This is my network, I use it to make money, and you are not allowed to connect to it without my permission, and then only under strict rules, set by me.
Anyone who thinks otherwise is deluded.
Pundits say we are entering a new era of freedom and empowerment. Users should be allowed to do whatever they want to improve productivity and make their lives easier. Whether it’s hooking up personal devices to the corporate network, storing confidential documents in DropBox, or discussing business matters over social networks …
This is my network, I use it to make money, and you are not allowed to connect to it without my permission, and then only under strict rules, set by me.
Anyone who thinks otherwise is deluded.
Technology has outstripped application for at least a couple of years.
And humans have, for the most part, refused to actually understand what "technology" means ... As a technically inclined person, I sometimes wonder what Oldowan flint knappers thought of their contemporaries, who refused to even attempt to understand the technology ...
In a company privately owned by you that certainly applies.
On the other hand, in the corporate space, CIO's are reaping the dividends of a decade of "computer says no" policies, dishing out slow, clunky hardware, and refusing to move with the times. Most IT professionals I know focus on essentials of security, TCO, and availability, and rightly so. Just a pity that so often this is interpreted as meaning "buy Lenovo's brick like laptops, stick with known quantities like IE6, outsource infrastructure to HP, ban anything new or novel because ICBA to help the users take something new and deliver a business benefit without compromising the essentials".
Funny really, that the IT department used to be about new technology, and so many are now stick in the muds who don't want to progress from a rather comfortable rut.
Wish I could upvote your comment a couple of times.
In the past few months, I've seen the problems from the other side and although I don't like to criticise too harshly, I'm really stunned by what I see here in terms of the paucity of IT delivery. Your comments are just a snapshot of some of the problems that users here face on a daily basis and the amount of wasted time and money every year runs into seriously large (telephone number) amounts. Add to that the frustration that I hear from the users and it's easy to understand why some IT departments and personnel are treated with such contempt.
Have a drink on me
Actually IT is a business service, a cost centre. If it doesn't provide the benefit required, it can be outsourced.
IT doesn't own anything, the business does, and practically that means the board.
What we are seeing is a rerun of the mainframe era, where obstructionist rules got in people's way - and they bought PCs to sidestep them and get things done. IT seems not to have learnt the lesson from that age - maybe all that did have retired?
This is my network. There are many others like it, but this one is mine. My network is my best friend. It is my life. I must master it as I must master my life. Without me, my network is useless. Without my network, I am useless.
What has always annoyed me is that too many corporate/company IT depts. feel that the business that it supports is actually there to support and work for the IT dept.
They forget it's the business that makes the money. IT is just one of many enablers.
If you work in IT then often you are 'just there to serve'. Make sure the business has what it needs to meet current and future challenges (not what it wants, big difference) and you are golden.
Oh and speak to the customer, sit with the staff and take the time to learn how they actually work. Helps to avoid all those costly assumptions. Sitting in your IT bunker isn't helping. Dangerous talk but it works.
spot on Jason7,
You can tell the BOFHs that think they run the company bvecause they use phrases like "my network".
These are the ones who for some policy reason aer safe from being outsourced, and the company is unaware that the IT dept could be working for them rather than vice versa.
I'm not saying you dont have to say NO to your customers sometimes when they come up with a stuipid idea, like using facebook as some kind of company noticeboard.
Considering my experience of inability by alleged IT professionals to use something as simple as a web browser such as "the network is broken because a web page I want to access is saying it is not currently available"
Somebody pass the synthetic opiates
You're asking for trouble if you let users have too much power.
New options mean new material for BOFH episodes
We must stop them before it's too late!
Power for users is like protesting for plebs.
Give them just enough leeway to make them think they have freedom but make sure your security forces can cope with anyone that tries to push it too far
Take file security for instance: the users would like rights restrictions on a per file and per user basis on the whole network. Well, we can do that of course, but we can't do it with our current headcount, so how many of your colleagues do you want made redundant in order to hire extra IT support staff? And how many security breaches do you want a year?
