"It's too old, crippled by overbearing control, and generally not nice to use." In today's world of highly capable and highly desirable consumer tech, these are complaints we are hearing more and more from end users about company-issued kit. So should IT lighten up and allow users more freedom when it comes to the technology …
Rank hath its privileges, and some of our users are really, really rank.
So in terms of the question, it depends on which users you are talking about. Some have too much control, some have too little, and some have the right amount.
But in the end there's actually not much the IT staff per se can do about it because all of those decisions are actually made elsewhere in the organization. IT just gets to be the whipping boy because they deal directly with the users.
yes indeed, in my case the decisions were made by the woman who used to run IT before her whole department was outsourced. Hence we have pretty red gaming laptops with no docking station ability, which are locked down so much as to make them next to useless - anything she couldnt think of a use for - locked off.
Its akin to driving a car with all button removed except stop/go/left/right and the engine bay filled with concrete
Agreed. I recently discovered that you can pretty much do ANYTHING if you have authorisation from someone senior enough. Not "senior in I.T." just "senior". I now have full access to YouTube so I can watch as many cat movies as I like without having to waste 15 seconds evading websense any more...
These senior management / director types are like corrupt government officials in foreign countries, accepting bribes for iPhone signoffs.
They have no place dictating I.T. policy, be it security, hardware or software
but make sure they sign the nice bit of legalese that says IT is not responsible for supporting their own devices, nor responsible for keeping PI and PII off their devices and or any data/security breach that occurs from every tom dick and harriette from using their own equipment, in short our responsibility ends at the server room door and walls what happens to the data after it leaves the last switch or wireless access point is not our concern we coddled and loved that data, kept it clean and secure, it is then time for it to fly out into the big bad world and sink or swim on the multitude of platforms and policies that the new owners will see fit to impart on it!
fly my babies fly! you are free!
I wish but giving that control to people in general is a minefield. That's not to say the Core 2 Duo 3GHz with 3GB of RAM I have to deal with isn't a daily frustration. I retired my home computer with a same-generation 3.2GHz quad core with 8GB of RAM a year ago because it didn't have enough RAM!
Having a 64 bit image and being able to double the RAM would probably solve most of the complaints we have.
If you work in I.T. support and are talking about the machines you use, I would agree with you, but if you are talking end users at non-I.T. organisations, I would have to disagree.
First, there are too many industry applications in use that are still not fully 64 bit compatible - and when you have a massive application where everything works except email (cos that's the 32bit part they haven't bothered updating..) then it's a bit of a hindrance.
Second, when all you are doing is using your device to access a far more powerful server remotely, more than 3GB of RAM is mostly entirely irrelevant.
Third, Faster internet links are far more important.
Anonymous, cos work know I bitch about my PC and laptop most weeks.
If the legacy Windows application is 32bit and runs under 32bit Windows 7 then it will also run under 64bit Windows 7 unless:
A) The developer is particularly stupid and packages 64bit DLLs.
(And yes, that happens. Often.)
B) It talks directly to external hardware.
16bit Windows and DOS applications on the other hand - nope, ain't going to happen.
And yes, there are a lot of those in many businesses and most users aren't going to understand spinning up a VM.
Most of the above programs won't run at all under Windows 8.1 of course, usually because they were breaking the "rules" in Windows XP. For some unknown reason, MS chose not to put Win7's carefully built compatibility layers into Win 8. Odd.
"And guess who makes the moeny..."
The finance department? Er no.
It's the whole team.
Having said that, in my organisation, the corporate IT department must be on a different team. They operate as a monopoly supplier, take weeks to fix simple problems, and aren't interested in their customer requirements - customers being the IT users in the company. They really don't see themselves as a service provider, do not have meaningful metrics that take account of customer dissatisfaction and have no published improvement targets. Their attitude is basically "you get what you're given, be grateful for it". They don't see themselves as a service provider.
Oh, and they charge twice as much as when we had a local IT team on site. And this in an organisation where every other department is measuring and trying to improve internal & external customer satisfaction.
If our IT department was a standalone business, our site would have fired them long ago.
"Having said that, in my organisation, the corporate IT department must be on a different team. They operate as a monopoly supplier,"
Ultimately the blame for this goes to the top bosses of the company. It is they who have let the IT dept become this way.
It is also going to be the number one reason they will eventually outsource the operation to the likes of IBM, et al.
I think ultimately they don't want to because its more work and harder to control and they haven't been given the resources to deal with this. Ultimately though, there is very little you can do about it short of white listing mac addresses on wifi and ethernet, otherwise people will connect what they want and use that anyway.
No they won't.
All the places I've worked require specialized software to connect to the company network. Software that not just anybody can get, along with RSA type systems. Software and RSA that MUST connect through a VPN specifically to one of dozens of specific networks. A system that knows if it is on an authorized PC or not.
On other words, something that is impossible for the average user.
This is old stuff - user should not be in command - there should be communication about needs and there should be a level of compromise to keep things workable. It depends from situation to situation what's workable and what's not allowed.
Let users be in command and the IT-department becomes the same as Hell only hotter.
