IT versus users: a war that everyone loses
The dirty secret of corporate IT is that its primary mission is to serve yesterday's technology needs, even if that means strangling tomorrow's technology solutions. The myth of corporate IT is that it alone possesses the wisdom to decide which technologies will allow the workers on the front line to work better, faster and smarter — albeit with the occasional lackluster requirements-gathering process, if you're lucky.The High Priests of IT — And the HereticsThe fact is that the most dreadful violators of corporate policy — the ones getting that critical file to a supplier using Gmail because the corporate mail won't allow the attachment, the ones using IM to contact a vacationing colleague to find out how to handle a sticky situation, the incorrigible Twitterer who wants to sign up all his colleagues as followers through the work day — are also the most enthusiastic users of technology, the ones most apt to come up with the next out-of-left-field efficiency for the firm.
There has to be a way to bring those people inside the church, rather than going to war against them. I suspect the answer is in modern virtualization tools, which allow users to have a "clean" OS and environment that they use for in-compliance processing and work, and a "wild" sandbox where anything goes, each on separate network segments. Earning this setup would require demonstrating skill and desire to imagine new ways of getting the job done, and its use would be subject to regular, brief reports on lessons learned, techniques tried, failures and successes.
the latest
latest episodes
Having locked down PCs is not some Draconian plan by the IT to prevent you from doing work. I'd much rather trust the users to manage their own machines.
But the reality is, the vast majority *can't*. They click on every email link, download all kinds of malware, spyware or trojans, and then connect their computers to the intranet and infect everyone else.
If someone wants a specific tool, they can ask to have it installed. That way, when their PC blows up, I have an idea why.
It's about keeping *my* workload to a reasonable level, and avoiding 4am calls.
The role of corporate IT is simply to maintain the status quo. This is a shame. I think more time and money is spent on preventing people from using the technology on their desk then is spent on training and teaching people the importance of business and IT alignment.
I am a big proponent of ITIL. Not because it is a 'cool' acronym but because it forces the business to make some effort to continuously improve IT services and to realize the value of these services.
I would say that, on average, a medium sized company is 5 years behind current tech. Business cares about money. If you can show them that Twitter, IM, unrestricted internet will improve revenue by 12% they will be beating down the door to put these in play.
@FANTASYGOAT - Wouldn't you chalk this up to poor training? People click on everything because they don't know any better. Corps figure you know how to use a PC and that is dangerous thinking. If everyone got a week computer training these things would happen far more rarely.
"Having locked down PCs is not some Draconian plan by the IT to prevent you from doing work."
I neither said, nor implied, anything of the kind.
Since we were able to lock users down with a limited user account, our support calls have plumeted. If they need a solution, come to us and we'll work together to figure out what works in our environment. Not 'Oh cool! Look at this free POS software!' crash...
Being on the IT side of things...
those external communications bring complications. You cannot remain compliant with regulations which require all corporate communications be backed up for an extended period of time. IM, email and other communications all apply to this.
Using Gmail, or and external IM (instead of an internal Jabber server) violates these regulations and puts the company in jeopardy. The employee is probably unaware of these implications as is the author.
It requires money and time and resources to set these up. Trust me, I have fought for an internal Jabber server at my current company because I am one of those people that use IM (but not for company business) and have offered to set it up myself. But the are wary and have other concerns (like replacing the IVR system with Asterisk which I ever so recently volunteered for).
So, while you only see one side of things, trust there is a reason and not just invisible stonewalling. For those PEBKAC's on the other side of the wall who think they are the first to have used Twitter and IM and Gmail, there are others on the other side of the wall who pitched them to their bosses years ago and still do.
For most companies IT has 3 jobs:
1) Security
2) Stability
3) Cost control
Allowing users to do stuff themselves pokes holes in all 3 of those. It also indicates that a company that sees IT as a competitive advantage or critical resource. Which is why anyone who likes to play with the new, shiny technology doesn't want to work anywhere that doesn't give them local machine admin.
Training people to not be idiots is expensive and/or impossible. A reasonable middle ground for locked down IT companies is to deliver ip dialtone outside the corporate firewall and nothing more to personal productivity PCs that ARE NOT maintained by IT.
This is one reason why I love the (incredibly geek-friendly) systems engineering firm I work for: all employees automatically get admin rights to their company-issued computers (except in unusual situations). We are required (generally) to keep up to date with patches and such, especially security software, and to keep regular backups-- but other than that, we can do what works for us (including installing a different OS if desired).
The assumption is that we are trustworthy enough to use the equipment responsibly, and that if we mess something up, we are mature enough to own up to our mistakes (which, after all, don't usually require any more of a fix than re-imaging the machine!) In return, we have the freedom to get the job done more efficiently and creatively. There is a real feeling that the IT policy is to give us the benefit of the doubt, and not throw up roadblocks.
And, BTW, this is a company with 5000+ employees, working on government contracts. It's not impossible, people!
I too have been on both sides of this fence, at some points simultaneously. I can understand the IT need, and at times it isn't so much out of lack of trust but sheer volume. At some places I have worked the inevitable HD failure would throw everyone into a tailspin. Having a standard image that can simply be restored is the cheap and easy way to get things done.
Having said that, cheap and easy, usually aren't friends to productivity. The real issue here is along the lines of what WADEVONDOOM says. Before I left IT I realized, and tried to convince my superiors that IT spends too much time in gloom and doom. It is a normal pattern that is very easy to slip into. Budgets are tight so we say if you don't give us money for this the whole IT system can collapse. After years of hearing this upper management outside of IT is scared as hell of anything IT does and all they see is the expense and potential doom.
The better way to go is to tout your success. The most successful groups are those that can market their success and spin their failure. IT needs to learn from that. Otherwise the only time anyone ever thinks about IT is when something is broken or when those darn IT guys won't let me do anything.
IT groups that market bring their positives to the table and make the inevitable down days easier to swallow.
Wadevondoom - I'd say that for most, or at least many, businesses it's just easier to strictly limit their machines than it is to educate people. While a lot of people strongly declaim the great value of employee training, I think that they forget that most people who do know about these things learned them primarily through a great deal of exploring with trial and error. When starting a new job you've already been deluged with a whole pile of other crap to learn about your job -- a lot of totally alien computing lessons are a bit much to absorb.
While you should clearly try to give employees a basic background it's also wise from a security perspective to assume that they will not retain most of it.
Would you hire someone who was not literate or capable of arithmetic? Would your company create a Literacy Department, vis-a-vis division of labor, to do all of the reading and writing for employees?
Those people should be fired; or ideally, never hired to begin with.Sorry everyone, but you've had 20 years to learn computer literacy. Shape up or ship out!
Does the whole Internet have a centralized IT department to manage the enormous heterogeneous network? NO! They adhere to the end-to-end principle of dumb networks.
Why should a company-scale network be any more difficult than world-scale network?
Teach users how to use computers better?
Ok, here's $15, now go teach everyone on the 5th floor everything about computers yourself. Oh, and get it done by this afternoon cus' we have alot of work to do and we can't waste time on this web surfing junk.
@Wadevondoom: Depending on the size and scope of the organization, it may be more expensive to train everybody with a computer in the organization in computer literacy than to have an IT department manage the systems.
Training needs to have a direct and practical affect to be worth the sizable investment - it's not a one-off thing you can get done in a couple-hour seminar. It's a frequently recurring, sizable expense, and I'd wager it'd be cheaper to put IT through frequent management and communication training than everyone else through IT training.
I also think Cory's wrong in saying that "it's against everyone's interest to give them to power to lock employees out of figuring out better ways of using their PCs and the Internet to get the job done." If anyone should have that power, it's IT - the users are less qualified to recognize when they're in dangerous waters in installing software, exposing ports, uploading scripts to the company Web site, etc., and management is probably even less so. (Cory's examples of "the most dreadful violators of corporate policy", by the way, assume the most draconian corporate policies - none of which would apply anywhere I've worked, or where anyone I've known worked. Has anyone really been hunted down by IT for securely using Gmail or IM for legitimate work purposes?)