I hate to think how often we find totally inappropriate access to confidential data because rather than wait for service desk to catch up its been put in a handy folder where half the organisaion can see it. Or when a senior executive has brow beaten some junior into bypassing large chunks of security because said exec wasn't prepared to listen to an explanation of why said restrictions were in place.
I've seen a listing of file and folder rights for a department of around 200 active users that ran into twenty or thirty pages of A4: try auditing that? And yet it needs to be audited, because the man is going to be coming round. That was the result of a self service solution... Self service ought to be part of the framework, but how do you get self service without also getting chaos?
There are often no easy answers to this stuff, because its primarily about people, not about technology. Of course from time to time a new naive manager gets sold a technological "solution" for it, a huge amount of time and effort is wasted, and then at the end the new technology is quietly sidelined because people are still people and it hasn't made enough difference to be worth the trouble...
Better be an AC I think...
Nearby workplace - yesterday. Young employee (new) asks co-worker for admin password. Installs messaging software, and changes password. Promptly forgets what it is. Now neither of them have e-mail until IT support gets back from holidays in 3 days. What's wrong with this picture?
1. Your company hired an idiot. They can still be dismissed without notice. Do so.
2. They have learned a valuable lesson that no amount of pointless email circulars and seminars would otherwise have told them. Let them stew in their stupidity stressing about being fired. It will be motivating.
3. You have no support back-up. See 1. Your company - albeit in a stripped-down example that may merely be illustrative - is very badly managed and you have bigger problems than passwords.
No admin_backup account tucked away with admin privileges & admin account known by users?
Smacks of incompetent admins to me.
"admin account known by users?"
why the hell would you do that? If the user has admin rights to the machine theyd be installin all kinds of crap all the time.
In my place, the apps they need are installed already. no need to "alter" their machines, so no admin required
I've got a delicate balancing act here. We try to provide suitable technology for the users, within the constraints of tight budgets. That means bog standard PCs for the office staff and suitable laptops for the mobile staff. We use Blackberry because of the roaming data charges (which would cost us thousands of pounds a month if they all had iPhones as they'd like). I'd love to give them all tablets but they could only do half their jobs with them. As it is some users will take their own tablet away with them instead of the laptop - fine as long as they are doing their job. We provide access to their email, etc. by that route.
Trouble is the worst offenders are the directors!
Give users more power and they'll royally screw things up and then place the blame on anything but themselves and the cost to fix it, and the incumbent delays this causes to other tasks, will never be assigned to the user.
For example, sharepoint (an unmitigated POS at the best of times), has a security scheme that makes the standard Windows file and print security look sensible. Give users uncontrolled access to this and you'll be tracking access problems for weeks.
Likewise, give users full access to file security and you'll get endless problems relating to rights propagation, or rights not propagating. This is before the problem of share level rights overriding but not being overlaid in the security inspector and on some occasions propagating and others not.
These are just two examples of common technologies in place. Yes, MS could attempt to fix the abortive mess they created in the first place, but doing so would break millions of existing installations. MS may like to regularly fuck up the User Interface of systems but even they're not as stupid to make these changes.
The question is really what do users actually need? They don't need more power - it'll lead to problems. But the answer is partly in the question... "need". Needs change and a good IT department should be responsive and try to regularly re-assess users needs and promote a culture where users are able to suggest solutions and where the IT staff have the people skills to resolve what the users actually need, communicate with the user in sensible language and look for the best way forward.
Alternatively a snake-oil salesman can sell you BYOD.
> promote a culture where users are able to suggest solutions and where
> the IT staff have the people skills to resolve what the users actually need
And perhaps even more difficult, a management culture where there are sufficient IT resources directed to resolving those needs, rather directed to the next big project that's very exciting and looks great on the manager's CV but doesn't do an awful lot to advance the business... I am convinced that in most organisations you can do a lot more to increase business efficiency with 100 small projects than with one big one, but in practice its a damn sight easier to get authorisation for one big project than for 100 small ones...
