"It's too old, crippled by overbearing control, and generally not nice to use." In today's world of highly capable and highly desirable consumer tech, these are complaints we are hearing more and more from end users about company-issued kit. So should IT lighten up and allow users more freedom when it comes to the technology …
Rank hath its privileges, and some of our users are really, really rank.
So in terms of the question, it depends on which users you are talking about. Some have too much control, some have too little, and some have the right amount.
But in the end there's actually not much the IT staff per se can do about it because all of those decisions are actually made elsewhere in the organization. IT just gets to be the whipping boy because they deal directly with the users.
yes indeed, in my case the decisions were made by the woman who used to run IT before her whole department was outsourced. Hence we have pretty red gaming laptops with no docking station ability, which are locked down so much as to make them next to useless - anything she couldnt think of a use for - locked off.
Its akin to driving a car with all button removed except stop/go/left/right and the engine bay filled with concrete
Agreed. I recently discovered that you can pretty much do ANYTHING if you have authorisation from someone senior enough. Not "senior in I.T." just "senior". I now have full access to YouTube so I can watch as many cat movies as I like without having to waste 15 seconds evading websense any more...
These senior management / director types are like corrupt government officials in foreign countries, accepting bribes for iPhone signoffs.
They have no place dictating I.T. policy, be it security, hardware or software
but make sure they sign the nice bit of legalese that says IT is not responsible for supporting their own devices, nor responsible for keeping PI and PII off their devices and or any data/security breach that occurs from every tom dick and harriette from using their own equipment, in short our responsibility ends at the server room door and walls what happens to the data after it leaves the last switch or wireless access point is not our concern we coddled and loved that data, kept it clean and secure, it is then time for it to fly out into the big bad world and sink or swim on the multitude of platforms and policies that the new owners will see fit to impart on it!
fly my babies fly! you are free!
I wish but giving that control to people in general is a minefield. That's not to say the Core 2 Duo 3GHz with 3GB of RAM I have to deal with isn't a daily frustration. I retired my home computer with a same-generation 3.2GHz quad core with 8GB of RAM a year ago because it didn't have enough RAM!
Having a 64 bit image and being able to double the RAM would probably solve most of the complaints we have.
If you work in I.T. support and are talking about the machines you use, I would agree with you, but if you are talking end users at non-I.T. organisations, I would have to disagree.
First, there are too many industry applications in use that are still not fully 64 bit compatible - and when you have a massive application where everything works except email (cos that's the 32bit part they haven't bothered updating..) then it's a bit of a hindrance.
Second, when all you are doing is using your device to access a far more powerful server remotely, more than 3GB of RAM is mostly entirely irrelevant.
Third, Faster internet links are far more important.
Anonymous, cos work know I bitch about my PC and laptop most weeks.
If the legacy Windows application is 32bit and runs under 32bit Windows 7 then it will also run under 64bit Windows 7 unless:
A) The developer is particularly stupid and packages 64bit DLLs.
(And yes, that happens. Often.)
B) It talks directly to external hardware.
16bit Windows and DOS applications on the other hand - nope, ain't going to happen.
And yes, there are a lot of those in many businesses and most users aren't going to understand spinning up a VM.
Most of the above programs won't run at all under Windows 8.1 of course, usually because they were breaking the "rules" in Windows XP. For some unknown reason, MS chose not to put Win7's carefully built compatibility layers into Win 8. Odd.
"And guess who makes the moeny..."
The finance department? Er no.
It's the whole team.
Having said that, in my organisation, the corporate IT department must be on a different team. They operate as a monopoly supplier, take weeks to fix simple problems, and aren't interested in their customer requirements - customers being the IT users in the company. They really don't see themselves as a service provider, do not have meaningful metrics that take account of customer dissatisfaction and have no published improvement targets. Their attitude is basically "you get what you're given, be grateful for it". They don't see themselves as a service provider.
Oh, and they charge twice as much as when we had a local IT team on site. And this in an organisation where every other department is measuring and trying to improve internal & external customer satisfaction.
If our IT department was a standalone business, our site would have fired them long ago.
"Having said that, in my organisation, the corporate IT department must be on a different team. They operate as a monopoly supplier,"
Ultimately the blame for this goes to the top bosses of the company. It is they who have let the IT dept become this way.
It is also going to be the number one reason they will eventually outsource the operation to the likes of IBM, et al.
I think ultimately they don't want to because its more work and harder to control and they haven't been given the resources to deal with this. Ultimately though, there is very little you can do about it short of white listing mac addresses on wifi and ethernet, otherwise people will connect what they want and use that anyway.
No they won't.
All the places I've worked require specialized software to connect to the company network. Software that not just anybody can get, along with RSA type systems. Software and RSA that MUST connect through a VPN specifically to one of dozens of specific networks. A system that knows if it is on an authorized PC or not.
On other words, something that is impossible for the average user.
This is old stuff - user should not be in command - there should be communication about needs and there should be a level of compromise to keep things workable. It depends from situation to situation what's workable and what's not allowed.
Let users be in command and the IT-department becomes the same as Hell only hotter.
