Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

IT Departments Fear Growing Expertise of Users

kdawson posted more than 7 years ago | from the illusion-of-control dept.

Security 499

flatfilsoc recommends a long article in CIO magazine on users who know too much and the IT leaders who fear them. Dubbing the universe of consumer technology the "shadow IT department," the article highlights the extent to which the boundary between users' workplace and home have broken down. It notes the increasing clash — familiar to anyone who works in a company with an IT department — between users' home-grown productivity boosters and IT's mandate to protect corporate data. The inherent tendency of the IT department to want to crack down and control technology that it doesn't supply should be resisted at all costs, according to CIO. The article outlines strategies for co-existence. It just might persuade some desperate CIO somewhere not to embark on a career-limiting path of decreeing against gmail and IM.

cancel ×

499 comments

Sorry! There are no comments related to the filter you selected.

Yeah, what he said.... (5, Insightful)

zappepcs (820751) | more than 7 years ago | (#18087124)

and there are always groups of individuals in every company that DO NOT fit the one-size-fits-all software/security model.

Some people/groups really need a sandbox to work in, without interference from good intentioned IT departments.

A virus spread wildly throughout my company recently because IT had thought to conveniently map some not so useful drives for everyone... guess how that virus spread?

IT needs to learn to provide and protect without being so intrusive as to hinder real work being done.

Sighhh

Re:Yeah, what he said.... (5, Insightful)

bigtomrodney (993427) | more than 7 years ago | (#18087214)

That is certainly true to a large degree, but let's not overshadow the need for tighter security. Ultimately users need to bear in mind that their PC is for working, and really should only provide for their working environment. It's best to put aside the 'it's my computer' attitude and push the 'it's a company tool' attitude. Speaking as someone who has worked for years in IT, I would be more of the opinion that most staff in the IT department fear user knowledge because their own knowledge is lacking. From experience of a few different departments it's usually only one or two who have the knowledge to begin with and another five or six who are all talk. That's more what causes the friction between users and IT staff. No one minds a straight no if it is qualified, but I don't think anyone will tolerate a grunt of 'no' from someone who's not even sure why in the first place.

Re:Yeah, what he said.... (5, Insightful)

Jhon (241832) | more than 7 years ago | (#18087448)

Ultimately users need to bear in mind that their PC is for working, and really should only provide for their working environment.
Agreed. What need does a biller have in hooking up their IPOD to their work PC? Why would a clientservices-phone jockey need to hook up their USB memory stick? Why would a transcriptionist need access msn/hotmail/yahoomail?

Then again, if it's a small shop and you're not really dealing with protected information on the network (say, medical records for example), then you may be fairly lax as to what users can/can't do at the workstation.

*IF* however, you have federal and or state guidelines you MUST follow with regards to protecting identity and health information, then sorry pals, your workstation is locked down. Nope -- no unauthorized memory sticks. Nope, no internet access -- other than white listed work related sites. Nope, no access to install software.

I've had users ask me for permission to install some "app" they like to use. The simple answer is "no" and I don't want to waste my breath re-hashing the same reasons. So I say "No. Check your employee handbook, page 12 for why" and walk away. I'm not going to have anyone of my guys jump through paperwork hoops to keep CAP or CLIA or MediCal happy so someone can have their computer go "ding" at a certain time using their favorite software.

Re:Yeah, what he said.... (4, Insightful)

markov_chain (202465) | more than 7 years ago | (#18087808)

What need does a biller have in hooking up their IPOD to their work PC? Why would a clientservices-phone jockey need to hook up their USB memory stick? Why would a transcriptionist need access msn/hotmail/yahoomail?

Morale.

This is a tricky thing and different for different types of work. A long time ago when I worked at a research lab, they tolerated my Linux boxes going onto their corporate network, which was a mix of Solaris and Windows. I even managed to interfere with their routing infrastructure by doing experiments with gated. They might have been upset about it, but in the end good work got done and the creative people were happy. If their policy had been draconian, the said good work would have been done at a competitor.

Re:Yeah, what he said.... (4, Insightful)

Jhon (241832) | more than 7 years ago | (#18087896)

Morale.


And how would their morale hold up when their employer is either shut down, fined in to oblivian or loses their ability to bill medical or some critical private insurance (essentially, you go out of business) for not providing necessary safegards for indentity/medical history? I don't think that their morale will be that high when they get their last check...

A radio is fine. A tape deck. Even a CD player. Hell... even an MP3 player is fine so long as it's not hooked up (and unable to hook up) to a workstation.

Re:Yeah, what he said.... (0)

Anonymous Coward | more than 7 years ago | (#18087814)

It's best to put aside the 'it's my computer' attitude and push the 'it's a company tool' attitude.

It is my computer. I will not have my productivity suffer at work by being forced to use a Windows machine (been there, done that, have enough t-shirts, thanks). So I use my Mac.

Sometimes it "has to fit" (4, Informative)

winkydink (650484) | more than 7 years ago | (#18087482)

whether you like it or not.

In the US, Sarbanes-Oxley places some strict requirements on data retention for publicly-traded companies. Employees choosing to use IM and gmail, could cause those requirements to be circumvented.

Re:Sometimes it "has to fit" (4, Informative)

LurkerXXX (667952) | more than 7 years ago | (#18087640)

This is why the clever IT guy who doesn't want to get blamed for limiting user, as in the blurb, should bring in the corporate lawyers to lay down the law. This way it isn't the good IT director who wants to supply any needed technology, but the lawyer cracking down on things that could get the company in hot soup.

Re:Sometimes it "has to fit" (1, Offtopic)

EastCoastSurfer (310758) | more than 7 years ago | (#18087894)

Employees choosing to use IM and gmail, could cause those requirements to be circumvented.

Same with employees using the copier, printer, fax machine, or *drum roll* a pencil and piece of paper. If someone wants to circumvent some security measure they will.

At some point you have to trust your employees. If you can't trust them, then why hire them in the first place?

Re:Yeah, what he said.... (1)

crabpeople (720852) | more than 7 years ago | (#18087648)

A virus that executes itself off network shares? Do you recall the name? I was thinking the other day about how I never see virii like that anymore. Now adays its all install adware, blah blah, show pop ups - aw cute, sell winantivirus subscriptions.. boring!

Re:Yeah, what he said.... (1)

ScnGuy (1060720) | more than 7 years ago | (#18087650)

I have been on both sides -- as a developer using computers "maintained" by IT people, and as an IT manager whose job it is to ensure IT tools are available and safe, and that information is secure.

As a user (this was a while back), I invariably went "outside" the "State-approved" environment, usually by creating my own: DOS, Windows, Unix, whatever. The price of freedom was responsibility. I had to support the systems myself, since IT had no clue what I was doing. Where firewalls and other security constraints got in the way, I would handle it either by negotiation (usually I was working on a project that required some access to sensitive corporate data) or by, again, going outside - using external ISPs, services, etc. I was usually able to negotiate a modem line.