No, you don't get to dictate what I need, any more than vendor of the chair I sit in gets to dictate how I choose to do so. I can (and sadly do) get pointless annual advice from health & safety (another cost centre) about ways to sit in the chair without harming myself, but no one actually give me a spot-check to make sure I am sitting in the prescribed position. What you are describing is a management problem, but your solution is that of the school: no one owns up to giggling, so we all get detention. You can do that, but the people who actually make the money are slowly winning. I hope you realise this, because the long-term future is not looking rosy.
but the people who actually make the money
I always love this argument it has no legs at all. See how much money you make without IT these days, go, I dare you :)
Utterly specious. You don't make the computers and phones work, you support them, and you may also be involved in the installation. It is more efficient for this to be managed by specialists, just like it is more efficient for one person to manage the buying of the stationery. But don't confuse efficiency for necessity, particularly when the efficiency gains may in fact have quietly morphed into self-perpetuating bureaucratic overhead. There is a root cause for BYOD - you get that, right? And you get that this doesn't happen with stationery, furniture (for the most part), climate control, or lighting? Yet something has happened where "users" (the contempt drips from the terminology) are saying no. I would suggest that you might want to think a bit more about why that may be the case.
The questionnaire took me a good half hour to complete.
I got half way through and then thought, "Screw this! This is taking me forever and I'm getting nothing useful out of it.". Then I closed the browser window.
Yeah i thought that when it kept asking me if I.T was working ok for me, rather than what do my users recieve?
"Maybe users feeling they need to do their own thing is a reflection of inadequacies in what the company provides. Rather than totally rejecting the cry for freedom, or going to the other extreme of giving in to it too easily, perhaps we should simply roll out more appealing and flexible corporate solutions."
Or maybe the end user should shut the fk up and get on with the work. Cut the "I’m more productive on my mac/iPad" bullshit. You have what you need, and if productivity reduces disciplinary! Then sacking with a reference along the lines of 'they didn't want to use provided equipment and acted like a spoilt child because they couldn't use their iPad, so they were sacked for gross misconduct'
I could use any piece of tech and still be effective and productive at what I do. I would not show myself up by trying to justify an iPad (like i'd use one of those JOKE machines)
or maybe, just maybe, some of these issues go beyond the pure technical. Director insists on pushing iPad's (or whatever shiny device is in vogue) to sales team. IT department state this is not cost effective, doesn't help and can be easily dealt with by much cheaper solution. Director realises that said sales team are fickle lot who don't care about the technology but are pretty good sales team despite being flash Harrys and over-rides IT. IT call director and idiot who is wasting money and getting no more productivity (and possibly less). Director understands there are possibly more factors in play and that these pointless shiny objects act as a decent retention tool and the cost is outweighed by the potential recruitment cost that would be caused by additional team churn...
I think a big part of the issue is IT departments quite happily force users to do stuff that they themselves bypass.
Users browse the net via awful proxy products that AV everything and block lots. Internet is sluggish and videos don't stream properly. Not a prob for the IT guys who have direct gateway access on grounds of 'we need to download exe files as part of our job'. oh and the proxy sucks when we're watching movie trailers.
Users have to use some sort of nasty restricted 2 factor authenticated terminal server to work from home. IT guys have nice little L2TP backdoor straight onto network.
Obsessive port blocking of all webinar / skype type products for end users. Meanwhile IT guys sit chatting to mates on same stuff all day, and have a 'need' for webinar products to get remote support.
Personal Android phones for IT bods have MAC address on allowed list on wireless controllers. End users have some painful lockdown / sign-in abomination 'for security'.
I do. I can log in using 2-factor auth more quickly than you can type your username. As for bypassing the proxy...I don't have to because when I'm at work, I do work only. I only browse recreationally when I'm not at work.
We in our department are just as restricted as all the users we support, currently we are rolling out user only access to all the users (a change from years of local admin access to the machine fro ma time when the company was a lot smaller) we are the first group to be forced to use this model, yes we have an admin account but we only use that to do the admin stuff, the rest of the time it is our standard user account, and no we do not stay in the admin account either since our workflow is setup for the regular account - no email - helpdesk tickets etc on the admin account.
We also use the same vpn solution into the same systems as all the other users, and we are all going through the same proxy/firewall everyone else does, this way we cannot be accused of exactly the things you pointed out.