I do agree that trusted, tech-savvy employees outside of IT should be deputized, not chastised, by IT for wanting to use their computers to work more efficiently, doing the research and presenting the tools. No, corporate IT alone doesn't possess the skills, but they exist so you don't have to waste work time solving problems on your own. If you choose to, you shouldn't be punished, but it should be done in cooperation with IT, not in rebellion against it.
The correllation between minimizing IT workload and maximizing company performance is often pretty weak.
Besides, what's "totally alien" about 90% of businesses using Microsoft Windows, Office, and Outlook? ...the same exact applications that 90% of people use on their computers at home!
That lack of knowledge is at least as large a hit in a medium or larger sized operation than security issues caused by non-compliant software. I certainly agree that to be compliant (licenses, security, financial) you need to lock things down, but how much time does a service desk spend teaching people basic computer skills anyways? Also, because I find most IT people just due to the sheer volume of stuff on their plate are giving their users a fish and not teaching to fish. That person will be back again tomorrow, and the next day and the day after that. Not their fault in the least but it is poor planning and something that most companies fail at. Yes, it's expensive but so is PEBKAC. Also it is not a here-is-all-the-PC-crap-you-need-to-know-in-one-day thing. Training should be an on-going program. I guarantee that in most of our jobs the computer and software are the most complex things you work with.
@WADEVONDOOM, @FANTASYGOAT
I think we can safely say that there are 2 classes of users; 1) those who really just can't be trusted not to open random email attachments, and need locked-down computers, and 2) there are also people who know what they're doing and can improve their productivity with an unlocked computer.
So, you want to give those in group 1 slick, point-and-click, idiot-proof interfaces, while those in 2 get far more access and more trust. For people to move into 2, they can pass a test; they show that they understand why the security safeguards are in place, and how they can go about their work without compromising them. If you can't pass that test, you get a locked-down terminal. If you call have to call tech support after doing something stupid, you get moved from group 2 to group 1.
Who's hiring people who can't even perform a fundamental cornerstone of their job?!
"Those people should be fired; or ideally, never hired to begin with. Sorry everyone, but you've had 20 years to learn computer literacy. Shape up or ship out!"
The arrogance is both astounding and completely unsurprising at the same time.
I can't wait until this generation gets old and is forced to deal with its own irrelevance.
http://it.slashdot.org/it/07/12/12/1520226.shtml
http://it.slashdot.org/comments.pl?sid=386935&cid=21673209
http://it.slashdot.org/comments.pl?sid=386935&cid=21674565
I'm the sole IT admin for my company of 200 or so users. I tell them on their first day that my job is to make their job easier, not harder. I explain to them the simple restrictions we have on things (streaming media, porn, etc) and tell them that they have rights to install their own software should they choose to, but the consequences of which are their own making. We have a fairly robust monitoring and prevention system, so the abundance of spyware and viruses has been nil. As a result people can install their own crap and then, when their computers get slow I can explain to them why. It's a learning lesson that everyone in the company now understands and they all realize that installing 4 different IM apps slows down their computers. Luckily we don't operate in an environment that requires archiving compliance, so we setup our own internal systems for IM and encourage our users to use our company blog and engage others with Twitter et al. They know their use is monitored and so they keep it to business tasks only, which creates a very harmonious environment for all. I've got one or two end users who perpetually screw up their computer, and I treat this not as an instance of them being a pain in the ass but as a chance to teach them about why things happen when they do it.
As to #10 who expects the whole workforce to be computer literate, my company has a whole host of people who are in their 50s and 60s who spent their entire life doing outside sales, and have had little to no reason to engage a computer until lately. Teaching these people, not punishing them is the answer.
It's arrogant to assume that if their job includes using a computer, then using a computer is part of those skills required to do the job they were hired for?
Is it arrogant to assume that people should also be able to dress themselves and know how to use the toilet as part of their jobs too?
Zuzu @21:
It's not arrogance, but it's probably wishful thinking. My experience is that everywhere I go, be it business, government, services, whatever, a majority of the people that I encounter are entirely unable to do the one thing that they're paid to do.
I don't know if it's always been this way, but it's been like this for a long time. Nobody seems to be immune to it; the number of "subject matter experts" whose only qualification was a slightly better understanding than people who knew nothing about the subject is astounding.
Unfortunately, IT policy is all about keeping the 90% of users who are actively destroying the company from doing so, not about helping the 10% that do all the actual work.
wow, i'd love to work for an institution where the users would even know what to do with a "wild" sandbox.
i'm sorry, but most corporate IT exists outside of silicon valley and aren't made up of slick design departments where the users are on the bleeding edge and not getting the most out of their new MAC airs. for the most part they're just trying to get a job done that could probably be accomplished on windows 3.11(probably not 3.1, though).
@zuzu and everyone:
Sometimes, people's job involves using a computer, but not always. For example, a surgeon may have to use computers to do administrative tasks, but their real 'job' is operating on people. So, you should only hire surgeons who can manage their own computer _and_ know how to operate on a patient?
That's starting to get into the territory of unspecializing, requiring people to know how to do every possible step of what human life requires. It's a bit of a slippery slope.
There are users who are very talented in one area and clueless in another. So we should say that's bad?
Users who don't know any better shouldn't be able to cause damage if they click on a random web link, but they shouldn't be blanket prevented from accomplishing their job if they NEED to click on that link due to a special, unforseen circumstance and IT policies say, "NO" (or to a lesser extent, "You need our permission first.")
I think that's what Cory and the original article is saying.
We do need to start expecting computer literacy, but look at driver's education. In the United States, people who don't live in cities generally need driver's licenses, so they have to pass a driving test that demonstrates that they know how to drive a car safely. That doesn't mean that a) they will remember it, b) that they didn't somehow cheat or get an instructor who passed them anyway (I don't think there's any repercussions for instructors if they pass someone who then gets in an accident), c) that they aren't a poor driver despite fulfilling the requirements (i.e they decide they want to drive their car at 180MPH down the interstate because it's fun).
So, using that mindset, if someone clicks on a link and gets a trojan on their computer because they don't know any better, I presume we should punish them. Do we do that now? If you get a virus, do you get punished? I don't think I'd get punished if my computer got a virus at work. Should I be punished?
Zuzu, yeah, When I was a gov IT contractor, we used to get calls from secretaries that never used a word processor before. Seriously, we would get calls about why some of the letters are larger than the others (aka FONT SIZES).
But not every office is straight Windows/MS Office stuff. Alot of gov offices use bizzare custom apps (some that use DOS) that barely work, like mainframe shit that uses 3270 terminal emulators. Users can memorize which button does what, but are helpless if something goes wrong. And no one wants to overhaul this into something nice and easy to use.
Oh, and the average user wont use SAP or Lotus Notes at home.
My company has a large team of electrical & software engineers. The Engineering department is over 400 people. We design applications on PCs that become user products. We design hardware to stick into those PCs that become user products. We design things that look almost, but not quite, like a network capable DVR that automatically finds and sometimes creates it's own network.
In the '90s, during the Dot Com boom, when we started down this route our IT department fought us every step of the way. We couldn't be trusted to not crash the Corporate network (Our solution, build our own separate network). We were building "Frankenstein" computers that couldn't be maintained by IT. (Engineering called these 'prototypes' and maintained them very well.)
It came to a showdown when the head of IT did a tour of Engineering and realized that most of us had our computers partially disassembled, wires hanging out, ribbon cables to breadboard prototype cards.
He was going to "Fix" Engineering. He and I had a little talk.
His "Fix" - give all of Engineering a cookie-cutter Dell loaded with pre-approved software. No more downloading dodgy video drivers, no more freeware, no more of that "Linux crap". And definitely no more removing the lid from our PC.
I told him that the Engineers would do what they damned well pleased to get the job done. We were not average users from HR or Marketing.
He replied that any Engineer who broke policy would be fired.
