Consumer Technologies Driving IT

fiannaFailMan writes to point out The Economist's reporting on the way consumer-driven software products are increasingly making their presence felt in the corporate world. Some CIOs are embracing the influx while others continue to resist it. From the article: "In the past, innovation was driven by the military or corporate markets. But now the consumer market, with its vast economies of scale and appetite for novelty, leads the way. Compared with the staid corporate-software industry, using these services is like 'receiving technology from an advanced civilization,' says [one university CIO]... [M]ost IT bosses, especially at large organizations, tend to be skeptical of consumer technologies and often ban them outright. Employees, in return, tend to ignore their IT departments. Many young people... use services such as Skype to send instant messages or make free calls while in the office. FaceTime, a Californian firm that specializes in making such consumer applications safe for companies, found in a recent survey that more than half of employees in their 20s and 30s admitted to installing such software over the objections of IT staff."

my users do whatever they can get away with

[ZahnRosen]

I love'em all, but you can't trust them to stay away from their computers. All are running under very limited users accounts on a domain and they still cause problems?! I for one would be glad for someone to sanitize CE software so I could even consider it.

Re:

[TrisexualPuppy]

I love'em all, but you can't trust them to stay away from their computers. All are running under very limited users accounts on a domain and they still cause problems?! I for one would be glad for someone to sanitize CE software so I could even consider it.

Don't make them power users, and they won't be able to do this. Power users are unable to install programs (according to MS), but they are able to modify the registry. What does this mean? They are able to install programs.

I have had no user-installed pr

Re:

[ZahnRosen]

righto, take a look at my original post... all users are running 'user' accounts under windows XP pro, server 2003 as DC. I'm amazed that some programs are still installable. I will occasionally find a copy of skype or Barnie's games on a system... Why, go to all that effort just to get in trouble? People amaze me sometimes...

Re:

[ZahnRosen]

lol... quite true... good thing is I own 49% of the company and I happen to oversee the network... That gives me all kinds of latitude. :)

Re:

[molarmass192]

I have had no user-installed programs since I started administrating the system here at a 3500-employee corporation

Now THAT'S funny ... you are delusional if you think that ... give me 5 minutes with one of your PC / laptops and I'll have administrator access to your domain. All I need is a PC with a bootable CD/DVD/USB drive. This isn't a Linux/OSX is better thing either, if you can reboot the machine, there is NOTHING you can to do completely lock that sucker down regardless of the OS.

Re:

[newt0311]

full harddrive encryption, doable on both windows and linux. At that point the only options are to wipe the drive completely.

Re:

[LordOfTheNoobs]

1) I believe you meant admin to the box, not the domain
2) BIOS Password and restricted boots options.
3) Group policy specifying the hash of executables allowed to run
4) Further restriction in group policy of which DLLs they can load, in case you get some cute browser helper object you *have* to have.
5) As stated by other, encrypted hard disk.
6) Thin clients.
7) Better : PXE booted thin clients

8) All : BIOS-Passworded Anal-Retentively-Group-Policied No-Local-Admin Hard-Disk-Encrypted PXE-Booted Thin-Clients.

9

Re:

[grub]

You don't need a cracker. There are several utilities that will zero out the admin password using direct disk access from a boot floppy/CD/USB key.

True, it's not "cracking" the password but you have a null admin password in just a few minutes. (google for "hiren's boot cd" for one example)

Re:

[DMorritt]

take 1/3 off your salary and tell the "bobs" thats the saving they would get from removing your internet access too ... damn i'm just full of good ideas :)

Re:

[tompaulco]

Why would you buy your employee a laptop if you didn't want it going home? If you want it to stay at work buy them a desktop.
At my company, they expect you to work at home after you have finished working at work for the day, and I don't see how that could happen without them either buying me a computer at home that has access to sensitive data at the office, or buying me a laptop which has access to sensitive data at the office, or possibly even locally.
Until companies decide that a hard days work is suff

Re:

[Ontology42]

This whole internet is a fad!