Neither IT nor the users should be in command. It should always be a partnership in which the needs of the business are worked out based on the available technology from the IT department given the level of funding the business is willing to provide.
Unfortunately, we all live in a Walgreen's world.
Hmmm. If we could dump Offline Files and Microsoft DFS not only would end users throw a party - I would join them! Those two cause the most complaints.
As for being too strict... not really. The worst is not being able to use social media websites. But that's what their mobile phones are for.
A balance needs to be struck between enabling the user community and protecting IT from unnecessary work caused by a lack of IT education in said community. All too often we hear cries for greater freedom - in all areas of life, not just IT - without any acknowledgement of the necessity that every increase in freedom must be accompanied by a corresponding increase in responsibility. Without this, such requests should be treated in the same way as a teenager whining "it's not fair".
We find ourselves having this discussion over and over again:
You remember that horrible thing we told you would happen if you forced us to do that thing we told you we should not do? Well, it happened. No, we can't just reboot the whole network. It doesn't work that way. I'll have to get back to you. All my other phones are ringing now.
My primary problem with IT is that companies rarely seem to want IT to be truly accountable for the ti9me it takes to do (desktop) support.
It takes ages to fill out the forms to state a support problem. Then they remote desktop to my machine, ask me to show them the problem, then sit and fiddle with it, trying stuff out for an hour. Meanwhile, I'm doing no productive work.
SO I ask them to provide me the code to book my time to for this 'IT fix' hour. They don't provide it to me. So our company doesn't 'see' how much user time it is taking for us users to help IT fix the desktop problems.
Make users book time to an IT code for all time spent helping IT fix issues. That would make IT costs rocket, so companies would start investing better in IT to reduce the problems it's so costly to support.
I just email an internal email address with the ID number of the PC and a simple description of issue. Auto-response with job number. If it is something odd on the desktop, IT support phone me up and ask me to click on that orange thing that gives them access to my desktop, then they check configs &c. Otherwise stuff just gets done.
All win7 PCs with 'virtualised applications'. Reliable, I can walk into classroom, boot PC, press the projector switch, load my interactive whiteboard screens within the first minute or so of lesson (usually have a bit of a starter to keep students going while I set it up). We have RDP access over unencrypted 'visitor' wifi as well so I can BYOD sort of. Through use of RDP, no data about people on my own laptop, just worksheets.
The business do see the cost of that - its in the IT Department productivity/management reports.
What the business doesn't have the appetite for is the incremental training that staff need on the underlying technology they use because they 'have the same thing at home and are familiar with it' or to staff IT departments to the level actually required (in both numbers and calibre) to deliver the expected level of service.
IT provision boils down to numbers and distribution of those numbers, when your organisation reaches a critical mass you need to have between 15 and 22 operational IT staff per 1000 end users, you need to be spending between £1000 and £2500 p.a. per end user device - significantly less than that requires hugely effective IT staff (i.e. not the cheap ones) and enormous flexibility and dedication from those staff.
Those numbers can be flexed temporarily, but rolling IT systems out to replace departments so that rostering or timesheets or holiday bookings or procurement or other non IT activities become electronic to provide savings in non IT areas, but not adding any IT support resources (maybe a bit of compute or storage capital spending gets recognised in the project) is way too common. When the business takes decisions that make non IT skilled staff information workers (think Porters in hospitals, bin men, gardeners, plumbers etc.) and doesn't provide the resources to support them adequately they thin out the provision to the rest of the organisation and piss everyone off.
What happens when those fresh to IT staff are then given access to a home drive, an IP based CCTV system, a glorified 'management system' (thats really just another helpdesk to support) and the ability to stick their fingers into systems that can generate IT issues that consume hidden back office resources such as email, disk or back up and their entire support requirement has been narrowly defined as telephone support on how to fill in a form or click a button? Will the business train staff in how big the high def video files they can now generate can get? Will the security guard who's IT experience is email, google and youporn be assumed to know that he cant email a 4gb file?
Bit of a rant - but then I'm working in the public sector supporting 8000 users over 100 sites, with ratios of less than 5 staff per 1000 users / funding of less than £400 per end user device and the risible continual threat of being outsourced and I seem to have risen to your trolling bait.
"when your organisation reaches a critical mass you need to have between 15 and 22 operational IT staff per 1000 end users..."
Bloody hell, in one of my last jobs before I retired we had 8 in desktop support plus 4 in sys admin and 3 in networks to support 4500 users.
That must have made us amazingly efficient!
I suppose we were given that the place never actually blew up. It was an oil refinery.
An oil refinary?
Where there are acres of desks and the users are sat on facebook all day?
I think in your response you have been somewhat disengenuous with your assessment of the numbers of information workers and/or the quality of the ICT response that they have been getting.
In any case 'operational IT staff' incorporates those back office off site staff that architect, implement and manage the systems - if those functions don't exist then the organisations is getting that work done properly via their suppliers and are spending nearer the £2k per end user device.
>> That must have made us amazingly efficient!