On the other side, I have set a firm "this is a company computer" policy in place, and let everyone know that we can and do see everything on their computer, including all emails and web traffic. (The real truth is that I stopped being so draconian and stopped paying for all the web monitoring tools, but they don't know that!) However, emails and other communications can be monitored. I also have various password cracking tools I use to get into, say, Excel docs when it is needed, and that is a "service" of IT. Yes, there are some things we cannot, obviously, crack, but, again, they don't know that.

What ends up happening is that I have users who are knowledgeable and I give them leeway to be self-maintaining. They end up being my best customers, since they are not hammering my door to give them access they obviously are able to use correctly. Also, my average users know that their computer is really a tool, and they do not want to cause trouble.

Also, of course, I tolerate a bit of personal eBay and web radio to keep the people happy. I just ensure that we have all our AV in place!

The only real trouble user I have is an executive who thinks he knows, but has no clue, and ends up digging himself into holes that it can take a day or two to dig out of - this, even restricted from "Admin" privileges.

Fear is rooted in ignorance... (1)

atomic777 (860023) | more than 7 years ago | (#18087748)

..this is not IT-specific. Ignorance and uncertainty about anything naturally lead to fear. The paranoia of a CIO is proportional to his/her ignorance, all other things being equal. Every company is different and the variables involved differ. Information security is a matter of risk mitigation and an understanding of the value of the data that needs to be protected. If you work for an internet company that deals with a lot of scraped data from the web, IT need not be nearly as keen to protect data as, say, the DoD.

I've worked in corporate R&D labs with relatively high security that still provided wireless access on the grounds of the lab. This is a security risk, perhaps, but one that was mitigated to an extent deemed acceptable, given the value it provided. Another company I worked for, with far less to worry about from a data protection perspective, denied our numerous requests for wireless access on grounds of "security". In other words, they were too incompetent to mitigate the risk involved to provide a valuable service to us.

Re:Yeah, what he said.... (1)

HTH NE1 (675604) | more than 7 years ago | (#18087824)

and there are always groups of individuals in every company that DO NOT fit the one-size-fits-all software/security model.

Well, there's that, and then there's IT departments that use one-size-fits-no-one software. We develop our software using XEmacs 19.13 (September 3, 1995) because IT doesn't want to tweak a more modern version to work with our RCS.

My personal nemesis... (5, Insightful)

NerveGas (168686) | more than 7 years ago | (#18087150)


    Has always been the user who *thinks* he knows too much, and is out to prove it - usually causing problems, havoc, and destruction in so doing. You know, the kind of guy who gets pissed when you won't give them root/Administrator priveliges because he thinks he's a real big-shot. I've heard arguments as silly as "Well, I'm learning Linux on my own at home, so sooner or later, I'm going to know how to use it whether you give me root or not." Yeah, good for you.

    It seems that every company I've worked for has had one. Maybe it's a small part of my personal castigation for the things I've done wrong. Who can say...

Re:My personal nemesis... (1)

8-bitDesigner (980672) | more than 7 years ago | (#18087432)

Well, and while this obviously doens't apply to you, I'm sure we've all had the converse happen where we geeks get to deal with IT departments that know far less than us.

Yes, I'm look at you, Mr. University IT Department.

Re:My personal nemesis... (4, Interesting)

russ1337 (938915) | more than 7 years ago | (#18087442)

For a moment I thought you were talking about me....

But seriously. My IT department guys were kind enough to give me admin privileges on my workstation and on my colleagues workstations in my department. I didn't ask for it, but they obviously trust me to some extent and i've built that trust over time. I'm not a sysadmin and have never been one.

It could have something to do with the fact I'm overseeing a highly technical project involving setup of IT systems of sorts. This leads me to the same problem the article mentions. Our system must stay isolated from the world - physically and connectively (no inter-tubes for you!). The problem is its users 'think' they know better and think its ok to put in a CD, or plug in a USB drive to play MP3's or whatever because they can at home. (I don't think I need to tell /.'ers of the dangers of CD's after the Sony rootkit debacle). Of course we've removed all accessible means in - CDROMS/USB slots etc... and have some very harsh rules. But still, it's only a matter of time before I walk in and find some guy with his mp3 player hanging from a machine, or installing something unauthorized... because they thought they knew better.

Re:My personal nemesis... (1)

jbarr (2233) | more than 7 years ago | (#18087752)

Some people are just very trustworthy with high integrity while others will abuse whatever they can. Of course, the challenge is determining that at the interview stage...

Re:My personal nemesis... (0)

Anonymous Coward | more than 7 years ago | (#18087492)

Yeah we had one of those types. A problem one IT support staff faced is that he helps the less savvy, becomes their hero. And when we have to work with those users, we notice conflicting information between his "teachings" and and how we try to resolve the users' problems. We try to discourage them from getting help from that guy but becomes a messy political issue. BTW - this was art and editorial shop for a magazine running Mac OS 7-8 in '98 - and had only one guy.

Re:My personal nemesis... (1)

boone (3018) | more than 7 years ago | (#18087570)

Has always been the user who *thinks* he knows too much, and is out to prove it - usually causing problems, havoc, and destruction in so doing. You know, the kind of guy who gets pissed when you won't give them root/Administrator priveliges because he thinks he's a real big-shot.
Just one? I don't call that personal castigation, but a blessing, perhaps even a miracle. Just read a few posts on this story, many will be from someone who believe they have a God given right to make the lives of others a living hell ... err, I mean, responsibility to FIX the technology they encounter. There might even be a correlation to the fact the poster has mistakenly self diagnosed with Asperger's to explain something.

Re:My personal nemesis... (5, Insightful)

0100010001010011 (652467) | more than 7 years ago | (#18087582)

My personal nemesis is the layers of abstraction you have from someone that actually knows something and the mentality of those people.

My laptop at work continuously reboots. I ran a memtest on it and narrowed it down to a bad memory chip. IT wants me to send in my laptop. I'm sorry. I don't have time to deal with that down time, so I just put up with it restarting.

The most annoying one is when they redid a few dozen internal webservers. All of a sudden the redirect didn't work (If you went to an internal site and it had been X minutes it redirected you to Corporate Web Login).

I did some research on my own and found that when they upgraded to the newest webserver someone forgot to bring along the configuration. All the redirect websites were being sent out as plain/text. Firefox correctly rendered it as... plain text. When I e-mailed IT about it I got a nice form letter about "Firefox isn't supported, we use IE, etc".

I then copy and pasted curl -v logs of all the websites that were broken. I didn't just tell them what was broken, I told them HOW to fix it. I never got a reply back and everything magically worked within a week.

Sometimes there ARE users out there who know what we're talking about. I'm not asking for admin rights or root access. But I do want to be able to do my job and when your fuckups impede that, it does tick me off. The IT people I know are the ones that seem to have the hardest time saying the two 3 word phrases that every engineer (in my opinion) must learn before leaving college: "I don't know." and "I was wrong."

In the mean time I wrote a greasemonkey script that when it saw the redirect page it sent me to the correct website.

Re:My personal nemesis... (1)

jasonmicron (807603) | more than 7 years ago | (#18087586)

If he were really smart he'd init 1 that thing and make his own root password.

Re:My personal nemesis... (1)

dankney (631226) | more than 7 years ago | (#18087672)

...then get fired and/or go to jail.