One of the crutches of being the company IT department is that you are expected to know every system, platform, piece of software both proprietary and commercial that any one person will ever use, you are expected to keep all systems at 100% uptime all the time and you are expected to keep the entire system 100% secure (or as close to it as humanly possible given business needs) all the time.
The restrictions seem archaic, but that is because whenever a system goes down, is slow, does not perform as expected the IT crew gets the blame even if it was not directly their fault, maybe it was a new patch from dev, but of course since the patch was rolled to prod, then if the prod system falters in anyway it was the IT guys fault for not knowing that it would hose everything. Also if there is a security breach of any kind then the buck stops at the IT department whether it be the head of the department or one of the lesser workers. in the end the buck always stops at the IT department so in order to maintain any sort of career most departments make sure the users with the best intentions cannot do something foolish that would harm the company and probably get the IT department in hot water or fired.
just because you want your tablet to do this that or the other on the network, and to you it sounds so simple just to give access to some device or share or AP, it quite often isn't.
I assume you are on holiday then as this is posted in the middle of the day on a workday...
@theodore Define "browse recreationally"? In fact don't - that's the problem. It's not, or at least it shouldn't be, up to you. I have had to be white-listed for streaming video, which it was assumed was YouTube. Hardly - ft.com etc. I had to be whitelisted for Blogger and Wordpress and I forget the others - because half the links on FT Alphaville are to sites hosted there, or charts are there. I got approval for Twitter only after showing that my boss' boss was tweeting. And so on. While I'm lucky enoguh that I can get this nonsense over-ridden, I resent having to make a use case to someone with no qualifications to make those choices for me. Boo hoo, right? Sure. But I ensure the bills get paid.
@RonWheeler Dead right.
Giving users more power is like Mercedes or BMW supplying you with a spanner, no user guide and telling you to service the car yourself.
Most users wouldn't even be able to get the engine covers open. For those that did they would then say, shit this not quite as easy as it looks. Those that did bravely use the spanner would quickly destroy the engine.
Those same users would then turn round and complain that Mercedes, BMW produce shit cars.
I wonder if those same users also want to manage the accounting themselves, or the security, or to go out and get new contracts whilst explaining to the client that the IT department is in tatters since they are now managing it for themselves.
Users wanting more power is nothing but ignorance on their own behalf. Many users appear to be in the belief that running an IT department/servcie is the equivalant of installing their own home computer. How f****ing wrong they are..
Sorry but this is a terrible - but telling - analogy. If I buy a car I can do what I like with it (within the law). It may not be very wise, and if I don't know what I am doing I would be stupid to try, but BMW doesn't come round and prevent me from opening the bonnet. On the other hand, if I want to install new car stereo or hand furry dice in the windscreen, no one will stop me. As it happens, I _don't_ fiddle with my car, just like I don't fiddle with my boiler, or my toilet cisterns. I am a grown-up and don't need someone to tell me that doing so would be a bad idea. On a PC, I have a pretty good idea what I am doing, and I certainly don;t need my choice of browser, or how up-to-date my Flash plugin is, or whether I can turn on font smoothing, or whether I can install an app from RIM's own store on a BlackBerry, or whatever it may be dictated to me.
so whats your point?
Just because you tinker with things you dont know about dosent mean users wont.
Although I'm with you on it as our workstations are so ridiculously locked down the users can barely function.
I often think of it as a hire car where they lock the bonnet, remove the spare etc
I think we gave the upper management a list of "Lockable" things, "run command" , cmd prompt etc , and they just said "LOCK IT" to nearly everything. Which does present the users ( AND ME) with considerable problems
no diagnosios or fixing can be donme when user is logged in.
if it was the car analogy it d be like
radio "NO! what they need that for?"
back seats "NO! what they need that for?"
headrests "NO! what they need that for?"
rear wiper "NO! what they need that for?"
demister "NO! what they need that for?"
fuel gauge "NO! what they need that for?"
rev counter "NO! what they need that for?"
glove box "NO! what they need that for?"
window winders "NO! what they need that for?"