No, I suspect it made you either amazingly reliant on the common sense of the staff -or- systems were locked down appropriately to enable staff to work without giving them the freedom to wreck anything -or- you had a 90 day SLA and the users still hate you -or- some combination of the above.
The numbers stack up, if they don't look the same for you then either you've missed something out in your calcs or the risks to the business of under investment in IT are a timebomb waiting to happen.
That's not bad! One school I worked for had 1800 potential hackers (ie students), plus 200 staff. 750 pc's laptops mobile devices associated printers/scanners/stuff, and how many IT staff? ME!
I had no option but to nail the network shut so that if it housed an army of T. Rexes, they couldn't get out!
The idiocy I encounter on a daily basis from our staff is staggering.
Phd level educations and they force USB connectors into Firewire ports, download all sorts of malicious crap and look at you doe eyed and helpless.
"I deleted the Windows directory, because Windows was already installed and now the PC won't boot. What do I do?." is the email leader.
Sometimes that data affects other people in the company, that have nothing to do with what that one person has screwed up. I'd pull the data off and let them squirm for part of the day.
Company I used to work for never backed up the engineering server data. I was lucky enough to keep a backup copy of my work due to personal paranoia over my files when the system became corrupted. They still don't keep backups because they've allowed everyone to throw any garbage onto the server and won't 'waste' the time backing up that garbage. No rules as to what content and where it's to be stored.
One of the reasons, that you don't allow the end user control, is to prevent what I did when I was screwed out of some promised pay... I installed encryption software and placed all of my studies in encrypted containers before I left. It was a fair trade for the $90k I was owed.
For example, compliance means that IT should do as they say..............
I've lost count of the times I've had to deal with that blank expression when you mention compliance or security. Its then quite amazing how often a request just fades away when you ask them to put everything in writing and to accept accountability for their request.
Confiding to them that you need the audit trail so that the IT department can remain in the clear when the problems start and the auditors come checking also helps a lot too.
Doesn't stop everything but whatever is left can be looked at seriously as either its something thats needed or the requester is really stubborn, or both..
I used to consult for a company which had a small IT budget because costs for most "traditional IT" items such as computers, software, internet, WAN, etc were paid for by the individual departments. It was amazing how different things were after that policy was put into place. Items which did not have an obvious relation to a specific location, such as e-mail, were still handled by IT. It wasn't perfect, but most of the ire of the users were directed at their manager, not IT.
Unfortunately I find it doesn't work the other way. Every company I have worked for has had sys admin people who don't seem to understand the meaning of "compliance" and "audit trail" when talking about finance systems. I have lost count of the number of times I have had to ask "Why on earth did you delete that invoice/journal/data/transaction?"... "I know the sales director/MD/Whoever asked for ti to be done, but that now leaves a hole in the records".
What we need is balance and people who understand the needs of other people rather than just there own needs.
The users use the systems provided in the office. If the systems aren't good enough to provide all the functionality needed to perform their tasks easily, then you improve the systems.
Letting data out of the door on poorly secured laptops, etc is idiotic, you may as well just post it on the web.
And no matter how much users love their tablets, if they need them for work then the company must provide them, with an acceptable use policy, standard configuration, etc. Bring your own device may be a buzzword at the moment, but from a security, support, insurance and maybe even legalt point of view it's an expensive nightmare just waiting to happen if implemented as a policy in the office.
Ok, it might be not so big a deal if you work in a 5 man startup, but in corporate land? No way.
Far too many IT departments and IT professionals lose control of their systems to non-IT staff because communication and salesmanship are skills/virtues looked at with disdain in IT.
You can have any policies and enforcement mechanisms you want, and force senior management into compliance if you can articulate and present the justifications for them in an audience friendly manner. If you can't get your point across in a way that resonates with your audience something is very wrong. Likely the policy/rule you're trying to enforce isn't a valid business need. You aren't going to conver anyone by saying something is hard or will save you time. Nobody cares for your time, just like you don't care about their time.
If the first attempt at getting your way doesn't work, you don't quit trying. That's lunacy! You make your case in a different way and do that again and again and again until you get what you want. Huffing off to a backroom and pouting sure isn't going to help. You've got to figure out how to manage your manager.
Managing your manager is a skill you've got to have if you ever want to have control over how your work is done. If you can't manage your manager then you've got no business ever being in management yourself. The abity to sell your opinion and convince others your way is best is the foundation of good leadership. Absolutely no one is unapproachable or immune to having their opinions swayed. It's on you, IT people, to figure out how best to do that.
Good communication is how you get your way and make your wish list a reality. It also saves you a shitload of hassle if you're capable of moving that pesky bitch from marketing to the back of the service queue. You can do anything you want if you communicate it well. It's really important that you realize your users do greatly respect what you do, and they're coming to you for help solving a problem they can't deal with. Make them feel important and make them understand you've got the situation under control (even if you don't). Act like you deserve people's respect by respecting them and they're yours to do with what you will.
It boils down to this, would you rather be doing the parts of the job you got into IT for or taking malware off people's systems? It's your choice and no one else's.