We'll be returning to pen and paper inside of three years!

Since the only "Safe" computer is one that turned off.
I could spend hours going into the various espionage methods like "Van Eck Phreaking" or it's parent "EW, ECM, ECCM, EWM" but hey how many corporations value their data so much that they will build Faraday cages and all optical infrastructure? Risk is a reality, now living with risk is a CIO's job.

Ok so you need the "hinternet" at your desk, and you being a good

Re:

[Gilmoure]

I hate all my users and they also cause trouble. Sigh. Stoopid users. So eager, so clueless.

for a reason

[brenddie]

Maybe that skepticism is there for a reason. Technology developed by the military, universities etc.. is usually focus on security, stability etc... Thats something thats not always true for consumer technology where short development cycles and high profitability drives the technology.

what do you expect?

[macadamia_harold]

The Economist's reporting on the way consumer-driven software products are increasingly making their presence felt in the corporate world. Some CIOs are embracing the influx while others continue to resist it.

When you lock down the machines, of course people are going to be driven to web services like the apps that companies like google offer (mail / office / etc ) .

Re:what do you expect?

[Timesprout]

You should try working for a large financial corp. They lock your machine down _and_ block access to web mail and other sites. Its their way of the highway as part of security/confidentiality/behaviour control .

Re:

[Corporate Troll]

I've worked for many financial corps (writing webbanking applications), and most of them don't have Internet access *at all*! Try doing your web-based job without the www. (Okay, they had "internet stations" for research, but it was a hassle.) Especially as a consultant, you can be lucky if you can send email to the outside. Usually, it's internal-mail only.

The banks where I have worked that have Internet access, usually have heavy filtering. I still have the find a bank that blocks my own domain a

Re:

[SirKron]

Have you read the federal guidelines that IT must follow for the financial industry? I have worked as a email contractor at a mutual fund company that had traders and a research department. We had to track every email and IM for seven years and had to produce them whenever requested to be in compliance. All it takes is one tech-savvy and crafty employee to put the entire company at risk.

Just because you can, does not mean you should. Most companies will give you whatever access you need, if you need it

Re:

[Corporate Troll]

I don't think that I have to read "Federal Guidelines" because I am not employed in the US. ;-) But, yes, I know I did something I shouldn't have done, but getting approval for that CD burn would have taken two weeks and they needed that CD *now*. Never underestimate bureaucracy in the banking sector. It wasn't even for me: I'm one of those guys that don't even bother to take the code he wrote with him (Which is illegal, you made it for that company... It still is common practice amongst IT consultants)

Re:

[kraut]

> The banks where I have worked that have Internet access, usually have heavy filtering. I still have the find a bank that blocks my own domain and thus my own webmail service, but yeah, for n00bs it's probably hard to survive without hotmail, gmail and yahoo.

Just because you can work around the enforcement of the regulations doesn't mean you should.
a) because the regulations are there for a reason
b) because you signed up to them

> It was a no-brainer to put a cross-cable between my bank-desktop and m

Re:

[Corporate Troll]

See reply here [slashdot.org]

The funny thing is that I was a consultant. I couldn't get fired, in the strict sense of the term. My company wouldn't have fired me for bending the rules in order to *please* the customer. (Reason found in link above)

As for "I signed for those regulations": no I did not. Typically they make you sign a paper that everything you see and hear should stay confidential, but that's it. That's what the law says here because of "bank secret". I didn't sign anything else.

Oh, and as in p

Re:

[darkmeridian]

Large financial institutions are heavily-regulated industries. They deal in data on a scale you cannot believe. The smallest tidbit of information can move the market -- a fellow trader is about to sell 1 million shares of Gizmo stock, for instance. Of course, this information goes stale very quickly. Furthermore, regulators want to make sure there are no back avenues for internal communication, so they can capture any smoking-gun memos after the fact. For instance, regulators don't want employees to f

This is new?