Fire a highly qualified engineer. In the '90s. From a job that paid 30% less than the going wage of the Dot Com boom. Many engineers were just looking for an excuse to move to the Bay Area and would have jumped at the chance to be fired.
Now I have an Ubuntu Linux Dell laptop on my desk, sitting next to a Dell Duel Core tower running XP, with a weird DVR-like thing filled with network blades spilled open across my workbench. (I'm designing it's power supply)
Some engineers run Windows, some run Mac, or Mandrake, or Ubuntu, or other Linux flavor. Many of us have the covers off of our PCs. A few engineers have lost their PC lid entirely.
Engineering has 3 different networks that belong only to us, plus access to corporate net.
And the head of IT became the head of a sub-department of IT, and our company created the position of VP of IT to replace him. Now he works with HR and Marketing, and Engineers won't return his calls.
To add a slightly different angle to the perception: I got to explain to someone just the other day, that the Nifty Free Tool that they found online is actually the moneycost variety to corporate customers, which as employees for a fairly sizable company, we are.
In other words, there ARE legal, licensing issues to be aware of as well.
That said, I'm very glad that the company chose to take the stance that people who use computers regularly and with full power are better set to sell or help customers with their computers. Tech-savvy employees are considered a company-strength.
I'm an IT contractor. When users screw up computers, it usually just means more work for me. (It's disheartening and depressing work, but it's work... eh?)
This isn't a technical problem. It never has been.
My take on "locked down IT policies" goes something like this: That computer on your desk belongs to the company, not you. Use your home computer to install random, read your personal email, and browse web sites of dubious repute. Don't use the company computer for that.
(There's no good analogy with other types of office equipment since most other types of office equipment aren't universal Turing machines.)
In the last few years, I've taken great pains to stop referring to the computers used by various users as "their computer", and I've made a point of saying "the computer you use". It's a meaningless show, but it's one little thing I can do to try and drive home the point that the computer isn't "theirs", and doesn't belong to them.
Oh, well. Serendipitously, it's actually time for me to go wipe and reload a Windows XP machine for a user who just _had_ to have Administrator rights and has now pooched up their PC w/ malicious software! Yay... *sigh*
@Zuzu, you're living in the wrong universe.
Perhaps one thinks that IT is something that everyone should know, and be at least 'minimally proficient' at, except that no one can seem to agree what 'minimally proficient' is, and everyone can talk about firing those useless bastards who don't know how to use network resources properly, except that those same useless bastards... actually know the ins and outs of plant operations. Or pipe engineering design. Or tax accounting. Or general insurance. Or organizational psychology.
You see, when you were out playing with your GMail and Twitter and learning about the wonderful world of Web 2.0, there were people who were... I don't know, learning their jobs. They know enough IT to get by. They don't know IT's ins and outs because they don't bloody bother, they have their careers, their families, lives outside of work. That's why they hired us to focus on IT.
I don't come to you and lecture you on how to set up off-shore accounts to optimize your tax returns based on the 2009 update of that country's tax laws, and I don't come to you to lecture you on what are the steps taken to distill sour crude to petrochemical feed stock. And yet I keep hearing people coming up to me and telling me what technology to use and what they want us to install yesterday, or else they cannot do work.
Don't start by telling me how to do my job. Start by telling me what you want.
Of course, Cory's plan is nice, assuming that the whole world can stand still while we have to FLAG DAY entire portions of the system to move to the clean, compliant environment, and set up a big roving sandbox and educate the users on how to use it to the best, synergizing their insights to higherlevels of productivity. Sure. If we could freeze time and violate the laws of physics and economics.
The truth of the matter is, you're right in a way: IT is trying to serve the needs of 5 years ago. It's not because we think we know best. It's because we have very little choice.
Take out the old system to replace it with the new -- the users scream that the new system has "a learning curve" and is "user-unfriendly". Leave the system in, and the users complain that the system is "too obsolete" and "not innovative enough". It is hard to spot the winning formula there.
There are literally thousands of steps between a creaky, clunky old legacy system with more holes in it than a colander and the ideal IT environment. Sometimes one does not have the good fortune to be working for Google.
As someone who leads an IT department, I encourage heresy. I'm always on the lookout for new ideas and better ways of using technology. That's not to say that we don't have some controls in place, we just attempt to minimize them as much as possible to allow people the freedom to get their job done.
I would think a lot of the concerns that businesses have about this are legal not technological. Letting users do what they want resulted in disaster. Porn, kiddie porn, mp3's, warez, sexual harassment, theft of company secrets, you name it.
Zuzu's idea that a company could just open up it's network directly to the internet is beyond absurd, legally and technically. I remember the 90's.
I'll go back to my literacy analogy. No, I would not hire a surgeon, no matter how talented, who cannot read and write.
But computer literacy is embedded in just as much that any modern culture does as is reading, writing, and arithmetic.Overspecialization leads to death.
My solution would be to give you a $5000 bonus but tell you that you need to buy your own laptop to do your job. I'll even provide you some guidelines such as getting a MacBook Pro or a Lenovo Thinkpad.But beyond that, you're on your own. You were hired because you know how to do the job -- and that includes using a computer. If you can't do it, then why should you be paid? The whole point is that the company needs those solutions more than the money, and you need the money more than whatever else you would do with those skills, so a mutually beneficial trade is agreed upon. Solutions exchanged for money.
(You then go on to trade that money for solutions to your own problems, such as food to not go hungry, shelter to keep your body and possessions safe, and continuing education and capital investments in your future employment prospects.)
You need a license to get married.
You need a license to drive a car.
A computer can do just as much damage as a car in fact more at times in the wrong hands. Why don't we have a DMV for computer users and everyone who needs to operate computer on someone elses network has to get a license. If you get 'pulled over' for failing to abide by the rules, you get a reported. Enough failures and you get your license pulled.
People will start taking their security a bit more serious if their jobs and network access relied on it.
Computers are part of their jobs! They're not orthogonal ancillary to their jobs. If you're using a computer every day, it's a job requirement.
Except for perhaps software and hardware development, computers are not a specialization in themselves. Not any more than driving a car is a specialization.
(Yes, some people are taxi drivers, and I'm not saying there may not be IT-like niches just like taxi drivers. But on the whole, most people learn how to drive, and getting to work is also a part of your job. And you pay for your own car and gas to do it; you don't expect a company car, so why should you expect a company laptop and mobile phone?)
I second zuzu @ #19 and kengor @ #26.
I am not deskside support any longer (for the most part: I write code and mangle data) - yet I am still the person many people will, or want to, call when something needs configuring or fixing. I have co-workers who have been provided with a very comprehensive manual for the central database application we use for our work, and with comprehensive training for that database application, who still come and ask how they should translate a particular eventuality into the database - like making a new contact record. These co-workers avoid using the database in every way they can. 80% of the code I write goes into making the database easier for them to use, to lure them into making some use of it, and extrapolating whatever relations and semantics from what they input. There's two dozen or more pages of fields (tabs) on every single file record in the database, and everyone sees at least ten of those tabs and we can't turn any of those off or change their layout.
This database application is -- IMHO -- awful; I would tear it out and migrate all our data to something much more capable (like a custom-written web frontend). But that's not my decision to make. We have this legacy application and will continue to have it - and many employees in many companies face the same situation: Highly complex programs that present them with a surfeit of choices of things to do or not do, many of which have nothing to do with their immediate task, many of which are not immediately obvious as being relevant to their immediate task. There are a lot of legacy applications - and not-so-legacy applications - that were written without any thought as to the usability of the user interface.
@27 - Your head of IT at the time should have advocated for -or created- a separate 'development' network for your engineers to use in developing your products and then provided a standard 'corporate' machine attached to the secured 'corporate' network for all other business related purposes. That would have shown initiative and forward thinking while not alienating the staff.