Neither IT nor the users should be in command. It should always be a partnership in which the needs of the business are worked out based on the available technology from the IT department given the level of funding the business is willing to provide.
Unfortunately, we all live in a Walgreen's world.
Hmmm. If we could dump Offline Files and Microsoft DFS not only would end users throw a party - I would join them! Those two cause the most complaints.
As for being too strict... not really. The worst is not being able to use social media websites. But that's what their mobile phones are for.
A balance needs to be struck between enabling the user community and protecting IT from unnecessary work caused by a lack of IT education in said community. All too often we hear cries for greater freedom - in all areas of life, not just IT - without any acknowledgement of the necessity that every increase in freedom must be accompanied by a corresponding increase in responsibility. Without this, such requests should be treated in the same way as a teenager whining "it's not fair".
We find ourselves having this discussion over and over again:
You remember that horrible thing we told you would happen if you forced us to do that thing we told you we should not do? Well, it happened. No, we can't just reboot the whole network. It doesn't work that way. I'll have to get back to you. All my other phones are ringing now.
My primary problem with IT is that companies rarely seem to want IT to be truly accountable for the ti9me it takes to do (desktop) support.
It takes ages to fill out the forms to state a support problem. Then they remote desktop to my machine, ask me to show them the problem, then sit and fiddle with it, trying stuff out for an hour. Meanwhile, I'm doing no productive work.
SO I ask them to provide me the code to book my time to for this 'IT fix' hour. They don't provide it to me. So our company doesn't 'see' how much user time it is taking for us users to help IT fix the desktop problems.
Make users book time to an IT code for all time spent helping IT fix issues. That would make IT costs rocket, so companies would start investing better in IT to reduce the problems it's so costly to support.
I just email an internal email address with the ID number of the PC and a simple description of issue. Auto-response with job number. If it is something odd on the desktop, IT support phone me up and ask me to click on that orange thing that gives them access to my desktop, then they check configs &c. Otherwise stuff just gets done.
All win7 PCs with 'virtualised applications'. Reliable, I can walk into classroom, boot PC, press the projector switch, load my interactive whiteboard screens within the first minute or so of lesson (usually have a bit of a starter to keep students going while I set it up). We have RDP access over unencrypted 'visitor' wifi as well so I can BYOD sort of. Through use of RDP, no data about people on my own laptop, just worksheets.
The business do see the cost of that - its in the IT Department productivity/management reports.
What the business doesn't have the appetite for is the incremental training that staff need on the underlying technology they use because they 'have the same thing at home and are familiar with it' or to staff IT departments to the level actually required (in both numbers and calibre) to deliver the expected level of service.
IT provision boils down to numbers and distribution of those numbers, when your organisation reaches a critical mass you need to have between 15 and 22 operational IT staff per 1000 end users, you need to be spending between £1000 and £2500 p.a. per end user device - significantly less than that requires hugely effective IT staff (i.e. not the cheap ones) and enormous flexibility and dedication from those staff.
Those numbers can be flexed temporarily, but rolling IT systems out to replace departments so that rostering or timesheets or holiday bookings or procurement or other non IT activities become electronic to provide savings in non IT areas, but not adding any IT support resources (maybe a bit of compute or storage capital spending gets recognised in the project) is way too common. When the business takes decisions that make non IT skilled staff information workers (think Porters in hospitals, bin men, gardeners, plumbers etc.) and doesn't provide the resources to support them adequately they thin out the provision to the rest of the organisation and piss everyone off.
What happens when those fresh to IT staff are then given access to a home drive, an IP based CCTV system, a glorified 'management system' (thats really just another helpdesk to support) and the ability to stick their fingers into systems that can generate IT issues that consume hidden back office resources such as email, disk or back up and their entire support requirement has been narrowly defined as telephone support on how to fill in a form or click a button? Will the business train staff in how big the high def video files they can now generate can get? Will the security guard who's IT experience is email, google and youporn be assumed to know that he cant email a 4gb file?
Bit of a rant - but then I'm working in the public sector supporting 8000 users over 100 sites, with ratios of less than 5 staff per 1000 users / funding of less than £400 per end user device and the risible continual threat of being outsourced and I seem to have risen to your trolling bait.
"when your organisation reaches a critical mass you need to have between 15 and 22 operational IT staff per 1000 end users..."
Bloody hell, in one of my last jobs before I retired we had 8 in desktop support plus 4 in sys admin and 3 in networks to support 4500 users.
That must have made us amazingly efficient!
I suppose we were given that the place never actually blew up. It was an oil refinery.
An oil refinary?
Where there are acres of desks and the users are sat on facebook all day?
I think in your response you have been somewhat disengenuous with your assessment of the numbers of information workers and/or the quality of the ICT response that they have been getting.
In any case 'operational IT staff' incorporates those back office off site staff that architect, implement and manage the systems - if those functions don't exist then the organisations is getting that work done properly via their suppliers and are spending nearer the £2k per end user device.
>> That must have made us amazingly efficient!