I had lunch with a friend who has the job I had at the local university over a decade ago. Some of the faculty are using cloud services like Amazon EC2 for certain needs because they're faster to set up and cheaper to use than depending on the central IT resources. They still prefer grants that give them their own hardware to use for HPC type research, but for stuff that isn't compute heavy these cloud services are apparently viable and in many cases better alternatives.
It amused me to no end that the de-facto monopoly the central IT leadership thought they had is starting to fall apart due to availability of cloud resources one side, and personal resources like smartphones and tablets with data plans on the other.
Even a company he used to work for (whom I consulted for for a year) is planning to switch their ancient Lotus Notes environment to Google Apps - including Mail. At least that's what we were told, though how they can manage that when they do defense contracting neither of us could figure out. Even if the email itself is encrypted, I doubt GMail could ever be used for email regarding classified work. On one side you have problems with interception by parties who maybe can crack it given enough time, on the other side you open the door to social engineering attacks by allowing the mapping of social networks connecting members of a project by email recipients and cc: lists.
You're spot on. Many IT departments do have a de facto monopoly on all things IT. Thing is, the overwhelming majority of people don't care about monopoly situations as long they're getting something they want and the entity with the monopoly doesn't take advantage of them. Too many IT departments take advantage of their users because they know they can and have turned popular sentiment against themselves.
I chalk a lot of it up to IT being a new thing that hasn't seen much in the way of professional standards being ingrained in IT professionals. IT is the only new departmental addition to business in hundreds of years. Everything else in business has been in place for a very, very long time and each of those categories has its own set of default professional behaviors. Many of those behaviors came about as self preservation, people will only tolerate so much of anything. Defining lines and boundaries kept those roles viable.
It's pretty simple, nobody in a company is irreplaceable and IT roles are no more difficult to fill than any other technical role. IT isn't special and has to realize that for them to be treated like professionals they've got to act like professionals. If they don't step up their professionalism they'll just keep seeing their value, and salary, reduced. Salary and authority are directly tied to professionalism, and it's simply not reasonable for anyone to expect professional compensation for less than professional behavior.
Well, I don't know if that's true. There certainly haven't been HR departments for hundreds of years. Despite their relative newness they have more rules than any other department out there! Though I suppose you were talking about rules the department follows, rather than rules a department sets for others...
The problem is that the user are rarely professional enough to check that their systems are legally compliant with the company's legal requirements. Because you know, some regulators react with companies flouting the rules by striking individuals off of the "authorised to practice" list at best and just shutting the company down as non compliant at worst. And that's just one set of regulators and excluding things like "we just lost the credit card machines because we are now no longer compliant with PCI DSS".
Granted, they looked different than they do today, but HR departments have been a thing since people started organizing other people into armies. Sure, signing bonuses were a lot heavier, and more cudgel shaped, and the benefits were shit, but all the positions did offer travel, so that's something anyway...
Accounts Receivable/Payable, Research & Development, Marketing, Human Resources, Logistics/Supply Chain Management, Target Demographic Distribution, Procurement, Fleet Management, CapEx and Real Estate Leasing; those things, and nearly aspect of contemporary business is derived from military organizational structures.
As a good rule of thumb, all business units have a direct analogue in a military unit. Sure, technology and societal pressures have changed many of the methods and processes those units employ, but their primary mission hasn't changed in centuries.
BYOD is fine for really small companies whose IT department consists of "That Guy" who knows how to "do things". A large company, no. I'd LOVE to have my own PC here in the office, because my system performance would actually be acceptable, unlike what I have issued which is one step above stone tablet and abacus. But I don't want Corporate having access to my devices. "You can have corporate email on your personal cell phone, just install this app that gives IT Security the ability to wipe your phone remotely." "Wait, wut?"
Do Corporations and IT need to be better about ensuring that people have the proper hardware? Yes. Do they need to maybe offer employees a choice from a pre-determined selection of devices? Sure.
But, at the end of the day, the average Joe Salesman or Suzie Billing is merely a security risk waiting to happen. Support, considered a cash hole by most corps, gets stuck with barely adequate hardware.
Support isn't a 'cash hole', it's a cost center. There's nothing to be done for that, any internal operation that doesn't generate revenue through its own efforts is a cost center.
But there's nothing wrong with that. Most cost centers are crucial to the business they're attached to. It's on you to make sure people know what you're contributing. You've got to position yourself/department in such a way that 'cost center' isn't negative, it's a cost of doing business that returns (x)... You've got to assign value to that variable yourself.
I've been getting my way in business for very, very long time. So fucking long. No matter how big a dick management is, or how aloof, you can get them to do what you want if you show them how you add value, show them what the money going into your 'cash hole' gets them and not letting them forget. The people in marketing keep chanting the same mantra over and over and over because that shit works. Granted, they don't always get the message right, but that can be fixed. It's the getting a consistent message in front of the eyes/ears of decision makers that matters.
I promise you can turn anybody into an ally if you show them you are aware of their needs and want to help them reach their goals. Obviously you actually do have to help them reach their goals, but if you do that the best you can, with the resources you've got, they'll give you whatever resources you say you need if you deliver on your commitments and keep reminding them you're there, busting your ass to help them meet their goals.