It is definitely a delicate balancing act to provide the best resources you can to users while still being cost effective and adhering to all the regulations and licensing requirements. I've been working in IT for about 20 years now and I still like my job - but there are days when I really wish management would be more openminded about newer technologies. I've made case after case for things like using Nagios for monitoring, using Jabber as an internal chat server, or using Twitter as a tool to communicate to teams. I realize its hard to steer the IT policies of a large company - but as much as you'd like to require end-users to have computer skills for their jobs, the same requirement should be given to CEO's and management teams to stay informed and openminded about IT advancements whose adoption would be a net benefit.
thats my everyday biz, explain users why we dont you the fancy new technology they have read about on the science mag.
*shrug*
Frankly, if a particular surgeon can save my life, I don't care if he (or she) can read or write or use a computer or communicates via a series of grunts and eructations. He's a surgeon. That's his JOB.
There's no point in fantasizing about a world in which all users are computer literate. It's never going to happen. And it's a waste of good fantasy time.
It is really easy to pick the comments from people who've worked support and those who haven't.
In defence of most users, we only see people with problems, not people quietly doing their jobs without fuss. So our view of users tends to be coloured by spending all day (and if on call) and all night fending off people so stupid they make Pamela Anderson look like a Rhodes scholar. We never see you when you are happy, and 95% of you never say thank you for anything we do for you. Then you claim we're the unreasonable ones?
The easiest way to explain the situation to those who haven't been in support is to compare it to allowing a stranger to do whatever they like with your home computer. You don't want an idiot messing things up, installing random crap, malware, viruses, giving away critical data, etc. Now look at it from our perspective: every computer in the business is our computer.
The very last thing we want to be doing is supervising people, but you only need one incident where someone's stupidity or negligence results in massive amounts of repair work (with all the stress that goes along with that) to default to the position of no privileges for users unless you say otherwise.
So, if you actually want the freedom to do as you please with your system (or you want us to help you in any other way), then you need to do two things: prove that you know what you are doing, and treat us like human beings. Rude people get nothing. Poisonous people get their systems combed for evidence that can be used to get them fired. We have a difficult enough job to begin with so please don't make it any more difficult than it needs to be.
Zuzu - You've never actually worked in a corporate environment have you? Do you even have a job?
How was prom?
@thekevinmonster
Ok... so say for instance the user is prevented from doing their job and they have Gmail and an external Im that can help them. Rather than submitting a trouble ticket saying they are having problems doing their job, they just use Gmail or this external IM.
At worst, their communication gets intercepted by a middleman. At a minimum, the message is not backed up to the company servers. Now the user realizes 'Hey! I can do this so much easier without the company systems' and starts using these systems more often bypassing the company backups and allowing for more intercept possibilities by a middleman.
In comes the FCC and thay say 'we have evidence your employees are in violation of not backing up all company communications on the company servers' and they fine you.
Or worse... those communications get intercepted and lead to a security breach of thousands of client accounts.
Regardless of what the author of the article is thinking or what Cory is talking about, there are FCC regulation, HIPPA compliancies and other regulations to take into consideration.
All engineers want progress and are frustrated as well but the wheels don't move as fast as we want for a reason. Just because you don't see that reason doesn't mean their isn't one.
As someone who is typing this on, I shit you not, a Windows 2000 machine, I heartily concur.
Management got all pissy because the last time my hard drive shat itself to death, and the new one arrived in the mail; I popped the case and put it in myself, instead of waiting for the fat guy with the neck beard to come do it.
I'm not even supposed to be running firefox. Oh no, IE 6 is the only approved browser. It's like they WANT us to get viruses.
Beyond that, I'm running Vectorworks, and had to go through this ordeal where I had to convince those who supposedly know more about this shit than i do, that no, 512mb is not enough fucking RAM, and could I please get some more. They acted like it was some huge financial decision. It's $60 fucking dollars.
Likewise, if you're an accountant, and you're using spreadsheets, on a computer, using a computer is part of being an accountant.
Yes, I have. Several, actually.p.s. Do you have anything to contribute ever besides personal attacks? Try addressing the argument sometime.
I'm the "IT guy" for a small business. The problem to me seems to be that IT people don't always understand what their companies do. To often IT departments aren't well enough aligned with the business functions of a company. This isn't necessarily the IT departments fault. Budget and time limitations force IT departments to keep their heads buried in the sand. They are only reacting to problems and trying to upgrade components and software not organically developing solutions for their "customers". There are several organizational solutions for this. One approach is to assign an IT champion to a given business unit. That person can seek out and implement new technologies for that unit with the support of IT. IT works for them and they need to manage IT time and costs in conjunction with other business units.
To the guy who thinks those who don't know how to use a computer should be fired. Good luck pitching that one to your executive team.
Hey,if we're fantasizing, here's mine:
Zuzu takes over a company whose lead salesperson is Sue, who's been at it for decades, can't use a computer to save her life, and can sell pants to a mermaid. He fires her and hires Bob, who's a good salesman and can use a computer.
I scoop up Sue, hire someone else to deal with Sue's computer stuff, and proceed to eat Zuzu's company's lunch.
Hoist by his own free market!
(And someone asked why employees just try to just use Gmail instead... well, that's one reason.)
@Zuzu
I agree that if your job is computer-centric, it's inexcusable to not be able to fix/maintain it.
Here's an analogy: I rented a car a few months ago. Some chevy. Anyways, as I was doing the initial walk around, I asked some basic questions: How many liters is the engine? The guy said 'Four'. I said, no, not cylinders, the displacement, how many liters or cc's is it? He didn't know. He also had no clue about MPG or horsepower. And I thought, what the fuck is this guy doing renting out cars if he doesn't know ANYTHING about them, and was also either incapable or unwilling to find out!
I know how to fix a computer for the same reason i know how to fix a car - i learned it by the roadside, as it were, when things were fucked up and I had things to do, places to be. Because I actually ENJOY not being a victim of my own ignorance. It's empowering.
The problem is young people don't seem to be able to change a flat tire, let alone go registry hunting for malware, or finding the proper hardware drivers. they're all used to someone else handling that stuff, which only further debilitates them.
There's a simple core tenet of IT that everyone working in IT should have, framed over their desks, and should work by all the time:
IT is about making IT easier to use.
I shouldn't have to click eleven times and scroll through a list and click five more times if my job needs me to only waggle the mouse a bit and click three times. The less effort that the enduser has to expend to get the job done, the more likely they are to use that solution.
Teaching a salesperson to toggle in IPL code in octal (no shit, actual instance) is not IT's job, and toggling in the IPL code in octal isn't the salesperson's job either. IT's job is to build an intuitive interface that translates the user's easily-expressed choices into IPL code in octal - or whatever other esoteric crap your OS / program / mainframe / database / accounting system represents the data as internally.
Make it easier for the enduser to use their computers.
IT department (which I am a part of one) are typically pulled by many different other organizations/policies/requirements/laws that users may or may not be aware. Part of our job is to take all into account and make everything work nicely. Because one user sees an awesome app and wants to use it doesn't necessarily mean that it will work in that environment.
In my experience, it is the users who *think* they are on the cutting edge and know a lot that cause most of the issues we need to fix. They look at the computer (that the company purchased and charged my org to maintain) as their toy to play with as they see fit. It is because of users like this that systems are locked down. It isn't because IT is trying to ruin their fun or keep them on obsolete technology. We have to see the big picture and keep everything running.
@Zuzu
"IT departments that tell everyone to delete old email rather than just pay the $90 for adding another 1TB drive into their storage array, need to be taken out back and shot. "
They make us do that here - 90 days. Nevermind that there was a shitload of useful information that now has to be rediscovered. Although I believe we do it to avoid legal complications, which to me is pretty shysty, what, we have to delete old emails so that if there's a lawsuit we're unable to provide the TRUTH? How unscrupulous can an entity become ethically when the business's continued existence takes precedent over honor???
Wow, my previous post sounded kinda bitter. Let me say this as well- my ideal situation is when someone needs something done. An improvement to a process, a new process, whatever. And they work with the IT dept to get it done. When IT gets in a lock-down mode of no we can't, it's not policy, blah blah blah, that doesn't help anyone.