[wiredog]

It's been going on (with occasional Slashdot posts about it) since the late 90's.

Re:This is new?

[porkchop_d_clown]

Heh. I was reading comp.sys.amiga.* on company time back in '88. Within weeks of Mosaic coming out, everyone in the office was trying it. My first exposure to online gaming was Doom over the company LAN - and the 4 of us in the company group ate so much of our internal bandwidth playing Doom that IT thought the routers were failing (the very first release of Doom was a real network hog). Then there was Pointcast. etcetera and so on...

Re:

[Jhon]

Heh... back in the day we actually used Doom to help ID network bottlenecks. It helped us finally retire a problem arcnet segment... Man, I'm showing my age.

Ah, arcnet.

[porkchop_d_clown]

Arcnet rocked. Twice as fast as silly ol' 1-mbps ethernet.

Kind of like... sex?

[rossy]

It's been going on (with occasional Slashdot posts about it) since the late 90's.
Before that we did not exist, as the matrix had not finished updating the virus definitions as part of the boot process.

Makes Sense

[CmdrGravy]

I can see many companies might have issues with the security of their documents or data being held by 3rd party companies but once that hurdle has been jumped it seems to me to make sense so long as you ( the company ) can still have the same control you would were you hosting the service yourself.

Really this is just outsourcing particular aspects of your business to specialists which is something a lot of companies now have a lot of experience in.

For example the company I'm currently working for develop so

Stalinistic IT practices...

[Shoeler]

What is really accomplished by the draconian means IT organizations are going through these days? Viral outbreaks are way down, mainly due to better edge practices - ie frequent AV definition updates, forced scanning of all inbound e-mail for viruses, better firewall configurations, near real-time forced patchings, etc. With those left out, the vectors for infection drop dramatically and end up being removable media (USB drives), portable media (CD/DVD), etc. Again with proper real-time on-access antivirus scanning on both file servers and PCs, where do viruses come from?

And if the reason for locking users out of their PC configuration is configuration management and not protection, then why not just let them at it... have a standard PC configuration, a standard image, and partition their drive. All user files are on the 2nd partition, and all system on the first. If they dork it up instead of spending hours troubleshooting, just image the primary partition and move on.

That way you reduce the overhead of your IT group and allow users the freedoms we expect. I'm not talking utopian - I'm just talking simple things like being able to install a firefox major version update without calling the helplessdesk, or installing any other app I need to do my job (not wanted things like IM clients - real job needs). Instead I have to call the helpless desk wait a damn week while I play phone tag and then sit there for an hour as some monkey figures out how to double click "setup.exe".

It all seems so unnecessary to me. Get a clue and a plan and have a modicum of control - not the communist variety of control.

Re:Stalinistic IT practices...

[gad_zuki!]

A few points:

1. Your symantec doesnt catch everything, even if its in its definitions files. It may run before the av can scan it. It may come encrypted. It may be part of a larger spyware payload. "Edge" is buzzwords for "buy our scanning proxy." Its not 100% protection.

2. Your system is locked down not because the "helpdesk monkey" enjoys visiting self-entitled misanthropes like yourself but to keep unauthorized software off your machine. Your manager doesnt want you playing games all day, IT doesnt want to image your computer every week because of all the spyware you download, and the helpdesk doesnt need more of your whiney complaints. Not to mention legal/finance dont want to get stuck with a bill/lawsuit for the software you pirate and put on a machine that isnt yours.

3. The partition idea has already been done. Its called network drives. You still are responsible for the PC.

At the end of the day, when you screw up a perfectly good machine because youre so much smarter than your IT deparment and its monkeys, you end up calling them, expecting them to fix it, and blaming them. Now multiply yourself x250 people and think about why you have to wait so long for service or why some of these policies exist.