Don't know why you got down-voted, Don Jefe.
However, I will also add, that all other departments, as another poster stated, consider themselves the center of the universe as well and most of us are NOT the boss and have to put up with the Peter Principle of a boss we do have.
My experience is that people who can be persuaded with logic, reason and appeals to their own well being are actually few and far between. People can be amazingly self destructive.
No joke, no lie, still using floppy as our primary means of capturing data. Can be stored on network if we can get PCs to accept the disk. We still have a windows 2000 PC that is used evefyday ...on the network and on the internet. The company will buy I phones, iPads, imacs, for management. These devices are now theirs, not the companies. Gifts. They are fully supported and on the main network and their own private network. We are not allowed to have personal devices on the network. I see this year as not allowing us to bring personal devices in anymore.
Hmmmm, how you think I voted?
Our IT department have just sent me a replacement laptop with Windows 8.1 on it.
I assumed I'd be OK with 8.1 because I read that Microsoft was supposed to put the Start menu back. That turned out to be bullshit.
I powered the thing on and literally sat there clicking things for about five minutes before something recognizable happened. To make matters worse this is a Lenovo X1 Carbon laptop, and it has a touch screen. What the fuck would I want a touchscreen on a laptop for? The lid doesn't even fold right back so I can use it as a tablet (if I was stupid enough to want to put greasy fingerprints on my laptop screen).
As soon as I could figure out how to download and install Classic Shell that's exactly what I did, and slowly but surely the machine became useable once I figured out how to disable the TIFKAM features.
The thing that cheeses me off is that this is a nice laptop...but it's crippled by this terrible operating system, and our IT department made the decision to move to Windows 8 without consulting the user base, and without providing us with training. And because they went for the touchscreen version, the screen is all "fuzzy".
Windows 7 seems to be really stable and useable. Why the heck would they dump 8.1 onto us?
To come back to the question asked in the title of the article...bloody hell yes, our IT department is too tough on users!
Usually IT knows the least about what users need, and often they will find the worst solutions for the users.
This is particularly frustrating with technical users, since there you will find people who strongly think they know better than IT, but are not, as well as those who actually _do_ know better than IT.
I guess one way around this might be to enforce security in ways which can cope with compromised systems. For example make different VLANs or VPNs on your network depending on the access rights you need, and only give people access to the networks they actually need for that machine. For example, while it is bonkers to allow a tablet or Windows box to access your accounting network, it may be acceptable for a tablet to have a connection to one of the client workstations. This way you could access your workstation via VNC (or something) in a limited and comfortable way.
Those decisions need to be made on an individual basis and you need intelligent and creative people to find solutions fitting your situation. Unfortunately this often gets simplified into "more or less control" which is totally idiotic. Just look into large companies and you will find lots of systems which are completely insecure yet completely unusable.
Dear Internal (but mostly outsourced) IT department.
I hate you.
For many years I've been 'Shadow IT', supporting all the people who need things to work rather than comply with stupid policies. i help people back up their computers because I know what will happen when they swap the hard disk you sent them in the post to fix the virus that you already had AV software to block. I help them perform OS updates since the list of 10's of known security vulnerabilities that means they get those viruses installed. I help speed the machines up as much as possible my disabling as much of the bloatware you force on them. I fix their mis-configured printer settings.
Each time I ask 'Have you called IT'. Much eye rolling. Who wants to fill in a form to get a call 6 hours later from someone you can't understand who wants to close tickets?
As the employees all slowly buy their own Macs, sans a formal BYOD policy or anything other than 'best effort' support, I help them adjust.
IT, just keep the networks running. We'll do the rest.
Give the guy a hammer.
If he wants to use a pneumatic impulse tool, then let him work somewhere where that's what they do, because I am not going to provide the compressor, and I'm certainly not going to worry about the maintenance and safety aspects involved if he brings his own to the office.
For the last two decades either I or a member of my firm has ended up getting the users and/or management teams of organisations large and small, private, public or military out of potentially catastrophic data loss or system compromised situations. It is always as a result of users asking for enhanced permissions, accessing inappropriate sites or content or that they have rights that they abuse in the process of either leaving a fim or getting themselves dismissed. It is always the poor IT departments that get blamed for not stopping this sort of thing but unless proper controls are in place, data is both restricted and monitored and users are held responsible for all their actions then I say to all IT managers out there to make sure your users know that you will not suffer their stupidity lightly.
In my organisation, where the IT equipment is locked down for security, IT is constantly warning of the dangers of viruses and fishing attacks, you could be mistaken for thinking they don't actually trust their own anti malware solutions.
But then again, as they can't apparently delete a malicious email from everyone's mailbox - they issue a priority security email warning about not opening the malicious email!?! - maybe their paranoia is justified.
And this from a major corporation.
I understand why PC are locked down, I don't have a problem with it, but if you go too far and tar everyone with the same brush, you end up with a single build designed to be used by generally non-IT savvy staff, which simply succeeds in totally pi**ing off the actual IT staff who are supposed to be developing applications for said non-IT staff. And it doesn't matter what CPU you have, load the OS with so much software designed to monitor, prevent, or even brand/de-brand, then the PC will always run like a dog.