Like #46 said, IT needs to understand what the business doesn and what it can do to help the business do what it needs to do.
There should be no company-owned client computers, only servers.
Use the money you save on purchasing computers as a bonus to your employees to buy their own computers and let them handle these micromanagement decisions for themselves.
Want more RAM? Fine. Spend the $60 and install it yourself. If you want some crazy gamging rig, clearly the bonus will not afford that, but you can spend more of your own money if you like. Think you found a more prudent solution that allows you to still do your job and pocket more of the bonus? More power to you. (Just don't let your penny-pinching cost you your job of actually being able to get work done.)
@Angry hippo
can i at least get you to agree that forcing me to run Win2k and IE6 and Vectorworks on 512 of RAM is re-fucking-diculous?
i have to run firefox portable because they scan our installed programs list every so often.
Training really should be part of an IT department's mandate, just as an HR department should really be able to give you a complete spectrum of benefit options and the knowledge about them with which one can make an informed decision based on their needs. However, in most companies, neither group are given the resources (including staffing) or authority to do these things.
This is because both IT and HR don't work for the user, they work for the company. If it is more cost effective in the short term (and this is key) to lock people out of their systems or select a single, one size fits none policy, then this is what most companies will do.
The first thing I tell people who take agency jobs (I currently work in advertising) who haven't worked in a corporate environment before, is that HR is not their friend, and only looks out for their interests when they don't conflict with the interests of the company. The same might be said for IT departments as an entity unto themselves, although certainly I've found many individual IT workers to be very helpful in the right circumstances.
I agree with Zuzu, we should fire every person who is not competent enough to use a computer. And on the flip side we should fire every IT person who has little or no customer service skills when dealing with people at work, or who display the imfamous "IT Rock God Complex". I'm tired of some IT people whining about how little some people know about computers.
I look at it as keeping a job even if some users are really that incompetent. I think IT people who have Zuzu's attitude about users need to find a new field to work in, or need to learn how to work better with the users.
#56- I bet the windows (the real ones) in your office don't open. Otherwise you probably would have thrown your computer through it by now. It sounds more like a financial issue. In my company we can only buy what is budgeted (with certain exceptions of course).
#55 "There should be no company-owned client computers, only servers."
You are talking about the concept of box-rentals, which we do. That is also a tricky path, paying someone to have a working system. The model that we work with (we do it to a certain degree) severely limits what we can do to support those systems, mostly for liability reasons. Your model would rely on your opinion of everyone being able to support their own computer in order to do their job. I doubt there are many (any?) companies that work that way.
@Zuzu
"Want more RAM? Fine. Spend the $60 and install it yourself."
I didn't WANT more RAM. I required more RAM. It was using so much VM that it would slow to a crawl for about 40 minutes at a time, with CPU usage at 100%. It would do this almost daily, and sometimes it never came back.
If you drove a truck for, say, fedex, and it broke down for 40 minutes a day, would you expect to have to pay money for parts and labor to fix a truck that doesn't belong to you??
Zuzu
"Do you have anything to contribute ever besides personal attacks?"
Fair enough, sorry about that. It's just that sometimes you seem to me to be very young, ideologically rigid and highly judgmental.
I do think you're not giving legal concerns enough weight. Those are the primary worries that management has. The legal dept. will trump IT every time.
Your belief that people should be computer geeks or else be fired is very arrogant and frankly, typical of the kinds of things you say. A little compassion for people who are not you would go a long way.
I'm really sorry that we seem to have these conflicts. I don't want to have them. Though I would like to disagree without being disagreeable. I know that sometimes I am at fault for being too harsh at times. I'll try to work on that.
@angryhippo
our projects are in the hundreds of thousands of dollars range, and our 20 man operation NETS over $2M a year. you'd think they could support the guy who, you know, DESIGNS ALL THE SHIT WE SELL. (me)
@nutbastard
Sounds like either bad budgeting priorities or an incompetent IT dept. Sorry.
@5 "If they need a solution, come to us and we'll work together to figure out what works in our environment."
I always cringe when I hear that kind of sentiment, because, in my experience at a few different companies, it seldom ended up as "work together".
As a developer who has had to accommodate projects with wildly varying requirements--and therefore varying toolsets--working with IT to allow me access to the kind of setup needed to work with the tools required often came with disinterested IT staff, incredibly long lead times, and a lot of outright "no"s for no apparent reason.
While I should hope not all organizations are not the same way, it should at least be noted that there are often legitimate reasons for disgruntled users that extend beyond their inability to use any old "POS software".
I think the author is also 5 years behind, because there was a time when it was 'cool' in IT to lock down everything the users do.
Nowadays with better systems management tools widely available, giving the users more trust is a lot less of a risk than it was 5 or 10 years ago.
These days, people are more tech savvy; and if you limit their ability to get what they need done, they'll find a way around those limits, often to much worse results than originally sought to prevent, and most of the time, even if they don't NEED to. Give a user an open machine with reasonable security, and if they smoke it because they got it infested with malware, big deal. Re-image it and be done with it.
Tracking every move made by users, filtering web sites, and logging every chat only opens IT (and the company) up to MORE liability.
I'm not saying you should have to pay $60 to upgrade the company's computer, although I know this is exactly the situation many primary school teachers actually do every year. (Not computer memory, but school supplies for their students.)
If you owned your own FedEx truck, you'd be in exactly the best position to act on your tacit knowledge of exactly what you need when you need it to get your work done.
Assuming you "want" to get it done faster than in 40 minutes. Assuming you "want" to accomplish your project goals and that your company "wants" to turn a profit, and so on.
I originally decided getting into this because I thought it would distract from the point I believed most important to make -- that most skilled jobs today include computer literacy as a necessary component.Also, in the wake of some regulatory problems -- which many people (imho, wrongly) attribute on insufficient (rather than inaccurate) regulation, it's likely to receive more emotional rather than analytical responses.
However, here it is: Legal concerns aren't so much of a technical (i.e. IT) problem. Either reorganize the firm so that everyone's a contractor, or so that each department is a wholly owned subsidiary, or move the company to an offshore jurisdiction that doesn't have those draconian restrictions, or whatever else you need to do to circumvent those legal concerns and make them moot issues, wherever possible.
Now, maybe with HIPPA the problem is technical, such as using zero-knowledge proofs to encrypt and verify the integrity of confidential patient information.
But as far as running a large corporate network and worrying about porn and warez; just outsource that to a real ISP that has legally recognized common-carrier status. (Even if this, again, means creating a wholly owned subsidiary within the company that's chartered as an ISP with common carrier indemnity.) Transfer the liability from the company to the individuals who are actually responsible for the actions.
Now, please bear in mind that these are not necessarily bulletproof recommendations. I'm speaking extemporaneously to illustrate that legal problems have legal solutions more than they have technical ones.
is it just me or are people picking too many edge cases for this?
a secretary should know how to use office at least proficiently enough to have a properly formated internal phone directory.
at my company our phone directory was unreadable because every line had a different font size, different font in some cases, and different justification...
embarrassing for a design company to say the least. same person was in charge of payroll... sometimes we didn't get our paychecks, not due to the company not having the money, but due to her screwups.
i mean the job description pretty much says computer literacy is part of the job. why shouldn't that person be expected to be able to do their job?
to be honest the conversation isnt about brain surgeons it's about run of the mill office workers who make up the bulk of our nations work force.
I work in healthcare and with the electronic medical record every surgeon should know how to use a computer to document his work. I have issues with medical transcriptionists who say they should only be required to type. I tell them you are an information technology worker and should know how to use your computer.
The younger generations of clinicians come in very familiar with computers and as a result they get their documentation done quicker and more efficiently than the older generation who still dictate over the phone. I think some of this stuff will sort itself out as people retire out of the system but the transition we're in now is very painful.