No, I suspect it made you either amazingly reliant on the common sense of the staff -or- systems were locked down appropriately to enable staff to work without giving them the freedom to wreck anything -or- you had a 90 day SLA and the users still hate you -or- some combination of the above.
The numbers stack up, if they don't look the same for you then either you've missed something out in your calcs or the risks to the business of under investment in IT are a timebomb waiting to happen.
That's not bad! One school I worked for had 1800 potential hackers (ie students), plus 200 staff. 750 pc's laptops mobile devices associated printers/scanners/stuff, and how many IT staff? ME!
I had no option but to nail the network shut so that if it housed an army of T. Rexes, they couldn't get out!
The idiocy I encounter on a daily basis from our staff is staggering.
Phd level educations and they force USB connectors into Firewire ports, download all sorts of malicious crap and look at you doe eyed and helpless.
"I deleted the Windows directory, because Windows was already installed and now the PC won't boot. What do I do?." is the email leader.
Sometimes that data affects other people in the company, that have nothing to do with what that one person has screwed up. I'd pull the data off and let them squirm for part of the day.
Company I used to work for never backed up the engineering server data. I was lucky enough to keep a backup copy of my work due to personal paranoia over my files when the system became corrupted. They still don't keep backups because they've allowed everyone to throw any garbage onto the server and won't 'waste' the time backing up that garbage. No rules as to what content and where it's to be stored.
One of the reasons, that you don't allow the end user control, is to prevent what I did when I was screwed out of some promised pay... I installed encryption software and placed all of my studies in encrypted containers before I left. It was a fair trade for the $90k I was owed.
For example, compliance means that IT should do as they say..............
I've lost count of the times I've had to deal with that blank expression when you mention compliance or security. Its then quite amazing how often a request just fades away when you ask them to put everything in writing and to accept accountability for their request.
Confiding to them that you need the audit trail so that the IT department can remain in the clear when the problems start and the auditors come checking also helps a lot too.
Doesn't stop everything but whatever is left can be looked at seriously as either its something thats needed or the requester is really stubborn, or both..
I used to consult for a company which had a small IT budget because costs for most "traditional IT" items such as computers, software, internet, WAN, etc were paid for by the individual departments. It was amazing how different things were after that policy was put into place. Items which did not have an obvious relation to a specific location, such as e-mail, were still handled by IT. It wasn't perfect, but most of the ire of the users were directed at their manager, not IT.
Unfortunately I find it doesn't work the other way. Every company I have worked for has had sys admin people who don't seem to understand the meaning of "compliance" and "audit trail" when talking about finance systems. I have lost count of the number of times I have had to ask "Why on earth did you delete that invoice/journal/data/transaction?"... "I know the sales director/MD/Whoever asked for ti to be done, but that now leaves a hole in the records".
What we need is balance and people who understand the needs of other people rather than just there own needs.
The users use the systems provided in the office. If the systems aren't good enough to provide all the functionality needed to perform their tasks easily, then you improve the systems.
Letting data out of the door on poorly secured laptops, etc is idiotic, you may as well just post it on the web.
And no matter how much users love their tablets, if they need them for work then the company must provide them, with an acceptable use policy, standard configuration, etc. Bring your own device may be a buzzword at the moment, but from a security, support, insurance and maybe even legalt point of view it's an expensive nightmare just waiting to happen if implemented as a policy in the office.
Ok, it might be not so big a deal if you work in a 5 man startup, but in corporate land? No way.
Far too many IT departments and IT professionals lose control of their systems to non-IT staff because communication and salesmanship are skills/virtues looked at with disdain in IT.
You can have any policies and enforcement mechanisms you want, and force senior management into compliance if you can articulate and present the justifications for them in an audience friendly manner. If you can't get your point across in a way that resonates with your audience something is very wrong. Likely the policy/rule you're trying to enforce isn't a valid business need. You aren't going to conver anyone by saying something is hard or will save you time. Nobody cares for your time, just like you don't care about their time.
If the first attempt at getting your way doesn't work, you don't quit trying. That's lunacy! You make your case in a different way and do that again and again and again until you get what you want. Huffing off to a backroom and pouting sure isn't going to help. You've got to figure out how to manage your manager.
Managing your manager is a skill you've got to have if you ever want to have control over how your work is done. If you can't manage your manager then you've got no business ever being in management yourself. The abity to sell your opinion and convince others your way is best is the foundation of good leadership. Absolutely no one is unapproachable or immune to having their opinions swayed. It's on you, IT people, to figure out how best to do that.
Good communication is how you get your way and make your wish list a reality. It also saves you a shitload of hassle if you're capable of moving that pesky bitch from marketing to the back of the service queue. You can do anything you want if you communicate it well. It's really important that you realize your users do greatly respect what you do, and they're coming to you for help solving a problem they can't deal with. Make them feel important and make them understand you've got the situation under control (even if you don't). Act like you deserve people's respect by respecting them and they're yours to do with what you will.
It boils down to this, would you rather be doing the parts of the job you got into IT for or taking malware off people's systems? It's your choice and no one else's.
Biting the hand that feeds IT © 1998–2019