It's an even worse situation when you have to have a laptop/desktop replaced purely because something has screwed up in the software, which if you had admin access (taken away during "upgrade" to Win7) you know can easily fix, then spend the next 2 weeks trying to get all the software you had on it correctly reinstalled by offshore support (the onshore support got axed, naturally) who basically don't have a clue.
As for getting new servers built to house new systems, even VMs, that descends in to the realms of filling innumerable, confusing and downright indecipherable reams of paperwork, electronic or otherwise, using badly designed 3rd party web based software, only to end up at the back of the queue for resources behind another request from somewhere who's boss can shout loudest.
My comments aren't directed at devs who know their ass from a USB port, nor at "other" IT personnel such as IS people, server support, and so on. This is for the rank and file user out there:
You are the enemy. You are the problem.
Your continued insistence that you should be allowed "freedom" on enterprise networks - the freedom to click that install button for Crystal Bejeweled Candy Plants Versus Birds, the freedom to bring your likely compromised toy (ipads, iphones, 'droid tablets, etc.) devices in to the office and connect them to the corporate network, the freedom to jam USB drives you find on the sidewalk into the workstation at your desk, the freedom to browse unsecure websites willy-nilly and "upgrade" your browser so it "works better" or use a different browser because you "like it", the freedom to run attachments you get from email@example.com - they MAKE YOU the enemy. "If it weren't for stupid people like you, doors wouldn't need locks" as the saying goes. Users, despite being the reason for my (and thousands of others') job, are the most ridiculous, entitled bunch when it comes to the computers they've been issued.
Listen up: read that last sentence. "the computers they've been *issued*." That's not your computer, that's not "your" workstation, that laptop shouldn't go with you so your kids have something to do while you ignore them on vacation in Orlando, it is a piece of corporate hardware. End of story. The insistence on bringing in unsecured devices and attaching them to a corporate network MAKES YOU THE BAD GUY. Not me. Not my insistence on locking your workstation down. Not my insistence on forcing you to use only the apps we installed. Not my insistence on not updating your Flash until I'm sure it doesn't introduce a bevy of vulnerabilities, leaving you calling me with "CAN'T VIEW YOUTUBE!!!!1111111111 FIX NOW!!!!!!!!!!!11111" tickets. You making that call is the problem.
Without your ridiculous sense of entitlement, your treatment of THE COMPUTER at your desk as YOUR COMPUTER, we wouldn't see stuff on The Register like "HUNDREDS OF BOFFINS' DATA SLURPED BY CHINESE BOT? Users fooled by Genghis Con!" every other week.
Do me a favor, those of you huffing and puffing and trying to smack that downvote button...do me a favor. Find out if anyone in your neighborhood is a bus driver. Ask them how many times a year they pack the family up in the MTA bus and drive them on vacation in it. See if you can find an Army tank commander who hauls the family up to Sausalito on a weekend jaunt in the Abrams. Do you know why you won't? BECAUSE THEY KNOW THOSE VEHICLES ARE UNSUITED TO THAT PURPOSE AND DON'T BELONG TO THEM. WHY CAN'T USERS UNDERSTAND THAT ABOUT THEIR COMPUTERS. IF YOU'RE BORED AT WORK AND NEED TO TOUCH A KEYBOARD BRING A TABLET FROM HOME AND USE THE FREE WIFI AT STARBUCKS ON YOUR LUNCH HOUR.
it sounds to me like your users arnt scared enough. I fully agree with your statements, but at my place, I could remove all lockdown policys and it would be months before anybody noticed they could get to youtube.com . They simply would not dream of plugging a usb stick in , let alone their own device.
Cos they have been told in no uncertain terms that such idiocy will end their employment.
not sure who by
You sound like you would be good at that job actually :)
A classic misdirection. You really don't understand that IT is a service provider to the "rank and file", as you call them. They are your customers who you should be doing everything to satisfy, so they don't opt for an alternative supplier at the first chance they get.
Your arrogance at their ignorance is typical of many IT departments. Why aren't you training the rank and file in IT security and their responsibilities? Are they just supposed to magically know what you know?
As for only allowing applications that the IT team deems suitable, how do you know they will enable your customers to do their job? Do you understand your customer requirements? Have you asked your customers? What is the process for adding new applications and services? If your attitude is "the answer is no, what's the question", no wonder users don't think much of the IT service.
And regarding Youtube, many training videos are available these days, which would solve users questions in the absence of company provided training. But IT still thinks Youtube is bad. Apparently, it's too difficult for IT to identify which users access Youtube for job related purposes.
Finally, shouting in your comments makes you appear to be intolerant to the very people whose skills enable you to have a job in the first place. Or maybe you believe that there is no IT in team...and you have the audacity to talk about entitlement.
> They are your customers who you should be doing everything to satisfy
Whilst this is true, we need to be very careful about what we mean by "satisfy".
It doesn *not* mean "let them do any thing their pretty little head thinks of doing". There are times when users really do need saving from themselves - many of them don't know as much as they think they do, and their immediate desire has completely ignored the fact that what they want to do is mind-bendingly dangerous...