Re:My personal nemesis... (1)

vertinox (846076) | more than 7 years ago | (#18087840)

You know, the kind of guy who gets pissed when you won't give them root/Administrator priveliges because he thinks he's a real big-shot. I've heard arguments as silly as "Well, I'm learning Linux on my own at home, so sooner or later, I'm going to know how to use it whether you give me root or not." Yeah, good for you.

Depending on your employees that may not be a a problem. Here everyone has admin rights to their own machine to do as they please. However, if you say... Fuck up a company policy (porn, spyware, games) or cause your own programs not to run then you face the consequences and possible termination.

Of course the fact you know what you are doing with the computer is a job requirement and if you fuck up your own computer then it is plain to all that you really don't know how to do your job.

Of course if you are dealing with non-tech people then it perhaps there is a need for a lock down policy.

Re:My personal nemesis... (1)

bubbl07 (777082) | more than 7 years ago | (#18087870)

After reading just the title of TFA, I chuckled because I was actually seeing the opposite trend occurring: as people become more dependent on computers to perform their tasks and are lulled into a sense of comfort, they focus less and less about what actually happens and instead just care that it gets done. This is the trend I've seen in my particular industry, at least. Much of the code I have to write is there to accommodate for those that may need help to get through the application.

The breed to which the parent is referring is always worse to have to deal with than those that don't know what they're doing, anyway. Curiosity is great if you're working on your own equipment, but combine that with enterprise-level necessities (uptime, redundancy, etc.) and unchecked hubris and you've got an implosion just waiting to happen. At least with the tech-illiterate, they don't fiddle around with something enough to break it, and certainly don't ask for any unwarranted superuser privileges.

IT title does not an expert make (5, Insightful)

yagu (721525) | more than 7 years ago | (#18087152)

I've met uncountable numbers of idiots when it comes to understanding technology. Guess what... many of them were peers in IT. In retrospect, it makes sense. I'd anticipated my move from college to a "real" job as a release from the world of idiots in the CS curricula. Finally, I'd get a chance to work shoulder to shoulder with people who knew.

Not so much.

I'd never considered where the rest of my university peers had to go -- into the same work force I entered -- duh.

In the non-IT universe I discovered many were also clueless around technology, as I'd expected. What I hadn't expected was there were many non-IT people who got it, who understood technology, and worked with it adeptly. Many "got it" more than my peers. Some of the most profound ideas and innovation I've seen in IT have come from nontraditional non-IT people.

I agree (without reading the entire article) with the summary and gist of the article -- IT does itself no favors ruling by fiat and instead should collaborate with users.

This doesn't dismiss bad things happening and messes created by users left behind for IT to clean up. People who mess up should help clean up, but my experience has been many IT people are equally inept and likely to make messes.

A degree and title in IT and CS means only that one has a degree in IT and CS, nothing more. It doesn't mean they're anointed and it doesn't mean they know more about technology than users.

Swap and profession for "IT" and it's still true.. (1)

StressGuy (472374) | more than 7 years ago | (#18087402)

I can't speak to the IT profession as that is not my field of expertise. I am, however, an aircraft structural engineer and have been one for a long time now. Most everything I know I learned after college and I'm still learning new stuff.

No...that degree is mearly your ticket to the starting gate...the good ones realize that.

IT Titles and IT BS (2, Interesting)

umbrellasd (876984) | more than 7 years ago | (#18087902)

Worked for 3 years as a business analyst at a health insurance company. I came from 6 years of IT background and we developed IT solutions in the business group. This was a general trend of consolidation where there was more leverage to have a person that understands the business as well as technical side and cut down the overhead between the two groups.

At the company, many of the users were technically savvy, and more importantly, the process associated with IT was prohibitively complicated. It would take too long to get an IT project approved, and so people would use readily available tools (Excel and Access were the big ones) to develop solutions that met the need.

I'm sure everyone knows that in the health insurance industry, data privacy is extremely important, so yes, the IT department had some valid concerns about meeting government regulation, but to be fearful of an educated and motivated user that needs something and is willing to invest their time to get it...that's stupid.

This type of alarmism is your typical FUD that arises when a bunch of established people get jittery about where their paycheck will come from when they feel that someone is threatening the usefulness of their job by doing the things that they used to do. I have one response to that.

The model-T Ford.

Yes, all those horse and buggy people were pissed. The smart ones just rolled with it and became mechanics and made fortunes in the automotive industry. And here, too, all that is really required is to say, "OK, what are the new services that we can provide now that we have successfully built tools easy enough that the end-user can use them productively for basic development and analytic tasks?" Guess, what? There will be many more jobs that grow out of millions of educated users all over the world learning to use Excel and Access, etc.

At the health insurance company, what I could clearly see that our VP of IT could not, was that the efforts of our business people were doing an amazing job of forcing the IT process to become more efficient and less complacent. In other words, it demanded that IT actually earn their paycheck, and that IT explore the new responsiblities that they could take on with their considerable technical skills, in order to better serve a new and more educated customer (technically knowledgeable business users).

Fear arises because people are God damn lazy. "But I like doing what I've always done. Doing new things is hard. I have to actually learn to do new things. Oh, I just can't possibly see what we will do now that users can do things with data. Oh, why! Why did we give them a power tool that empowers them to go to Home Depot and then rennovate their house themselves, oh why???" Well carpenters haven't gone out of business and neither will IT people...not the proactive ones at any rate.

The tools will get better and the end user will be able to do more, which means there will be more new business requirements that need specialists to assist the business user, and so on. It's been this same process for generation after generation, and every there are a bunch of alarmists crying doom, and every time new opportunities arise from the changes and the economy experiences a net positive growth.

GNAA will steal all your IT secrets (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#18087158)

and spread it like a virus

dont think so... (2, Funny)

justice7 (785522) | more than 7 years ago | (#18087160)

It takes a lot more than "I know how to build a computer .. and i play WOW all the time so i'm leet" to run an IT department. I welcome the smarter users; as long as they arent all wearing my tinfoil hat.

Re:dont think so... (1)

chaoticgeek (874438) | more than 7 years ago | (#18087338)

I agree. My brother wants to do this program at our community college in Network Administration. He can put more ram in a computer and thinks he is hot stuff and get WOW running. But when the router goes down I'm the one that gets called and I live an hour away. He likes art and he is thinking of doing the Web design course which I think he should do because he is fairly decent and with some classes he could get pretty good at it. I guess he will learn what it takes to learn about networks and not just the run of the mill router you get for at home.

Fake (-1, Troll)

Anonymous Coward | more than 7 years ago | (#18087166)

No way. Users are as stupid as ever, except now they all hang out on youtube.

Scare them! It's fun! (2, Funny)

extremescholar (714216) | more than 7 years ago | (#18087184)

I don't work in the IT dept at my current employer, but I spent a number of years in the trenches before working here. Just today, I was causing fear, loathing, angst, and gnashing of teeth to one of our local IT folk. I told a young lady that I was going to ghost the hard drive from a little used computer onto a USB stick. Then take the hard drive and add it to my PC since I needed more space for my music collection. She was very nervous and thought I might actually do it. I was just giving her crap, but then again; if I need space I might...

