks or working at a place other than work. Not even for management. You had to check out discs and RAM for a system in the lab, which was the only place that had computers with drives outside the server room, the actual manufacturing floor, and six offices used on rotation by managers. This was primarily for demonstrations when you were teaching tech support staff about new products, services, or OS releases. I had to introduce serial ATA to 30 people at a time in my building, while being monitored by security and recorded, with a checked out copy of a Windows XP beta edition and one stripped-down computer case because that was all that they were willing to give me. And then came WinXP. All the systems complex-wide were falling apart, being 4-7 years old, so they upgraded every box to 128 MB RAM and 8 GB hard drives. Then they installed the OS as soon as it was released. Needless to say, systems were crashing everywhere, none of the company-wide software applications were even XP-compatible, and there was a general state of chaos. There were real security holes everywhere, but corporate HQ touted their trend-forward steps for their shareholders. For a year this particular location operated in total darkness while their crippled and villified 10-person IT team tried to allocate resources and time to fix everything. Not only did Corporate expect IT to magically fix everything; they expected an entire manufacturing, customer service and tech support center to operate with unreliable documentation tools, poor shipping fulfillment software and customer information database vulnerabilities. Things are running more smoothly now, but this event illustrates the problems with so many companies, both tech-related and not. Most corporate-level managers still think it's 1985 and things are as simple as MSDOS 6.0. They can program in QBASIC. If they had any technical experience, it's long out of date. These are the people who set the policies that drive your IT practices, especially in larger companies. Kudos to all the businesses that still give their IT staff the power to use their own discretion, but they are becoming rarer every day. In the end it's not the intelligence of the end-user that needs to change; it's the education level and experience of the person setting technical policy that needs to change. If this means the company's CEO spending a 2-week internship in Engineering, why not? He's still getting paid. If the VP of sales needs to understand that she can't guarantee a client that her company uses this or that security protocol, fly her down to a local sysadmin's office for a month. Corporate practices need to change before industry standards will change. Until then, we all just need to hang in there.