My usual response is along the lines of "I'll need written authorisation for that". If I'm particularly annoyed, I'll often follow up with "I will be forwarding that to your boss along with my assessment of why it is a hazardous operation". This usually at least gets them to think a little bit about the risks involved...
> For "satisfy" read "meet their business requirements in the most cost effective way".
And for that, you need to define both "business requirements" and "most cost effective way".
Quite often, such definitions will not encompass what $user is demanding I do *right this minute*, hence my request for written authorisation.
When you get above the rank-and-file of IT, you move into office politics, which has a completely different set of rules. One of those rules is that "the customer is always right, about what their initial requirements are" (Most customers only know the first stanza of that phrase).
So if you in IT can see a problem that needs a solution, analyse it and put the solution in before the customer has a chance to stick their oar in. Example, refreshes using disk copies, these had been taking a while for ages, so when we ordered a new SAN Array, I insisted in the replication licenses being included in the software bundle. I then wrote a set of scripts in a couple of weeks and had a working example with documentation in a month. All before the user got wind of it. They are still be used 5 years on, just modified for the new SAN Array commands.
The problem with this approach is you need separation from the customer so you can do this in private, you need a boss who trusts your judgement and will back your recommendations and you need the skills to complete what you are getting into without an external consultant. Oh and a test environment you can take out during the day.
Some final hints,...
Never! let the customer look under the hood at what you have done, they will dismiss it because they do not understand it.
Never! allow an alternate methodology to be trialled first, you will never be allowed to get back to yours.
Never! accept anyone's word if it is not in an auditable email. A casual approval should be responded to with "flick me an email with your formal approval so I can attach it to the request".
Always! quote timings to implement as "from formal approval" and use the words "formal approval" repeatedly in meetings to emphasise the point.
Thank f**k I am retiring soon.
There is no such thing as perfect security, but we are spending more and more energy and time in pursuit of that perfection. At least that's how it seems to me as part of the food chain of one of the biggies. We need to rethink the problem in more flexible terms of limiting the exposure of truly important information while still making it possible to do our jobs, and insofar as our jobs differ, they also call for differing tools and for corporate flexibility in allowing for the use of those tools. The alternative is to gradually sink to the smallest set of tools that can be adequately "secured". Unfortunately, that weak set of tools seems to be where we are headed--and we STILL can't get that perfect security.
By the way, I looked at the survey, and it was way too long. I suggest you break it into pieces. For example, you could put the most interesting piece first, ending with an option to receive the later small pieces on some reasonable schedule, perhaps weekly or twice a week over the next month.
You forgot about the geniuses who forward a 20 Mb email chain letter to everybody in the corporate address book. And then they wonder why email doesn't work or the network is slow?
I ripped out the 20 paragraph rant as I came to a revelation: I've become my father in my work place. Now I know why he always called me a dumb ass, because in retrospect I did some pretty fucking stupid things. I learned from a lot of his guidance and I truly want others to benefit from his wisdom and/or learn from my fail, but since I'm not allowed to paddle anybody or "use a belt", I still argue that a taser or a cordless nail gun are perfectly legitimate tools for the IT tech's tool kit. It only takes a couple of bladder emptying jolts or a nailed foot to the floor, to get the message through to them.
IT comes in an complicates things because that's how it's always been done. For example, a current project I'm working on was RFP'd to external vendors because the IT group said, "Nope, we don't do that kind of custom work anymore." So with their blessing, a vendor was chosen who's solution had a key feature of allowing the business users the ability to create their own basic functionality (it's really simple stuff) within the framework that was created by Vendor/IT/Biz collaboration, and enhanced in the future through a typical development process. Just this week, one of the software architects went on a long presentation about how all changes, even to that business-controlled functionality, should be married to the 9 month development cycle for full IT development work, QA, IT version control, tollgates, etc. Never mind that the solution is replacing system that is business-driven and working, but running on an EOL'd platform, or that the business is on a 30-90 day TAT for new requests. At least one sane IT voice said, "Well, having a monthly release separate from the IT calendar would be wise, just so that the Help Desk knows what's coming if there is a problem."
I've been in both business and IT. I've seen complex business processes managed out of Excel spreadsheets who's original author left years ago, leaving the business with a "suck it and see" change management process. I've also been part of IT groups who think even document templates are an IT-managed resource, and woe to the business team who thinks they can run an end-around by creating their own (this really happened... I was floored that IT cared that much about a Word doc that wasn't part of any IT process). IT is necessary, as many of the skill sets necessary in business are not useful when it comes to development. But the fact remains that IT is not always agile enough to adapt to market changes, sometimes business process breaks a system regardless of intentions, and that just because something has an IC embedded in it somewhere does not make it an IT-owned asset.
That may very well be true, but if there is an issue with something with an IC chip in it, guess who has to fix it. I'll give you a clue, its not the users or the Business that insisted they couldn't operate without it.