IT Isn't Master of All (5, Funny)

Anonymous Coward | more than 7 years ago | (#18087206)

I'm sick and tired of IT departments that try to control everything I do when I know perfectly well that WeatherBug and WinFixer are the right tools for the job. I am a smart and knowledgeable IT consumer, and I've been using these fine products at home for some time now. Why not at work too?

Re:IT Isn't Master of All (0)

eggsurplus (631231) | more than 7 years ago | (#18087460)

This is a joke right? WeatherBug is really just ad/spyware. I wonder why they wouldn't let you use it at work...I'm sure you have about 20 icons on your taskbar. 3/4 of which you probably don't need/know what they do.

Re:IT Isn't Master of All (0)

Anonymous Coward | more than 7 years ago | (#18087622)

* - joke
* - your head

Re:IT Isn't Master of All (1)

elrous0 (869638) | more than 7 years ago | (#18087920)

And *I'm* sick and tired of IT Departments that peg my CPU and cause me to drop frames when I'm editing a corporate video because they just *had* to install some piece of bloated corporate-ware that some slick salesman had convinced them would "change the way you work." *I'm* sick of an IT department that literally doesn't know what words like "spyware" even MEAN. *I'm* sick of an IT department that blocks gmail to "protect us from viruses" but, internally, runs an outdated email program that doesn't even strip out exe attachments from incoming emails.

-Eric

I don't see a problem (1, Interesting)

955301 (209856) | more than 7 years ago | (#18087210)

What, you mean like when I brought my own google search appliance to work at my last job because the corporate intranet search capability blew chunks?

IT lost this fight when the USB memory stick became popular. Besides, no matter what they do, they can't stop me from creating a knoppix cluster from my coworkers pc's after they all leave for the day.

But I did always wonder why more departmental firewalls were present in all the places I've worked. I mean, does the CTO's pet project development team really need access to the production CRM cluster?

Re:I don't see a problem (5, Insightful)

smooth wombat (796938) | more than 7 years ago | (#18087306)

IT lost this fight when the USB memory stick became popular.


Lock down usb ports.

Besides, no matter what they do, they can't stop me from creating a knoppix cluster from my coworkers pc's after they all leave for the day.

They can fire you.

See, not so hard.

Re:I don't see a problem (0)

Anonymous Coward | more than 7 years ago | (#18087434)

if you lock down USB ports so people can't bring in any old memory stick, you'll end up locking them down so people can't use memory sticks for legitimate purposes. They're just too useful to bar people from using them (as are USB ports in general)
Also, it's unlikely that the IT department has the power to fire anyone but their own staff.

Re:I don't see a problem (1)

Cro Magnon (467622) | more than 7 years ago | (#18087556)

Also, it's unlikely that the IT department has the power to fire anyone but their own staff


I don't know how things work on your job, but where I work, the IT security department doesn't make the rules, they just implement them. If you try to go behind their backs, you'll probably get fired when the security officer complains to your boss about it.

Re:I don't see a problem (2, Insightful)

Volante3192 (953645) | more than 7 years ago | (#18087638)

If IT locks down USB ports, I'm sure they'd have gone over the possibility that they could be locking out legit reasons and have planned for it. No IT department worth its carbon would lock down something that close to the user without preparing for the eventual onslaught of calls asking "Why is my USB drive is broken?!" ...that or their admin is a sadistic bastard and goes on unreachable vacation the next two weeks...

Re:I don't see a problem (4, Insightful)

0racle (667029) | more than 7 years ago | (#18087764)

If the company has decided that they are going to lock the use of unsanctioned peripherals, then the question becomes not, 'why doesn't my USB drive work,' but 'why are you bringing a USB drive in?'

Re:I don't see a problem (1)

damien_kane (519267) | more than 7 years ago | (#18087322)

In my company (as mandated by third-party security firms, provided ever-so-kindly by our clients) the USB ports are disabled in BIOS, and the PCs have no floppy or CD-ROM.

It's not that I wanted to download our company's work, I just wanted a place to dock my iPod for charging so I can listen to it throughout the day.

Re:I don't see a problem (1)

vux984 (928602) | more than 7 years ago | (#18087562)

I just wanted a place to dock my iPod for charging so I can listen to it throughout the day.

Uh. They make an ipod ac adapter so you can plug it right into the wall.

I don't see a problem-Thin is in. (0)

Anonymous Coward | more than 7 years ago | (#18087374)

"IT lost this fight when the USB memory stick became popular. Besides, no matter what they do, they can't stop me from creating a knoppix cluster from my coworkers pc's after they all leave for the day."

Why do you think centralization, and thin clients are coming back?

Problem solved (1)

sjbe (173966) | more than 7 years ago | (#18087424)

no matter what they do, they can't stop me from creating a knoppix cluster from my coworkers pc's after they all leave for the day.


Sure they can. They can fire you [wikipedia.org] .

I'm one of those rogue users... (0)

Anonymous Coward | more than 7 years ago | (#18087212)

I admit, I have an unauthorized Wireless Access Point running. I've got it locked way down, and I doubt they will ever know about it. I'm also reading Slashdot outside of the corporate proxy... thanks to a friend named Putty.exe and SSH port tunneling. The same stuff lets me access my IMAP mail through Outlook... all things forbidden by IT. Short of shutting down our access to SSH, I don't see how they can stop me.

Re:I'm one of those rogue users... (2, Funny)

methangel (191461) | more than 7 years ago | (#18087476)

This is your network admin, please come to my office. I have something to discuss with you.

Re:I'm one of those rogue users... (1)

wumpus188 (657540) | more than 7 years ago | (#18087642)

Bill,

I admire your knowledge and all... but you forgot to disable sending http-referer header.

Boss.

Re:I'm one of those rogue users... (1)

hayden_l (703045) | more than 7 years ago | (#18087912)

They could just monitor SSH traffic. Last place I worked any SSH traffic bound for IP addresses that we weren't responsible for set off alarms. First offense was a warning with the statement that the next offense would result in instant termination. Wouldn't work for every case but it is possible.

i am BOFH. (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#18087226)

tremble before me, insignificant users. the mighty god of IT will decree what you cant do.

Try education.... (1)

i.r.id10t (595143) | more than 7 years ago | (#18087234)

Here's one. Working at a community college, we have 3.5 separate departments/groups of people who "know" computers. Theres ITS - including network ops, mainframe ops, all the servers, connectivity, etc. Then theres Academic Technologies - all the student labs, computers, etc. Then theres the CIS/ITE staff, teaching things like programming, networking, etc. And then the .5 group is the business degree folks, but they offer classes in F/OSS software (ITE doesn't, except a Linux admin class), etc.

I experience this every day... (4, Interesting)

doormat (63648) | more than 7 years ago | (#18087254)

As a software developer outside of the IT department (I'm under direction of the Engineering group), I get this all the time. I get the run around, exclusion from important meetings, no say in things I have a large stake in, put at the bottom of the priority queue, and sometimes even people working to throw roadblocks in my way.

I've always been a fan of decentralized IT - a core group working to "keep the lights on" and seperate groups providing services embedded in the groups they're providing services to, responsible to the managers of the groups who use the tools. Meetings still happen with the needed staff, but someone is a few cubes down the hall or at least on the same floor to answer questions and get feedback.