Also, I don't think it would be very useful in a large organization for people to be having lots of different types of machines. Support would be a nightmare and the truth that everyone's glossing over here is that computers are complex and knowledge of using, maintaining and fixing them is tiered and not everyone is going to fluent towards those three ends. My expectation is that people can use their computers and as someone who has had to create documentation on how to copy and paste within Word, I agree that HR should only hire computer literate people. On the other hand I don't expect a nurse to be able to troubleshoot a problem when some resource freezes a machine or a fan dies and the hard drive seizes etc. For that there's help desk and a consistent type of hardware with an approved image is the way to go for quick response times.
But there are a ton of users who are going to be useless for weeks when we deploy Office 2007 since that UI change is going to rock their world.
OK granted many people have good ideas but IT would have more time to work on those good ideas if it was not for the 90% of the other users who have no idea of what they are doing and infect their PCs over and over again
sorry but CIO or in the IT department of some start up with 10 or 15 people is not working in IT have you ever had to protect a data base of medical records? run a network with industry mandated standards or with a team of layers telling you what is and is not going to work as it could be used in a million dollar suit against you or you company
have you had to investigate a security breach that could shut the company down and cost hundreds of people their job
While I agree with some of your points about working with users to use new tech a lot of these new ways of communicating can open up a network in ways that some times are not understood right off or the legal ramifications that could result
to expect the bleeding edge in the work place is just not good IT things need to be tested planed and implemented in a way that will not cause the whole place to come crashing down
I think the main problem is IT people stuck in their ways and other groups of users not willing to work with IT or to include IT in planning maybe be willing to help test a solution and report your findings back to IT in a helpful way
My users are my customers if they are not happy I am not doing my job
Besides, if you can support your home computer, how is your "work" computer much different? (Supporting, say, VPN connections would be a legitimate server-side issue, and your choice of solutions would have to incorporate ease of use for heterogeneous clients into the consideration -- just as ISPs have anything that speaks PPPoE or DHCP and TCP/IP connecting to their network. You're not compelled to use your ISP's computers and call up Comcast when you need more than 512MB of memory.)
And of course, we've probably all experienced the frustration of mobile phone telecoms who begrudge that any GSM device should be able to plug in your SIM card and connect to their network. Because if you had root access to your Android phone, the walls would bleed, the network would crash, dogs and cats would live together, and so on.
I think Zuzu illustrates the problem well. He is the "classic" IT guy. His approach isn't to learn about the business and to align his job with the organization's goals. Instead he wants the business to reorganize itself around its IT department in an attempt to minimize legal responsibility. Businesses don't want to make each unit a "wholly owned subsidiary" and it would be impossible to make each employee of a large complex company a contractor (the federal government has rules on this). Zuzu misses the point completely. IT is part of the business. IT is paid by the business. IT needs to start developing solutions WITH the business and protecting the business from those who would do it harm.
Legal responsibility merely comprises the regulatory landscape, and it's easier (i.e. more profitable) to drive around a mountain than it is to dig a tunnel through one.
And that's why you have legal strategists... who should also be computer literate.
Echoing #63 - as one of the users on the other end, it does indeed complicate the argument a little when the IT department that you come up against doesn't actually do the "work together" thing. I work in a university lab with locked computers. Calling IT for every small thing isn't ideal, but rules are rules and I get that it's safer in general to have them take care of it. The reason that I get grouchy about the locked computers is that calling IT when I need a plug-in or something installed usually means that three people come, try to install what I need, and can't because the system has been set up by someone else in some ass-backwards way that they can't figure out.
My SO, who is an IT person, has run into the same problem in each corporate IT environment he's worked in. He was hired at his current job to do a very specific project, but he spends most of his time trying to dodge or get info from more senior IT staff (CIO included) who are years behind the times and suspicious of anything outside their own knowledge base. Much of his job these days is untangling problems that crop up because the system in place was set up by someone senior to him who didn't know enough to avoid them.
This is all anecdotal, and as Makuus said, maybe this isn't the norm. Point being, it's frustrating from both sides to have restrictions imposed, necessary or not, by IT departments that don't work well with others (or even with themselves).
This thread needs more Peter Drucker.
"Businesses want to turn a profit in the most efficient (and ideally, the most sustainable) manner they can devise. "Business is in the business of business."
I can tell you that making each unit a wholly owned subsidary and each employee a contractor in an effort to avoid legal responsibility for IT is neither efficient nor sustainable.
It may be easier to drive around a mountain once but you will want a tunnel if your are going to make that trip every day.
With regards to legal strategists I'll go as far as saying I DON'T want my strategist to be computer literate. If he is he is too young and/or not spending enough time doing what he is supposed to do. He should have an assistant that does that work for him. He just needs a blackberry, email and the internet and I hope he occasionally gets confused by those.
I'm speaking extemporaneously of course.
Do you support deep packet inspection (DPI) (e.g. Carnivore) for ISPs, because child porn and copyright infringement are an "ISP problem", not a user problem?
And, I wasn't speaking strictly of "legal responsibility for IT" (which I'm guessing is something like Sarbanes-Oxley record-keeping), but diversifying (or externalizing) legal risk exposure writ large.
So, again, in your view, computer literacy is not part of gathering and processing legal expertise? Because clearly a lawyer augmented by a smartphone, email, and internet would be inferior to one that communicates by... telegram?Falcon @#37 - agreed. He should have. He didn't - I'm the one who advocated a separate network. He fought me tooth and nail all the way.
The new VP of IT is much more reasonable. We get things done with him. And sometimes he comes to our software gurus for advice.
Downloading porn, warez or any other non-business related file is an IT problem and an HR problem. Those people should be dealt with based on the rules a company has established for such cases. I vote termination. IT should easily be able to prevent and detect such uses.
Child porn and copyright infringement are not an "ISP problem" although the lawyers are trying to make it their problem. I do not support ISP's inspection of anyones data without a search warrant.
Legal expertise is a product of years reviewing the law and participating in its practice. It has very little to do with knowing how to keep a computer virus free or developing software to improve business function. Gathering and processing is done by assistants and clerks who should know how to use a computer and the requisite gathering and processing software.
A lawyer augmented by a smartphone, email, and internet would probably be superior to one that communicates via telegram. I'm just saying a 60 year old experienced lawyer that doesn't know much about computers will usually wipe the floor with a 20 something that can install Ubuntu.
What I find discouraging is just how many of these comments resort to tech-speak dick measuring or smug eye-rolling war stories about "us" and "them." It's just not helpful.
Yes, some IT employees have to spend too much time cleaning up messes that less educated (or just plain careless) employees make. But some civilian employees are perfectly competent and cautious with the company equipment they use, and could do their jobs better with fewer restriction. And some IT employees surf porn at work because they can.
Let's stop acting like the best resolution is for one group to completely submit to the will of the other.
"Non-business"... who cares as long as people complete their projects?
Why waste resources on that non-problem?
A lot of IT people miss the point about IT.
Companies hire employees who are computer-indifferent and IT people at some small ratio on top of that, because it's the cheapest way to get work done overall. This model is not prevalent because it's set in stone - I've seen companies which experimented with all sorts of alternatives. It's prevalent because it's effective, both in terms of productivity and cost management.
Being a geek is tangental to what most people do for their actual work - though a lot of computing tools help, and the better they know the IT tools the more productive they can be in some ways. The fundamental truth is that most of productivity is the person's creativity and skills and ability to think about a problem. You can put highly computer literate monkeys out there without an IT staff, and they have no ability to get other jobs done.
If every smart worker also knew IT enough to run their own system, it would be great. IT would be reduced to standards and compliance and some central services. But most smart workers aren't geek level computer literate.
You can build a small team all of whom know enough geek to be able to self-support like that. Some very small companies have done that successfully. Once you start to scale, you find that you can't locate and hire enough talented staff in all the myriad areas (administration, finance, sales, marketing, production, etc) who self support in the IT geek sense. They don't exist in the quantities you need to make a real business. Because their jobs aren't to be IT geeks - their jobs are to be administrators, financial experts, salespeople, marketing droids, production team people, etc.