I work for a charity that runs a business for hosting conferences as one of its sidelines. They want to "computerise the whole thing". IT was told this is the system we will be using. We were then asked to cost what was needed. When we came back with a cost of $30,000 the business was shocked. This included the software and licences for two people to use it. It didn't include any work to integrate it with our financial system, training for end users and maintenance. Its not web based, and we need to buy two PCs for it as they don't support Macs
This is what happens when people think they know what they want. We have been told to install it and support it.
"I've been in both business and IT. I've seen complex business processes managed out of Excel spreadsheets who's original author left years ago"
me too :(
they wernt even full time staff - "consultants" contracted in to knock up a solution in excel of all things - then password it and bugger off so you cant even go in correct bloody obvious errors
Financial processes aside, many companies just don't have a clue what processes are about, they just pay lip service to them.
Application development processes, password security processes, staff management processes... If these had been in place, none of the problems you described would have happened.
From a it IT point of view If it's a 1-1 device like a laptop or PC that only one person uses then they'll get local admin rights. Any shared computers will be managed and locked down. The issue is from a legal point of view how to make sure they stay compliant in terms if what software they are allow or making sure they can't bypass any security measures we've out in place such as av, drive encryption or filtering,
I know we all like to make sure things are locked down and the end users have no freedom but we have to remember at the end if the day we are there to enable the end use to do there jobs and locking it down too much can be detrimental to this.
The IT dept really don't understand what the business does. It works to the whim of a few and can't see the needs of the users. Although many of the desktop support have a tendency to be completely useless, the shear lack in up to date systems and the inability to provide simple services that would make the organisation incredibly more efficient is clearly the fault of the IT management.
If you want effective IT management bring the IT teams into the office, have them work side by side with the rest of the staff. The IT teams are part of the business, have them support the rest of the work force in day to day activities, you will then evolve your IT systems and staff to maximise the effectiveness of the IT systems.
That would be nice, but when the typical IT department is stuffed down in the basement it is very difficult to do.
In a past role as Desktop support I was told NOT to talk to the staff, just do the work and leave them alone.
This was instructions directly from very high management.
It's all down to personalities. Some IT Policy setters hate the idea of any users doing anything other than working on their corporate issued equipment. We call them Control Freaks. Others are more tolerant and accept that very few people can actually be productive all day every day. Silly cat videos can actually boost productivity.
I have worked for companies that use the super-lockdown policy and I stayed a few months and got the hell out. Probably explains why their workforce is incompetent and inefficient. All the good people left.
I've worked both sides of the IT equation and in my experience if you allow people some leeway then they are normally a lot happier and less trouble to the SysAds. Yes, there is always the office idiots, but you can put them in a "special" OU group and lock them down. If they complain just point to their record of ****ing up their PC. The whole idea of locking everyone down because some people are idiots is just,..... idiotic.
Whilst I agree that sometimes (we) the it staff are to strict, I also feel that many othe the "customers" we support are lazy / bone idle ignorant and until they (the end customer) learn to dress themselves, the basically, as harsh as it seems, we have to not trust them
Examples, I kid you not, from our department, in the last couple of months.
Can I call this number (just a standard international number). My reply, Have you tried? Last I hear from them.
There was a power cut and my pc is not working. Yes...they hadn't turned it back on, as they leave it on all the time.
Mouse is not working. Checked cables? Of COURSE they have! Mouse not plugged in.
Network disconnected displayed on the phone. See above.
NO ONE CAN CONNECT NOTHING IS WORKING....4 people on one desk, connected to a hub they shouldn't have. Hub has died.
Laptop died, the person hand't done anything, it just died. IT guy pick up and coffee runs out from keyboard. They STILL DENIED everything.
Then some other ones.
Network died on a site.....took while to work out this one....some bright spark thought they would configure their HOME router on our network (no longer an issue due to better kit).
IT need to sort out electric in the office as a pc must be faulty, as when they turn them all on, the power blows...Traced it 2 fan heaters and a convection heater running of an 4 way, off an 8 way, off a 4 way....
Now that's just the "fun ones", I'm ignoring the really annoying "how do I do this", sort of questions, now not the really complex, pushing the boundaries type thing, but the things that hitting F1, Googling or heaven forbid, a basic training course would fix.
Part of the issue, that people expect to be spoon fed these days, are so use to clicking one button and if it doesn't work, throwing their toys out of the pram and demanding someone else "fix" it for them. It's not just IT, just look at the levels of reviews for some apps or hardware. It's just easier to bitch, moan and fire of an email than actually think for yourself.
So here is a plea.......
Think for yourselves and spend just a couple of minutes running over some basics, that's all we ask, then, if you can do that (and probably freeing up about 40% of IT's time), then we can actually spend time getting the better stuff in for you, so you can do more, instead of pissing around with lazy people, who would rather someone would come racing up and plug the power lead back in for them.
In fact IT is not nearly tough enough,
I work in a School and a group of students are quite good at bypassing the security we have, I am in favour of increasing security to usable levels but have been forbidden from doing so, suggestions have included a banned by default software restriction policy, forcing everyone to change passwords once a year and some form of password complexity requirements.
It seems the school values the students freedom to play computer games in lessons more than basic security.