Re:I experience this every day... (0)

Anonymous Coward | more than 7 years ago | (#18087634)

I've always been a fan of decentralized IT - a core group working to "keep the lights on" and seperate groups providing services embedded in the groups they're providing services to, responsible to the managers of the groups who use the tools. Meetings still happen with the needed staff, but someone is a few cubes down the hall or at least on the same floor to answer questions and get feedback.

You need to come work at a University. We are (unfortunately?) mostly decentralized, with a core group to provide the big services (student records, web hosting, central email, central calendaring, etc.) but with a lot of expertise sitting in the individual departments, and they often write the (usually web) apps to answer their specific needs.

Re:I experience this every day... (1)

WarwickRyan (780794) | more than 7 years ago | (#18087852)

I agree with you 100%.

The "IT department" job should be to enable you to do yours. After all, IT don't have a frikkin' clue how do run your business so they shouldn't be allowed to.

I quit my job with my former employer (major blue-chip Swedish automotive firm) when they followed a policy of locking all their machines down*. It's kinda hard to develop departmental solutions with just standard user rights.

Something else I've never understood is that the biggest cause of network failures I've experienced have been from clients INSIDE the corporate firewall. It's as if some idiot IT person believes that all clients on their network are magically immune from anything just because they've got a firewall on the internet and AV on the clients. It's not as if client firewalls are rocket science?

And why not? (5, Interesting)

Realistic_Dragon (655151) | more than 7 years ago | (#18087262)

I would be 7 kinds of mad if anyone was using gmail and IM in my office.

We work with NATO restricted data. *Everything* requires appropriate handling. E-mail is carefully fenced and the IM service is encrypted.

But even if you aren't a company with such a strong need for data protection... well actually there is no such thing. At the very least you have financial data and client information on your systems. Losing some of that stuff is considerably more harmful than restricting people to company provided communication tools.

Anyone placing data that hasn't been cleared for release (even by the very informal process of being sent out on purpose) onto services run by people with whom you have no contract and no reasonable expectation of integrity is, frankly, no better than the idiots who don't back up their data and are then surprised to find out that MTBF is not a guarantee. After all if your employees are using gmail et al you don't even know what data you *have* let alone what steps you need to take to protect it.

Irony (1)

sjbe (173966) | more than 7 years ago | (#18087382)

I would be 7 kinds of mad if anyone was using gmail and IM in my office. We work with NATO restricted data. *Everything* requires appropriate handling. E-mail is carefully fenced and the IM service is encrypted.


But apparently slashdot is totally kosher...

"Idiots" data that hasn't been cleared for release (3, Insightful)

Cr0w T. Trollbot (848674) | more than 7 years ago | (#18087414)

Anyone placing data that hasn't been cleared for release (even by the very informal process of being sent out on purpose) onto services run by people with whom you have no contract and no reasonable expectation of integrity is, frankly, no better than the idiots who don't back up their data and are then surprised to find out that MTBF is not a guarantee.

Be sure to let Jimbo Wales know he's an idiot for doing it that way. [wikipedia.org]

I'm not advocating Wiki methods for a nuclear missle silo, but I think a lot more companies can profit from a Wiki-type approach to (some) data than those that can beneift from an NSA "everything is top secret and must be locked down at all costs" approach.

Crow T. Trollbot

Re:And why not? (1)

Llywelyn (531070) | more than 7 years ago | (#18087706)

Er. You seem to be making an assumption not in evidence: That they are advocating using these tools to necessarily communicate with others in the workplace using company sensitive, FOUO, or whatever you happen to be handling.

The impression I got from the summary was about restricting their use for personal use or things where a layer of abstraction is desirable. An example of the latter would be if I have a question regarding Jython but for whatever reason do not wish to directly associate my company's name with my question (there are a few reasons for this, depending on company policies) or if I am known "in the community" via another email address, something like gmail is an ideal tool.

Any information that is sufficiently sensitive that these restrictions are not enough (perhaps with a "no independently installed software" proviso) should probably be a closed system without access to the internet and with a standing policy that any media that interacts with system is now "part of the facility." Under such extremes, the facility should also probably be something akin to a SCIF.

Re:And why not? (1)

99BottlesOfBeerInMyF (813746) | more than 7 years ago | (#18087712)

I would be 7 kinds of mad if anyone was using gmail and IM in my office... But even if you aren't a company with such a strong need for data protection... well actually there is no such thing.

Welcome to this decade. IM has been a vital sales tool for many years now in some industries. That means non-encrypted communication with the outside world using AIM or something. It is no more dangerous that unencrypted e-mail which is, sadly, still a requirement for doing business with most of the world.

Anyone placing data that hasn't been cleared for release (even by the very informal process of being sent out on purpose) onto services run by people with whom you have no contract and no reasonable expectation of integrity is, frankly, no better than the idiots who don't back up their data and are then surprised to find out that MTBF is not a guarantee.

Employees need to be mindful of what they send out via any unencrypted channel and what they log internally encrypted or not. Removing access to communication tools, however, often means losing sales and that means the company and everyone in it suffering. No thanks.

Re:And why not? (1)

jasonmicron (807603) | more than 7 years ago | (#18087714)

I sure hope you didn't post this from work without getting it cleared!

Or is it more of a "do as I say, not as I do" policy?

Re:And why not? (1)

elrous0 (869638) | more than 7 years ago | (#18087742)

Buddy, if your stuff is THAT critical, your computers shouldn't be connected to the internet AT ALL. You do realize that a good hacker could easily walk through your "fenced" system with relative ease, right? If you're dealing with classified data, you should NEVER have that data connected IN ANY WAY to the outside world. That means clearly designated separate computers on a purely internal separate network--no email, no web access, no anything.

-Eric

Re:And why not? (1)

Watson Ladd (955755) | more than 7 years ago | (#18087864)

They could be running operating systems that are rated to handle classified information. Yes, they do exist.

the "spontaneous telecommuter" (1)

CheechBG (247105) | more than 7 years ago | (#18087264)

Working from home isn't a bad thing (if you can handle it and can prioritize life/work appropriately). I believe an IT department, if the organization is so structured, should allow people who can handle the access to work from home. To do this, WE will provide YOU with the necessary equipment to do this task. This allows standardization (as much as can be afforded) and redundancy (I would imagine an inventory of at least one backup device).

To have someone who just arbitrarily says "I'm going to work from home!" and then attempts to use his 12 year old virus infected PC with his dialup access to go through the VPN and start downloading a 20MB Powerpoint is as ludicrous as it is dangerous. Even worse is the stink he raises when you finally have to tell him that he either can't work from home with his current gear, or has to go through the proper channels to get approval/funding for the correct gear.

Not to mention the fact that you sometimes get suckered into supporting the home network. That of itself is all kinds of hell.

I'm not worried about my job (1)

goldspider (445116) | more than 7 years ago | (#18087290)

People who think they know what they're doing are far more apt to screw up their computer up than an avowed newbie who is scared to do more than check e-mail and type Word documents. I don't think the IT department is going anywhere soon.