You get what you can find, which is a subset of what's out there in the marketplace. Expecting basic computer literacy (home user level) is reasonable. Expecting self-system-administering level skills is unreasonable.
Computers need to get easier, and kids need to get more into working with them, so that these skills are more prevalent. But that's a generational task. Even intense employee training programs with existing skill sets are a waste, because they draw attention from the normal workers that would be more efficiently solved by hiring IT experts.
Marketing people are hired because engineers are lousy at marketing tasks. Accountants are hired because engineers are lousy at finding tax advantages, balancing the books, and paying bills. Salespeople are hired because engineers are lousy at selling.
Why should we expect them to be good at IT or engineering?
I used to be involved in a large IT organization.
Serious flashbacks being created by the various comments here :-)
When we were looking at strategy for IT, the consultants will talk to you about the difference between being a cost center, a service provider or some much more ideal "innovation and value creation catalyst" (etc. etc.- you know the buzz words)
In the end, I think how management sees information technology in general, and the IT department more particularly is key.
If senior management sees IT as a cost then a downward spiral results- IT gets starved for cash, has to cut back support- slooooows down, and end users get more and more fed up. End users then do what they can/need to, causing in many cases more problems, further jamming the system and causing more issues.
One of the questions is always "how much is enough"- to spend on IT? The right answer is how much is is helping us, but if you've already lost that and are fighting senior management who just want the answer to be "less", then there are actually benchmarks- by industry, usually expressed in various forms- perhaps as % revenue total spend, perhaps cost per user, or ratios of support people to users etc.
Whats interesting the best companies in each area (in terms of profitability) tend to spend more on IT.
"Sure" says the bosses "that's because they have the profits to spend- IT spending didn't HELP the profits"
Ah the challenge of causality- who knows what the truth is?
In some organisations there are indeed a handful of people who go outside the rules and come up with new and far more efficient ways to do things.
In most organisations there are far more people who think they are in this first group, but are in fact clueless morons with no comprehension of what they are doing. They rush from failure to failure with great promises of how wonderful their next project is going to be, never recognise that they have always failed, and nobody ever calls them on it.
Very few organisations employ anybody who can distinguish between the two.
Find me a way to get all these self-important fools drowned at birth, and then we'll talk about relaxing the rules. As long as they're around, the costs are too high.
""Non-business"... who cares as long as people complete their projects?
Why waste resources on that non-problem?"
There are certain acceptable personal uses of a business's technology. Porn is not one of them. Illegal file sharing is also not one of them. Checking your bank account at lunch or taking care of a personal matter is okay. "non-business" is probably too broad a brush.
Getting back to the topic at hand, I've been reading some about the us vs. them issue with IT and business. There was a lot written about this when data mashups first began to become popular. Some very inventive employees were using Google, Yahoo and other tools to reorganize coporate data and develop new solutions to some fairly complex problems. Businesses were understandably concerned about the data getting outside the firewall but employees didn't have the access to the tools they needed.
Most business units have a person(s) that is sufficiently technically saavy working in them. This is the person IT departments need to seek out and partner with. Cheap, effective and safe technology solutions can be created this way.
That's why I say "computer literacy" and not "programming your own software" or "designing a circuit".
But just from your router for internet access at home, you should have a basic idea of what an IP address is, what NAT is, what DHCP is, and so on. You've probably had to connect some CAT-6 cable to various devices, just as you've had to learn how to connect your home theater equipment or how to plug in external hard drives.
Instead, most of the description of what IT departments are doing for everyone else is characterized like they're volunteers at the Special Olympics. Or like a punchline from IT Crowd: "I'm sorry, are you from the past?"
Zuzu, care to tell us which employers you worked for when you downloaded porn? No shame, right, because you're a productive knowledge worker?
@ Zuzu
I agree with you that basic computer literacy skills are required but most people have those. I think your definition of basic extends too far. My wife is a bright person with a good job. She knows how to plug in a cable but she doesn't have a clue about NAT or DHCP. I do the home networking. Its not a family project. Besides these protocal's are constantly changing.
If a PC is properly patched and configured malicious attachments and drive by downloads won't be a problem. Couple that with some employee education and alerts and you reduce the problem to a very managable level.
You can outsource IT, you can have a full IT department or you can have some hybrid but you are going to need IT support for most any business. You are also going to need that IT department to create value for your business. You need them to support creative solutions that your employees come up with to solve customer problems.
From what I read the problem isn't educated users it's a lack of qualified IT guys.
You can't have every employee be a certified IT guy.
http://blogs.technet.com/blogfiles/kaiaxford/WindowsLiveWriter/MordacThePreventerofInformationServices_9F96/clip_image001_3.gif
"That's the power of SSHing into a remote server and reattaching a GNU screen session to check on rtorrent."
By your standards this ability should be a prerequisite for employment as a salesman.
Not that anyone will read this, but...
I work in large enterprise IT. These days I mostly deal with operations teams. The scale of large enterprises, and the policy level decisions that have to be adhered to (due largely to federal and state laws...) can be an incomprehensible burden.
Lets start with scale. For joe user... they probably work in an office of 10 - 100 people. There's maybe 4 IT guys in the buildings... of those 4 guys most likely 3 of them are what I like to call monkeys. They swap machines, reimage, patch, and do very basic response. There's probably one guy on site who knows which device to kick, and what numbers to call when things break.
Remotely, there will be a team responsible for the client images. A team responsible for the network breakout. A team responsible for backup. A team for virus / spam / security threat. A team monitoring your login and domain / realm permissions. A team responsible for your hardware and software inventory and accounting...
The list goes ever on...
The shear size of the beast involved and the breakdown across departments and geographic locations leads to what can best be described as a staggered response time in any situation. The more tech involved the more exponentially difficult it is to service.
So when you wonder why your laptop is locked down... it's not usually because they don't trust you, or don't want you being innovative... it's literally because they are too big, and have too many people with too much oversight, loosely following bizarre and often times incredibly stupid legislation written by congress. They literally can't give you the room that you need to maneuver.
Now the best response I've seen to the idea of addressing the requirement of allowing a group or team in an organization to try to solve some of their own needs... is a "sandbox". But that's not the only thing. For this project to go into use properly, someone involved in this sandbox is going to need to first know the procedures to get the equipment, access, and audits necessary. Then you'll need to get it signed off by DBAs, and operations teams, not to mention any custom security apis or in house libraries that have to be used to meet specs for a business app server.
So this too becomes difficult. In today's economy automation solutions are attempting to streamlining and weed out a lot of the redundant forms that need to be filled out for every group and sub group that you touch. But even then you need real live people to first make the right requests. Real live people to see the requests, consider the requests and properly understand the implications for their specific field of responsibility, and then sign off on it. And then after all that still more people need to maintain and document this stuff in the right way.
That's a lot of different areas of expertise and a world of paperwork and documentation to traverse with a small army of people to maintain contact with. Multiply this out amongst a few groups ... and soon your global IT is feeling the weight of this sudden upswing in development workforce, a lot of whom are operating without any tutelage.
So, what I really am driving at here, is that the little place you work at. And the self righteous norton ghost jockey you bitch at... really aren't what IT is about. And the enormity of the can of worms you have opened is actually substantial.
So the question you end up with is it worth it to invest all this trouble in overcoming all the associated problems and maintaining a lasting methodology for supporting it.
Maybe it is. I know for tech companies it certainly is. For other industries I could see it definitely not being worth it.
And for now the next generation of tech saavy power users hasn't quite filtered into the mix and unbalanced anything.
Just some thoughts.
"I'm particularly fond of the ones that pay the premium for Apple server hardware (and software) so that they don't have to hire IT staff to build an maintain an equivalent with less expensive hardware. Essentially the problem was outsourced to Apple (commoditized), for less than an IT department would cost."
I work in an all-Apple workplace - our Web servers, file servers, every workstation and design station. I'd love to know how this actually works, where Apple replaces in-house work.
PS: Zuzu doesn't have to be right - this economy is firing everyone who cuts down productivity by needing help or training anyway.