>Get a clue and a plan and have a modicum of control - not the communist variety of control.

Lastly, this isn't soviet russia. Dont like the work environment? Quit.

Re:

[Shoeler]

1. Your symantec doesnt catch everything, even if its in its definitions files. It may run before the av can scan it. It may come encrypted. It may be part of a larger spyware payload. "Edge" is buzzwords for "buy our scanning proxy." Its not 100% protection.

Nothing catches everythhing. Only clueless CIOs and non-technical middle IT managers think that happens. Security is a state of mind - not a reality. There will always be someone smarter with more time or more resources that can beat your "best practices".

2. Your system is locked down not because the "helpdesk monkey" enjoys visiting self-entitled misanthropes like yourself but to keep unauthorized software off your machine. Your manager doesnt want you playing games all day, IT doesnt want to image your computer every week because of all the spyware you download, and the helpdesk doesnt need more of your whiney complaints. Not to mention legal/finance dont want to get stuck with a bill/lawsuit for the software you pirate and put on a machine that isnt yours.

So you can't place - as I said before -a modicum of controls on users and still allow basic functionality? You can't set SMS to go look for installed programs and remove anything not in the list? (you can - I've done it)

At the end of the day, when you screw up a perfectly good machine because youre so much smarter than your IT deparment and its monkeys, you end up calling them, expecting them to fix it, and blaming them. Now multiply yourself x250 people and think about why you have to wait so long for service or why some of these policies exist.

Been there -

Re:

[Belial6]

The thing that always strikes me during these debates is that people always seem to forget that the only reason they have a job supporting PCs is because when users couldn't get their jobs done due to overly strict mainframe policies, (I understand stricter policies for a shared system) they would bring in their Apple IIs and C64s. The ones that did, were dramatically more productive and this pushed more people to bring in computers. Eventually the companies started officially supporting PCs. Without th

Historical posting practices...

[Anonymous Coward]

Only problem with your story is that's not exactly how it happened. Of course you'll get a book and movie deal out of it, and slashdot will rip it to shreds for historical inaccuracies. In the mean time you'll be laughing all the way to the bank because most of your audiance didn't grow up in those eras.

Re:

[asuffield]

Nothing catches everythhing. Only clueless CIOs and non-technical middle IT managers think that happens. Security is a state of mind - not a reality. There will always be someone smarter with more time or more resources that can beat your "best practices".

The 'Sisyphus' method catches everything you're likely to care about:

Every desktop should be created via disk image, as a clean install with all the applications that the employees are supposed to be using.

Every night, when everybody's gone home, the image

Re:

[asuffield]

A lot of programs can run from USB memory sticks, so you would get the best of all worlds. A clean install to get the machine running, and the users could use Thunderbird etc. without messing up the machine.

I said "everything you're likely to care about". Why does the IT department hate people installing software? Because it messes up the machine. If they're just running Thunderbird from a USB stick, it doesn't cause support burdens for the IT department, so they don't care about it.

The important thing is t

Re:Stalinistic IT practices...

[Tim C]

If you're worried about near computer-illiterates fubaring their machines, why not simply have a "one strike and you're out" sort of policy? Everyone gets a liberal security policy to start with - maybe even full local admin access. The first time you screw your machine up, it gets reimaged and locked down on the grounds that you can't be trusted not to screw it up again.

That lets those of us who know what we're doing and have never needed to call the support desk for anything other than hardware failure get on with our jobs with the minimum of inconvenience, while protecting those that clearly need to be hand-held.

Re:

[ubergenius]

I take a middle-ground policy at my company. I run IT for my company, and users do not have unlimited access to their machines. They can't change system settings, and they can't do anything with the system partition. However, I do not restrict the installation of programs, or the changing of personal settings, nor do I viciously monitor web traffic or block websites. I tend to give people the benefit of the doubt. However, you must remember that I am allowed to do this by my superiors because there have n

Re:

[archen]

My problem with that approach is that when people are administrator, you have absolutely no way of telling where the problems are coming from. Some people do God knows what with the machines, others innocently just fubar it and have no clue why. And yes, user ignorance is considered a valid excuse where I work.