Re:I'm not worried about my job (1)

imemyself (757318) | more than 7 years ago | (#18087854)

Exactly. A lot of people *think* they know what they're doing, but they don't. For example, a few weeks ago I was in a "focus group" (whatever that means) that discussed technology usage in my school district. One of the parents said something about how all of the kids these days know how to do everything with technology. Posting on myspace != doing something useful with technology. Yeah, there are some kids that know what they're doing (and I would be one of those), but there are far more that would struggle if they had to actually use real business technology (ie a spreadsheet, or a calendar, or document management system, etc) w/o someone holding their hand.

Most users are experts at being idiots (2, Insightful)

Fatchap (752787) | more than 7 years ago | (#18087292)

Quote from the article:

According to Pew, 42 percent of Internet users download programs, 37 percent use instant messaging, 27 percent have used the Internet to share files, and 25 percent access the Internet through a wireless device. (And these numbers are all one or two years old. Rainie "would bet the ranch" that the current numbers are higher.)
Quote from Vin Cerf:

...approximately 600 million computers are connected to the Internet, and that 150 million of them might be participants in a botnet--nearly all of them unwilling victims. (http://arstechnica.com/news.ars/post/20070125-870 7.html)
Yep as a CIO / CSO I would really be an idiot not to let my users do exactly what they do at home would n't I!!

The simple fact is most users think they know what they are doing, but the lack the skills to adequately assess the risks of their actions. That is why they need to have rules around acceptable use and security policies to protect them from their own idiocy.

Re:Most users are experts at being idiots (1)

chaoticgeek (874438) | more than 7 years ago | (#18087600)

The people I'm afraid of are the ones who think they know what they are doing and end up taking the entire network down... Every place has them. The person thinks he/she is so cool and know what they are doing, I've met them before and they are annoying and you can never even help them learn what they did wrong.

Fp MArE (-1, Flamebait)

Anonymous Coward | more than 7 years ago | (#18087320)

of bSD/OS. A NIGGER ASSOCIATIONw a GAY NIGGER

"Cheap" support (1, Insightful)

kbinx (554674) | more than 7 years ago | (#18087348)

If you want complete control put the dumb terminals back. Otherwise let the creative users solve their problems and stand back. Sysadmins can still control access to sensitive data. If a user screws up a machine, slap the standard install image back on and try try again. There really is no reason for a PC "support" position

Re:"Cheap" support (2, Informative)

Jhon (241832) | more than 7 years ago | (#18087616)

If a user screws up a machine, slap the standard install image back on and try try again.


And if the "screwed up" machine was infected with a malware which keylogged and/or sent information (such as client personal information/transaction records/ssns/ccard numbers) or perhaps medical records to some PC in Denmark BEFORE you restored from that image?

Thin is in (1)

wsanders (114993) | more than 7 years ago | (#18087730)

There was a lot of interest in thin clients at RSA 07, or at least there were lot of people crowding the Citrix, Sun, and Oracle booths ("booths" being a relative term, these booths were the 1/2 the size of a tennis court.)

This technology goes in and out of fashion like anything else, primarily because the clientware bloats up in each generation to the point of making it painful. But all the hoo-hah over SOX, etc, probably is going to justify the pain for a lot of people. Who says the minframe isn't dead? It's the only was to control users, give them a 3270 terminal if you have to.

The day this is a reality (4, Funny)

Oriumpor (446718) | more than 7 years ago | (#18087392)

Is the day hundreds of callcenters close down their Level 1 support. I always thought it funny to have columns and rows of people that do nothing but open the documentation the users have and read it to them over the phone. Since the phones are still ringing, I think this announcement is still quite a bit premature.

Re:The day this is a reality (1)

ShaggyIan (1065010) | more than 7 years ago | (#18087722)

Your users have documentation?

And, they, um, READ IT?

Where do you get your users from? I've never experienced that particular breed.

(yes, I do think level 1 support frequently should be unnecessary, but then I think the instructions for a car seat are simple enough)

IT dept's delay work. (1, Insightful)

dahwang (973539) | more than 7 years ago | (#18087396)

CIOs and IT departments limit and control software on their computers by taking 2 months to install MS Office on my desktop. I've had IT departments take 3 weeks to "install" software on my workstation, when all they had to was add shortcuts to my start menu and map the path to software on remote servers. It makes you wonder if they spend more time reading my email and slashdot posts than actual IT work.

Re:IT dept's delay work. (5, Funny)

aquatone282 (905179) | more than 7 years ago | (#18087462)

It makes you wonder if they spend more time reading my email and slashdot posts than actual IT work.

Reading your email and your slashdot posts IS our actual work.

Signed,

Your IT Department

P.S. You're fired.

Way to spread FUD. (1)

methangel (191461) | more than 7 years ago | (#18087404)

Man, I could hardly get through that entire article. BEWARE of the SHADOW IT -- sheesh what a bunch of junk. Users that can download a tool or two or know how to instant message does not an IT department make. That also doesn't make them exempt from my corporate IT usage policy. I don't know about everyone else, but from what I have seen in the past -- most of those TOOLS they like to download tend to be stuff like Weatherbug, and various toolbars. Yep, things that can make the Non-SHADOW IT department less productive.

I can't name a single situation in which I would be "scared" of the SHADOW IT department. I use a Cymphonix appliance to block viruses, spyware, toolbars, and a host of other malicious content -- it sits inline between my LAN and my Cisco PIX.

I would love to see the SHADOW IT department configure NAT and PAT on some Cisco devices. Oh noes. This article just pissed me off.

Re:Way to spread FUD. (0)

Anonymous Coward | more than 7 years ago | (#18087802)

Cymphonix is basically a $3000 joke. Thumbdrive, GAIM & Torpark, FTW.

Huh, disagree (1)

thomasa (17495) | more than 7 years ago | (#18087474)

QUOTE: It just might persuade some desperate CIO somewhere not to embark on a career-limiting path of decreeing against gmail and IM. UNQUOTE

Sorry, that is not the case. Where I work, the word "email" is not even allowed in a URL anywhere. They block it period. Career-limiting my foot. I am sure any company with more then a couple of hundred people tends to be the same.

For every rule, there are exceptions (5, Interesting)

bhmit1 (2270) | more than 7 years ago | (#18087506)

I've been a user that is locked into crazy setups. The traveling consultant at client sites who's PC is setup to be managed from the corporate network. At one point, I got tired of the insanity, took a ghost image of the machine they gave me, and installed linux on the machine (and then restored the ghost image in a vmware session).

But here's the thing, I don't ask for support from the IT department because I'm the odd guy. I know they can't support me. What annoys me (as the one who helps other IT departments manage lots of PC's) are the people that install various applications that cause our automated installs to fail. 90% of the machines are managed with little to no effort. It's the 10% that cause days of work while we try to figure out which of the 20 apps you installed is breaking our install tool.

And for all those against IM and email lockdown, I've been to trading companies where that's the law. They get in trouble when they don't have logs of what people said on IM, email, phone calls, etc because that's how they catch insider trading. Of course for every sensible rule, I've seen 10 that make no sense at all. As has been said before, the USB key should force companies to reevaluate their policies.