It all boils down to overall costs to the business. Does it cost more to buy and maintain a web filter than it does to have to fire someone because they found out they were able to access porn at work and were stupid enough to get caught? Does it cost more for someone to take an extra few hours trying to get a file with a blocked attachment from a client, or to have to pull an all-nighter restoring an email server that got infected with a nasty virus?
From my perspective, for most companies it makes a lot of sense to restrict users from being able to do things that could potentially a large amount of damage. Especially if the headaches it causes are minor (e.g. use password-encrypted ZIP files to send your blocked attachments, rather than trying to go through gmail).
Personally I'd love to be able to adopt the position that the Acceptable Use Policy is all you need to have in place, and that technical measures to enforce it shouldn't be necessary. But in order for that to become a reality, a business has to do a few things first:
1) Adopt an extremely comprehensive business continuity strategy.
2) Hire very well-trained users (instead of hiring completely computer illiterate people for jobs that require computers, which I've seen ALL too often, even in this day and age).
3) Keep a well-maintained enterprise-wide patch and virus management system.
Most companies are seriously lacking in at least 2 of those areas. And in the 3rd area, you can't just install Norton Antivirus on all of your desktops and consider your job done. But too many IT shops are not provided the resources they need to do more than that.
Huh, since when was jerking off at work about power? I'd say it's a manifestation of one's LACK of power.... Thoughts, Zuzu?
Ok... I got the answer for everyone.
IT wants users that don't cause problems.
Users want IT to stop cock blocking them.
So IT... just uninstall Windows and give everyone dumb terminals with a shell prompt.
They want to surf the web? Do it with Lynx.
Want to open mail? Do it with Pine.
Want to listen view or listen to multimedia. Sorry. Tough cookies.
Problem solved. Now we all get what we want.
In my personal experience of corporate workplaces I've found that 25% of the employees do 75% of the work. Draconian IT policies are put in place for the 75% that goof off most of the day. If someone that works hard wants a tool that will increase their productivity, they will get it if they ask for it and explain why it's needed. These same 75% have total freedom with their computers at home and that's why there are so many botnets available to purchase for malicious purposes.
I won't even get into how much articles like this irritate me, but I'd like to say to Cory and the rest of the BoingBoing crew, thanks for pruning my RSS list. Just like I did with TechCrunch a few weeks back, I have found a post that convinces me to drop the feed.
And of course it's not for BoingBoing posting a link to this article, it's that BoingBoing leader Cory Doctorow is the one that wrote it.
I suppose it's a bit late for me to chime in, but I was once fired for using the Dvorak keyboard layout. I type 60wpm in Dvorak, but only 25wpm in QWERTY. When I type QWERTY my wrists get sore and I'm miserable all day.
My IT goons had disabled the keyboard control panel, so I found a clever way of fixing this through the registry. Needless to say editing the registry was a sure sign of terrorism and I was promptly dismissed.
For that same job I'd spent a week disguising my copy of firefox to look like IE, down to changing the title bar text, renaming the bookmarks menu to "favorites", and renaming the exe to iexplore... I'm glad they never caught on to that or they'd have tried to find something in my contract worse than termination.
Without sales, there is no IT department. The company is not set up so to give IT something to do. However, it *is* set up to give sales something to do.
Faced with a choice between high performing IT people who hate sales or high performing sales people who hate computers, I think we all know who's going to get fired.
ahh, what do they know?
http://www.spiegel.de/img/0,1020,1445713,00.jpg
#95: Axe7540
Extremely well put. This is a ludicrous claim. I think the idea that surgeons with the ability qualify as surgeons but lacking the ability to micromanage their computer should be fired is crazy. Do you know why they never learned to micromanage their computers? They were too busy at MEDICAL SCHOOL doing other stuff.
Zuzu: This won't change your mind but you seem to think that you can't be a productive human being without state of the art computing technology. That's simply not true. Having a smartphone doesn't make you a better lawyer and not having one doesn't stop you being a lawyer, using a telegram isn't as good because it's more expensive and it's a little slower. Does it make you any less good at reading cases and defending your client? Does it really? It might be something you do as part of your job but that's because it's a tool, it's not your job.
I have a classmate who has keep their work blackberry under their pillow when they sleep because they need to be constantly contactable and I don't think they consider that a benefit at all.
I got up to comment 69 and didn't see one comment where anyone talked about why users might be looking for alternate solutions.
It really depends how ridiculously outmoded your setup is, probably nowhere near as bad as the ones I've encountered, but 100 mb webmail limit, anyone? Somebody suggesting that you download all your e-mail to a client that you can't access remotely? Blocked from downloading software that you need or want to help with whatever the hell it is you're trying to accomplish at work?
Why would those users be frustrated? Hmm... you gotta wonder - except, wait, if you're a certain kind of IT Lord or Lady (the control freak kind), you DON'T gotta wonder, because, apparently the mission and end goal of your organization is to save IT staff time and trouble.
You have to care about what your users are trying to do, and stop worrying about who owns the crappy frickin POS Dell.
ahh - I see I should have read farther. And props to the golden few - the IT people who make things possible, rather than impossible (I have met some!).
Just a few notes from a current IT person that's been doing this for about 8 years now.
#IT is about empowering users
My personal philosophy is that my job in IT is primarily about enabling and empowering users to do their jobs and do their jobs faster. I look for ways that I can make their job easy and them more efficient. In addition I try to minimize their potential problems before they happen.
#IT is also about working within corporate, legal and technical boundaries
But here's where things get tricky. I'd love to allow the developers to install 3 windows VMs of all different versions and configurations in order for them to do proper testing on multiple versions of IE. But I won't get the funding for it and I can't allow them to pirate the OS. (At this very moment I'm desperately trying to get our company to purchase licenses for the currently pirated copies)
Same goes for Photoshop and other software. Often times the reason your machine in the office doesn't have the software for you to do your job isn't due to laziness it's due to spending freezes or managers looking to save a nickel.
#New Ideas Are Welcome But They Need to be Scaleable
Gmail, Twitter, IM. They're all awesome that I use personally and love. But I can't roll these out company or even department wide without buyoff from department heads and complete plan for supporting this new thing. While you may be using it successfully someone who is less technically adept may have significant amounts of trouble learning something new. When you leave for another job or go on vacation IT gets left holding the check and has to support something that has suddenly become mission critical but lacks the redundancy, scaleability or manageability of a more established product.
#Storage is Cheap - Fast Redundant Storage is Expensive
@ZUZU/@52 - The reason your IT department can't buy a 1Tb drive off the shelf from BestBuy is because that single drive isn't redundant, it isn't going to match the speed profile of the rest of the drives and you can't just add a drive to raid array.
Drives are cheap but enterprise class, redundant drives that require extensive setup as well as downtime to install are very expensive.
@Carb I am actually amazed more IT people aren't chiming in with similar sentiments to ours.
I'm currently working for a company that didn't have any dedicated IT staff before they hired me. The director of operations handled it all when she wasn't absolutely swamped with the rest of her job. Mind you, this was a company with 3 locations and maybe 150 users. It has since more than doubled in size. Her solution was to give everyone admin rights over their machines.
I can now tell you exactly why this isn't done at most companies. Many people not only don't know much about computers, but will actively avoid learning about them. This means they will always click on those pop-ups that claim that their computer may be infected and install XP antivirus 2008 or similar malware. Then there's those that know just enough to be dangerous and try to help. They'll quickly install those little programs that allow you to insert smiley faces into your email while also bringing virus, trojans and god knows what else with them.
The trick is to balance things. You have to identify and befriend those little "helpers" and let them know why not to install those things. They can be quickly turned into people that will help others attach a printer or other small but important tasks.
Oh, as for the folks that work in offices that have everything open... good for you. You probably either work at a technical place where 98% of the work force are geeks, or the IT staff never has a lack of machines that they need to clense.
@ZUZU,
How many average Americans do YOU think can do a simple algebraic equation?