AC "NO! what they need that for?"
spare tyre "NO! what they need that for?"
but when you look at whats left.... ugh
I think that's a good point.
I spent years begging IT to give us an off-site back-up facility to store essential work files. Nothing.
But along the way they came up with a whole bunch of bought in complicated central database systems to store other types information that weren't mission critical in any way, and were mostly too unwieldy to do the job that was intended.
So we ended up with a web based "business continuity" database with hundreds of sections and sub sections, mostly with incomprehensible names and controls, for every possible eventuality. Most of it was too complicated to access if there was a real emergency. But the section that was for "Loss of essential files" could have been useful, except that it couldn't be filled.
... it has a serious problem.
Infrastructure is supposed to be invisible. You should never even have to think about it until something goes wrong. If your IT systems are constantly falling over, your IT department is broken. If your users are constantly screwing things up through ignorance, you need to train them. Note that the latter is NOT an option: every successful business invests in its workforce to make them more productive. A user who knows exactly when to use Excel, when to use a database, and when to use a proper DTP application instead of trying to do every f*cking thing in MS Word, is a user who is helping your business run more smoothly.
Managers are supposed to handle the higher-level strategy or tactical aspects, not running around like a ragged-arsed chicken constantly fighting fires. They're supposed to be making the business more productive – i.e. more efficient – by finding ways to improve systems and processes.
If the IT infrastructure is constantly getting in everyone else's face, saying "Can't do! Computer says 'No!'" and so on, it is BROKEN. No "ifs", no "buts". The purpose of an IT department is to support the business, not vice-versa. IT is but one of many components. It is the grease that keeps all that corporate machinery running. If there is friction, you're doing it wrong.
I've seen this from both sides – I've been an IT Admin and a manager. (For a while, I was doing both at the same time; it was a very small business.)
Yes, your colleagues (not "users") may be ignorant of how computers work. So what? I doubt many of you understand the finer points of logistics, or tax accountancy either. Everyone is ignorant of something. Your role is not to throw up obstacles and jeer at their ignorance, but to find out how you can HELP them. You can offer to train colleagues in the finer points of using a PC – I think of training and education as "preventative customer support"; it drastically reduces the number of support calls you get for basic issues and leaves you much more time to get on with other tasks.
If your managers see you only as a "cost centre", point out to them that learning to drive costs a shitload of money these days too, but few drivers then go on to whine about how it's made them less productive. Education and training is much cheaper than pissing away valuable time firefighting trivial problems that could have been avoided by eliminating ignorance.
And this training works both ways: IT staff cannot help the Accounts department effectively if none of the IT people have a clue what the accountants there actually do. This is basic Systems Analysis: you need to find out what your colleagues need – which, as others have pointed out, is not necessarily what they want – and find ways to make that happen.
THAT is your job. THAT is what IT administration and support staff are supposed to be doing.
All that said, there is a generational problem going on here too: IT is in a constant state of flux and transition and not everyone can cope with the frequent changes.
If, after all your attempts to train and educate a particularly IT-illiterate colleague, they continue to screw things up due to their incompetence and inability (or lack of desire) to learn, then, and only then do you get to tell HR about it and suggest said colleague is either let go, or moved somewhere where they can do less harm.
I say this because IT is infrastructure, like plumbing and electricity. If an employee is regularly buggering up the plumbing, or plunging an entire department into darkness, they'd be let go immediately. It's 2012, not 1982. There is no excuse for being so totally clueless with a basic tool of the trade. You wouldn't hire a carpenter who has no clue how to use a hammer, so there's no acceptable reason for an HR department to keep people on who have no idea how to use a computer in this day and age.
Both sides are right. The answer is, as is often the case, in the middle ground.
Brother! Where have you been all my life????
I agree 100% with what you say. I made a similar if smaller comment along the lines above earlier.
Way too many senior IT managers think they are the ones running the company and that attitude filters down to their IT staff which it turn just makes a 'them & us' situation.