Centralize the IT (1)

Unajuaner (940010) | more than 7 years ago | (#18087510)

It just makes sense to centralize your IT if the IT department has to be responsible for what happens. The more centralized I make the company I work at the easier to support and roll out new features to the network. I don't mind connecting from home but you have to really plan that kind of deployment out. What vpn router are you gonna use? Is it gonna be a software client? etc.. I will tell you that our use of macs over pcs has helped tremendously with the spyware and virus stuff. I get comments from my users all the time that they tried to install the smiley toolbar and such and were unable too. I shed a tear of joy not having to worry about cleaning workstations all day.

Interesting article... (2, Informative)

Psmylie (169236) | more than 7 years ago | (#18087518)

But wrong on a few counts. There are so many reasons to keep things locked down. Data security is the main one. There is also support issues, regulatory issues, etc. For example... traders don't get to use IM where I work. Know why? Because the SEC wants to be able to pull records of all financial instructions, and our traders wanted to send trade instructions to each other via IM. We had no way at that time to record IM's, and no way to confirm that an IM was actually read by the person it was sent to in a timely manner.

This is kind of interesting, from the article:

"When you find that people have broken rules, the best thing to do is try to figure out why and to learn from it."

Sorry, no. When you find out that people have broken the rules, you write them up or you fire them, depending on the severity of the situation. What if the rule that was broken was someone carting around an unencrypted "backup" of a customer database on a thumbdrive, which he lost? Where I work, that's three major rules broken right there. If that happened, that person would be fired immediately.

Corporations aren't stupid. Hidebound, maybe, and slow to change, but if something is forbidden, there is usually a really good reason for it. Also, IT does not run the company, in most cases. Follow the chain of command up high enough, and you'll find IT's bosses. If you have a tool that you need or want, then petition for change. Don't do an end-run around the guys that are trying to keep you working, you're only going to hamstring yourself in the end.

The major problem is, people are making their decisions based on commercials or salesmen that promise an easy, 100% reliable solution to an existing problem. Then they run to IT to complain when the product doesn't perform the way it was supposed to. This makes extra work for an IT department that is probably already overworked. You want to play with toys, play with them on your own gear, not the corporate gear.

That said, a wise CIO is going to pay attention to what the employees say they need to find out:

a): If they really need it

b): If there isn't something better or already in-house that can fill that need

c): Is it safe to use, and what are the support requirements.

The important thing then is to tell the end user, No, you can't have that because of: ___, and give them an actual reason, instead of just telling them "against policy"

The power user vs the not so power user (5, Insightful)

onkelonkel (560274) | more than 7 years ago | (#18087528)

1. "My hard drive is howling like a panther passing a kidney stone. Every time I run chkdsk I lose a few more sectors. I've backed up all my work to the network drive. When you get a chance can you come and fix my computer?"

2. "My computer won't start. It's been making this squealy noise for about two weeks and then all of a sudden it just died. You have to come right now and fix it because all the annual budget files are on my desktop."

Which call would you rather get?

This is an old story (1)

mbone (558574) | more than 7 years ago | (#18087534)

Most system admins and network admins have always felt that their systems would run just fine except for all of those pesky users.

And a lot Mac users feel that system admins like Windows to make sure that system admins are needed.

But for the I-D-Ten-T (2, Insightful)

ShaggyIan (1065010) | more than 7 years ago | (#18087572)

Yes, most corporate users surf the web at home.

Yes, most of their home machines are horribly infected with spyware, viruses, and other things I grow weary of cleaning up. I have friends who make their livings cleaning up home PC's. Most of them have "regulars".

I have no problem helping my advanced, capable users be more productive through technology. I will even grant local admin when warranted.

I have major problems letting my users chat with their friends on IM while surfing porn, watching last nights CSI on YouTube, and unwittingly sending out spam on behalf of a botnet (while trying to infect the rest of the network). Whenever we (and by we I mean management) loosen the reigns, this is what I find all over my network.

Giving your users admin/root (i.e. ticket to ride) trying to make your life (or their life) easier only tends to make both of your lives harder later on.

Top down corporate stragedy types really don't need to be worrying so much about individual users. Good IT staff with sufficient decision making authority renders this entire "concern" moot.

Why fear when you can enlist their help. (2, Insightful)

thomasa (17495) | more than 7 years ago | (#18087576)

When I come across someone who I find reasonably able to fix problems, I sometimes
enlist their help on assisting their computer neighbors. I also find that people
who think they know a lot quite often mess up their computer even more and consequently
require my help more - That is okay, it keeps me employed. It is changing though
with users losing admin rights. They really cannot do anything as a standard user.
On UNIX computers, The users tend to be more technical (I find) but still require
assistance sometimes. Especially when they do not have root.

We do not fear Expertise... (1)

Hymer (856453) | more than 7 years ago | (#18087612)

...we do fear "Expertise". The technical ignorance among users, for wich Microsoft is very much responsible for... the "It looks cool and it seems to work" attitude where the part about security is just an irritating detail wich blocks the "Experts" access to cool features.
I am very lucky and I do have support from our management to say what is and what is not allowed... but many places the worst "Expert" is somone from management.

Green CIO (0)

Anonymous Coward | more than 7 years ago | (#18087862)

Just wait until a green CIS Computer Information System management graduate marries your bosses daughter and takes over your IT department. Answering questions like, "What is this Apache thing? Can you get rid of it, I don't like Indian named things?" gets real old real fast.

IT is there for the Users to use (3, Interesting)

Junior J. Junior III (192702) | more than 7 years ago | (#18087652)

We should love smart users. If they come up with their own solutions to problems, they're de facto developers. If the business is run well, good workers will succeed and advance while poor workers fail and leave the company. In time, we'll have evolved a class of competent users, even experts, and have application development in the hands of everyone, along with the skillset to actually make decent software. It's a long way off, and maybe a pipe dream, I know, but don't squash the dream. Please.

Man, it was so easy... (1)

jbarr (2233) | more than 7 years ago | (#18087680)

...back in the early 90's when I managed single DEC MicroVAX minicomputer with over 60 connected VT terminals and 25 printers. System Management was easy, centralized, and completely controllable--users only had access to what we gave them and absolutely nothing else. OK, so character-based Word Perfect, Lotus 123, Pine, and Lynx could be difficult at times, but people were honestly very productive, and things hummed along nicely.

Enter the mandatory Windows world, and that's when things really went to Hell....

Yeah, right (1)

ObiWanStevobi (1030352) | more than 7 years ago | (#18087690)

Wherever these advanced users are at, please send some my way. As an R&D programmer and backup admin, I get hit by unskilled users twice. Users that manage to get a completely dumbed down interface wrong, or a user that wonders why they can view a PDF after deleting acrobat reader (only God knows why).

In our company, everyone who has any amount of talent on the computer becomes a part of IT at least in some small way. And I know we certainly wish we had more people we could trust with more responsibility. We only have one dedicated IT man for 7 servers, 75+ users and 4 plants connected over a VPN pipeline.

It all comes down to trust. In our case, we don't trust their abilities. It's not that we don't trust their motives. We wish we had users that were more advanced. If you do and look at it as anything other than a blessing, you have a serious problem and should really be looking into why you have users you can't (or refuse to) trust.