When I migrated the company to windows 98 my policy was you're responsible for the computer. That just totally didn't fly. Then with windows 2000 we actually had passwords and supposedly had accou

Re:

[Tim C]

But someone else may have been on the computer

If they logged in, that should be recorded; if the user let them use their own account, they will know who it was.

maybe they had the user's password

Password sharing should probably be a disciplinary offence, precisely because it allows users to act maliciously then plausibly deny their actions - "It wasn't me, but a few people know my password..."

often no one logged off so ANYONE could install stuff on the computer

Again, leaving your machine logged in, unlocked

Re:

[kabocox]

If you're worried about near computer-illiterates fubaring their machines, why not simply have a "one strike and you're out" sort of policy? Everyone gets a liberal security policy to start with - maybe even full local admin access. The first time you screw your machine up, it gets reimaged and locked down on the grounds that you can't be trusted not to screw it up again.

That lets those of us who know what we're doing and have never needed to call the support desk for anything other than hardware failure ge

The New Normal

[fwr]

I used to have the same attitude. That is until I took a CISSP CBK review course and learned the reasons why information security professionals insist on those types of policies. Since increasing my experience and knowledge of information security is my career goal (passed the CCIE Security written, didn't take the lab yet, probably will take the CISSP next quarter) I'm subscribed to a bunch of web zines on security topics. I used to have the opinion that most of the articles were from security "experts"

Re:

[Skrynesaver]

Mod parent up, if I had a weeks work for every user who uses a machine at home and thinks they know all there is to know about computing as a result I'd be rushed off my feet, hang on I am, got to go.

Re:

[Bryansix]

There are better ways. First off don't hire people who think spyware is just the latest and greatest media player or file sharing tool. Secondly train the staff to think about what they are doing and to know how to use their computer responsibly. If you treat the employees like children then they will act like children. They will never learn to act responsibly because they do not have to. They just call the Helpless Desk (I like that) and complain that they can't get any work done. See because locking down

Re:

[gad_zuki!]

Job Security? Because things are so centralized and locked down means we have a very lean IT staff. If we opened the floodgates then we'd need to hire more than few extra people. Don't be silly.

and IT departments who've forgotten their reason

[alizard]

for existence.

IT exists to make a company more efficient. One way it does this is by making it possible for users to hook up with the services required to permit users to communicate with each other and with the outside world and to gather information. Some of the new technologies used for this are not well understood by IT departments. Figuring them out and how to secure them is part of a sysadmin's job description. At least if that sysadmin wants to keep working.

If industry pros are using, for instan

Re:

[Corporate Troll]

All user files are on the 2nd partition, and all system on the first.

No, all user files on a *network server* because hard disk crashes happen and servers are backed up. It is trivial to map "My Documents" to a network share.

Re:

[hughperkins]

It's true that must be frustrating. The other side of the coin is the user's machines full of random applets/spyware etc that run slowly, crash frequently, and have non-standard dlls so that their critical business applications stop working.

Ideally it'd be possible to create different profiles, ie standard locked-down user, developer, etc, and some companies do do this. Obviously, there is a cost associated with this.

Re:

[RMH101]

"Ideally it'd be possible to create different profiles, ie standard locked-down user, developer, etc, and some companies do do this. Obviously, there is a cost associated with this."

Are you in charge of stating the completely obvious at your firm?

Try looking at it from a different viewpoint.

[Vr6dub]

You are looking at the problem wrong. It's not that I mind you installing Firefox but what about the next person who asks, or the person after them? At what point do you say no? I can't just make up arbitrary numbers and say X number of users can install Firefox. A lot of things in IT are all or nothing for that very reason, not because they just want to be nasty.