I remember telling several grey haired IT Managers they very same things as you mentioned about getting to understand the business, knowing how they work and becoming the trusted partner when I was going for job interviews for IT Relationship Manager positions.
I think I scared the life out of them, hence I didn't get the jobs. I guess the last thing they wanted was someone trying to work WITH the business rather than against it.
But it just makes life so much easier.
"Instead of arguing, lets just work it out and then we can all go down the pub for a pint?!"
Agree to an extent. The real issue is a largely people one, but everyone is talking about it like it is a technical 'security' one.
Minor example from several years ago. I've been there and reluctantly dragged into letting a department have Firefox on their PCs. Historically everyone had IE7 as several of the intranet sites need Activex blah blah usual stuff. Funky new 'make a good impression' Head of IT decided to trial FF as some of the funky blogomarketing types wanted it.
So,OK, we said we'll go along with it as long as users are told FF won't work with Intranet and if they have problems they go back to 'supported' IE. Naive new boss enthusiatically does big PR email stunt among users showing how flexible/hip we are. The 'go back to IE if you have issues' part got downplayed of course.
Every single day phonecall after phonecall from users trying to get onto intranet sites that wouldn't work.. Told not to, they still did it. Over and over. Told not to make FF their default browser, but some of the department experts went round showing their mates how to make FF default browser. Then when users clicked on links in Outlook, inevitable happened. So we start running logon scripts to lock down users' preferences and the proxy settings which some of the l33t haxor type users started messing with to get round proxy (wouldn't work - no gateway, but they tried...) Never mind the hundreds of calls from users who couldn't understand why bookmarks from FF weren't showing up back in IE. On and on and on. We dragged boss back into it and of course there was much hand wringing as he didn't want to back down from his big PR stunt, meanwhile first line support getting hammered with waste of time BS. Never mind when users start sticking add-ons into FF and it becomes a further support issue. And that some Java apps weren't compatible. Etc etc Meanwhile big fluffy 'training' exercises done which was of course the usual waste of time nearly all IT training courses are.
Of course it got endlessly escalated up to us in 2nd line support too. Why does't intranet work with FF (we told you before this started - nobody listened) Can't you just patch it to make it work? Can't you just..., can't you just...
We tried to make it a HR issue where people who were serial idiots would have FF permissions removed. And of course that didn't happen - user stupidity is not ever a reason for having user 'rights' removed. So IT got f£$%ed over by letting users have what they want.
The only way to give users more power is to have a mandate that if they f$%k it up, they get the nice toys removed. Back in the real world, that doesn't happen, thus the endless lies and BS about pretending stuff is a security risk goes on and on.
In our corporation, we just kept tight control on the admin password and changed it reasonably often.
Kept most users with their standard user accounts locked down.
The other thing is keep the staff busy enough so they don't have time to dick about.
@RonWheeler - If your intranet doesn't work with Firefox, then, no matter how much you call it a user problem, it means your intranet is badly designed and badly coded. End of.
I think your "Funky new 'make a good impression' Head of IT" is just trying to drag your department into 2005. You all should've stopped dragging your heals and worked with him/her to make it happen.
Yeah - cos teh intranetz is just a basic html website innit. Not a mishmash full of proprietary off-the-shelf applications largely chosen by finance people, HR etc and dumped on IT to support. ActiveX is IE only and a problem got raised - nobody in those departments wanted to know / cared cos ooh, look at those whizzy reporting tools! That is why staff power is a problem - they can't do joined up and just want shiny stuff now.
That was then. Now? Current craze is for departments to go out and buy services that require an iphone as primary interface so IT are forced to buy them new toys. No, they're not mobile workers, just magpies.
Rather than getting fired the corrupt scum are getting patted on the back for being progressive.
"ActiveX is IE only and a problem got raised"
Round these here parts, activex got razed right from the git-go, and at the same time we banned IE (1996-ish?). Hasn't seemed to affect our day-to-day business any.
...the ones that feel entitled to every new bit of kit whether they needed it or not and sod the poor buggers that actually do need it.
I so despise them. I used to love doing 'gadget sweeps', mopping up such people and re distributing their unused gear to the needy. Their tears sustained me.