I love my shadow IT department (1)

east coast (590680) | more than 7 years ago | (#18087698)

They're the same exact gimps who ask me why they're getting spyware at home all the time.

Just like a new hire into the IT department; I don't know these people from anyone else. Anyone can claim any amount of knowledge they like but as long as I'm responsible for the systems they're working on I'm not real comfortable letting these people do as they will in the hopes that they really know what they're doing.

Unlike the new hire into the IT department; I have neither the time nor the authority to monitor their activities. I can't go and "slap them upside their head" for doing something stupid and that's if I even notice what they've done before something goes seriously wrong.

The kind of relationship that needs to exist between senior IT members and the people who work with the machines simply can not take place in a real world environment. It's not like I'm slapping the concept of working with these people down but I can't simply take it for granted that they know what they're doing and that they know when to draw the line.

I haven't even bothered to take into account the types out there who are looking to cause trouble... Anyone who works in IT should already have the picture of what I'm talking about when even good intentioned users go astray.

Nor does this mean that everyone who isn't IT should be dismissed as idiots. It's just that I'm responsible for the well being of these systems. Not to be over dramatic but are you going to let strangers watch over your children if their credentials are "I've babysat before"?

Work tech. is for WORK (2, Insightful)

brendanoconnor (584099) | more than 7 years ago | (#18087718)

Letting users do whatever they want on company computers is a great way to have a lot of things go wrong very quickly. When you are at work, you are there to be working, not playing around on the internet, talking to your buddies, exchanging ims and emails an whatever else you could possibly be doing that has absolutely nothing to do with your job.

At my work, our computers are completely locked down and we cannot change anything, no matter how mundane. I personally thing this is great because I know that whenever I go to the computer, it will just work. If we could change things, I have no doubt a few of the employees would just have to screw with things and then when it didn't work, it would then screw up my job and cost the company a lot of money, not to mention cause my workers and I unneeded stress.

All this comes from someone who has several computers running from home with various operating systems doing various tasks. I could probably improve things at my work in regards to how tech is handled, but it is not my job. If I want to play sysadmin, I can do it with my own gear, on my own time.

The good, the bad and the dumbass (3, Insightful)

e.coli (131048) | more than 7 years ago | (#18087786)

As an IT tech, I have known users who knew their stuff, maybe 0.5% of the employees of any given company. And I have know techs who did not know their stuff, maybe 60%.

But all in all there are reasons why computers are locked down and there are reasons why IT mandates that "thou shalt not". Too many times there have been licensing issues where a know-it-all user with the ability to install software on their local box has brought in a package from home to install because they could get their work done better/faster/more colorfully with it than they could with the software that the company licensed. And when the project/document/spreadsheet that they created in that software can't be read or modified by any of the licensed software, they instantly become indignant and blame IT for not finding a way to convert their information. Contrary to popular mis-belief, IT does not have experience in EVERY piece of software out there. And when some disgruntled soul left the company they would let the anti-piracy folks know about the illegal installs.

And then there are the ones who download every bit of shareware/freeware/spyware in the known universe to their local box, turning their machine into a zombie or worse.

IT is usually mandated to keep the network running smoothly, virus and spyware free, and within the licensing agreements of the software that they have purchased. To do that they have to lock down the network, the computers and the user rights because the know-it-alls don't care about security, safety or licensing. They just want to run Weatherbug because they are too lazy to check into the WeatherChannel.

And then there are the users who listen to Internet radio (sucking down bandwidth), download illegal music and software (because it's faster than at home), and cruise the porn and game sites. Most users don't remember that the computer, network and internet connection still belong to the company that they work for and the aim of IT is to make sure that everyone can play and work together to the betterment of the company.

Give me a user who will work within the guidelines, request the software that they need to do their job and, at the end of the day, tend to their personal internet needs from their home computers.

IT Overlords (0)

Anonymous Coward | more than 7 years ago | (#18087806)

I, for one, welcome our new IT Overlords. Also... In the IT department, the computer fixes you! :^)

"a career-limiting path of decreeing against..." (1)

kelleher (29528) | more than 7 years ago | (#18087810)

I'm not sure if those are the words of kdawson or flatfilsoc, but whoever wrote them needs to stop being a dumbass.

The author has obviously never worked at a regulated and/or publicly traded company or a company that has experienced the embarrassment of a PII leak. Those decrees come from Audit and/or Legal. And it may be painful to admit this, but those departments are trying to look out for the company - yes, ignorance can cause a misstep or three, but it's naive to assume all their decisions are driven by fud.

And for all the down trodden cubicle jockeys that will post, "but what about USB drives, or floppies, or [insert other tech here]" there are plenty of ways to limit/remove that functionality as well. The one I'm most familiar with is giving users a locked down Wyse terminal that can/will only RDP to a very locked down terminal server.

Remember, you're on the companies infrastructure and they're paying for your time - you get to what they want and how they want you to. If you don't like it get another job. If you think these decisions are in the hands of the CIO, get a clue.

How about Wiki? (1)

cryfreedomlove (929828) | more than 7 years ago | (#18087816)

I'm curious to hear how other Slashdotters are able to make use of wiki's within the corporate firewall. I have seen some companies where really useful wiki's begin on someone's desktop and are subsequently subject to push back, mostly based on security concerns.

User Arrogance (1)

tymbow (725036) | more than 7 years ago | (#18087846)

Why is it that people feel they have a right to do the work of or intefere with the work of their IT departments? It is my responsibility, not yours to run IT. I don't go around other peoples desks mucking about with their jobs because I know a bit about finance, or sales or whatever.

I see a few examples of people proudly demonstrating how they have circumvented what they perceive as some form of restrictive IT policy - it my opinion you should be sacked. The most common problem I have seen of late is wireless APs. A company bans wireless for legitimate reasons, smart arse users install a "secret" AP, company gets owned. I also cannot count the number of times I have had to respond to a problem that has been caused by users who are otherwise very IT competent but don't understand how their little change or improvement affects the big picture.

Many complaints about IT are of course completely legitimate as are complaints about any other area of business. If there is a problem with your IT groups or you need some tool or change to IT operating practices then use the right channels. Talk to your IT group and your management team. We are also annoyed by limitations with IT systems but we have budgets and responsibilities to the company just like users do and can't always make things work the way they should.

Nothing is foolproof because users are ingenious (1)

postbigbang (761081) | more than 7 years ago | (#18087914)

Yet these are organization's tools, not an extension or a portal of entertainment devices.

Because we require so much work of people, at seeming all hours (read Crackberries, constant email/mobile/cell/IM/texting) the blur is difficult to define the boundaries of work and home life. It's no fracking wonder why people believe that their office PC is just another portal to iTunes.

And along with credit card numbers, SSNs, (SINs in Canada, etc.), notebooks, memory devices, and so on are compromised on seemingly a daily basis. No fracking wonder there, either. It takes a decidedly cogent (not reactive) culture to guard against misuse and data theft/compromise.

Most data security is laughable. Even good news-scare stories make no difference in cultural attitude. It's going to take a big organization going down (and hard) to shake up how people view office technology. And those were the people with good intentions.
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>