Re:

[jonwil]

Answer, dont approve users. Approve programs.
There are ways to install software such as Firefox without needing administrator access (portable firefox for one IIRC) so approve certain software such as firefox and say "if you want to use firefox and can install it without needing admin access or help from IT, go ahead and use it but note that IT wont support it" or something.

Re:

[evilned1]

I can see you never spent 16 hours building out an engineering system. The last job I worked we couldn't wait to lock down the systems. The problem wasn't viruses so much, although that was an issue, as it was adware, spyware and stuff breaking applications we used. Once we locked down the desktops our calls dropped dramatically.

The one problem area were the sales force. Since they had laptops, worked out of the office for long periods of time, and always needed help, we had to leave them with rights to the

Re:

[chris_mahan]

> Just remember one thing. That isn't your computer. It belongs to the company you work for. The IT department is responsible for keeping running and you working. Downtime costs money.

You just remember one thing:
The computer is there for the guy with the brain who will use the machine to help his brain figure out then implement a plan to have people pay good money into the company coffers to pay a good return on the investment and incidentally pay for the IT department's salaries, hardware, and software.

Re:

[silas_moeckel]

Assuming your in the US there is a decent chance that your average corp workstation falls under Sox, Hippa or PCI (thats the CC companies) all three require the locking down of corp PC's. You can do this in a nice way or rather draconian. Nice generally involves a simple system to install additional apps via some package management system that may include a corp "beta" section of things not supported but properly sanitized to make sure they are not full of spy ware etc, this takes a considerable amount of

Re:

[Shoeler]

God users really are getting stupid these days

And with that attitude you'll go far in your career. :) You are exactly the problem. You know best, of course. No stupid user can ever know as much or you. Please come work for me so I can fire you.

Hey you kids. Get off my yawn

[neimon]

1979: Hiding that Apple ][ with VisiCalc that the MIS staff has forbidden because users can't be trusted to produce accurate reports without someone with a Masters doing the coding. 1984: Sneaking PCs into an all-mainframe shop by having the customer buy them as parts, on seperate POs. 1985: Networking those PCs peer-to-peer over 1MB coax so they could share a "big" 40 MB hard drive and a "fast" 6PPM laser printer. That was the last generation of revolution. Now comes the software revolution, where disposable widgets take the place of $450 office "productivity" packages. It's a glorious dawn, and I'm laughing at all you young turks thinking you're going to control it. Embrace and control it, lads. Never forbid anything unless you have something better.

Re:

[RMH101]

1993: Managing to get purchasing to buy a modem by describing it as a "Modulator/Demodulator"

Yup, Sneaking PCs into an all-mainframe shop

[vinn01]

"1984: Sneaking PCs into an all-mainframe shop ... buying parts, on seperate POs."

I did the POs for everything except the case. I got the monitors, power suppies, motherboards, disk drives, keyboards, mice, and cables no problem. But if I tried to get a case, red flags would have flown. With amber monochrome monitors they didn't draw too much attention. The other montors (from Data General and IBM) were all green screens. The MIS dweebs were clueless. (Management Information Systems - now called "IT"

Re:

[Luscious868]

The problem is that for every one employee who will actually install and use new software to increase their productivity there are six idiots who will screw up their PC's with viruses and spyware and three employees who will install software so they can waste time. The solution? Let the smartest, brightest and most productive employees do what they want (within reason). Pay attention and if what they are doing makes sense for others, embrace it and implement it where appropriate.

Driving IT - to a rage

[imikem]

Of course the users will ignore IT and our fascistic policies. At least until the crapware they've managed to install in spite of the technological restrictions we've put in place, and despite this violating the usage policy they signed at the start of their employment, borks their system to the point that they can't print their pathetically lame 200 slide PowerPoint presentation. Then they call my group, informing us how terribly important this is and we must get it fixed RIGHT NOW, complaining how unstabl

Personal != corporate liability

[pla]

Some CIOs are embracing the influx while others continue to resist it.

As a member of a rather small "corporate" IT department, I can appreciate the difference between using certain programs at home vs at work. The number one rule people need to understand, don't expose the company to legal liability, ever. The number two rule, don't do anything that will risk bringing the network down (or critical servers, though most people don't appreciate the difference).

The order of those may change depending on the nature of the company, but those pretty much account for 99% of the "stupid" IT rules that people don't like following. Sure, you run BitTorrent at home and have never had a problem. Perhaps you even use it legally (riiiiight... But hey, I'll admit it could happen). Move that into a corporate environment, however, and your "just a tenth of my bandwidth, and low chance of getting caught pirating music", times 50 users, turns into "why does our network suck so much" and "I have the RIAA's lawyers on line 2...".


Additionally, most people absolutely suck at protecting their home PCs, and in my experience, they take even fewer precautions at work. Now, we run all the standard protections, such as AV, AS, mail and web filtering, and so on. But no amount of automated protection can ever suffice to stop determined insiders from managing to crash (or worse, compromise) their own workstations. Sure, you can fire the malicious ones after-the-fact (and the threat of that at least encourages some cooperation), but that doesn't undo the damage.


As an aside, I consider myself something of a "dark-grey hat". I will gladly teach my users how to do things so they stay juuuuuuust barely on the right side of the law. But even that doesn't always help... It lets people know that when I do give them rules, I most likely have a damned good reason for it; but you'll always have people who just don't "get" it, and don't understand why installing every toolbar, cursor enhancement, and systray bug they can find makes those fascist IT guys so annoyed.


As another aside, I've worked the other side of the fence as well, an engineer working as not part of the IT department. As for how to deal with that situation - Well, let's just say I thank Zeus that I don't have someone like myself as a one of my users. ;-)

Re:

[gillbates]

I'm one of those users you'd probably be on the fence about.

Granted, I don't install every toolbar and stupid web-widget available. That said, I routinely need to run software which IT doesn't have the time to approve and install. Fortunately, I'm usually able to install it myself, and know enough about the machine not to screw it up.

However, users like me aren't your problem. In fact, I'd go farther and say that users like the ones you describe aren't the real problem, either.

Your problem is w

Re:

[StikyPad]

Just a few counterpoints..

1. It encourages people to install even questionable programs by making it nearly effortless to do so.

NT4+ requires administrative rights to install most software, and does a fairly good job of protecting the registry from casual tinkering. Additionally, admins can make the "Program Files" folder RX only. Meanwhile Unix allows (encourages?) users to install any program they wish in their home directory, and the nature of OS is such that there are no controls whatsoever aside from

Try this one

[Slashdot Parent]

Try this one: "All those cutsey cursors and taskbar bugs are giving your computer extra work to do. That will make your computer slow and irritate you."

Everyone hates a slow computer.

The magic behind consumer applications ...

[Ihlosi]

... is being able to squeeze the cust^H^H^H^Hconsumer for the maximum amount of money while getting away with being able to provide a minimum of (or no) quality, service and support (or alternatively, charge ridiculous amounts for each of those three). This is possible because the individual "consumer" has very little leverage against the "producer" ('Not gonna buy your stuff anymore!'), compared to what a corporation could muster ('Not gonna buy several megabucks worth of your stuff anymore!').

Re:

[Jearil]

I don't know.. corporations get really ripped off in prices for things compared to your average Joe. It's probably because an individual consumer can't afford to pay such high prices, but a company can.. so they get away with it.

Here's a non-software related example of price gouging on a corporation. Recently at my job I moved offices. During this time the director noticed that my chair was too low for my height and not good ergonomically (which is true, it's a really uncomfortable chair). So the solution w

Predictable...

[udderly]

FaceTime, a Californian firm that specializes in making such consumer applications safe for companies, found in a recent survey that more than half of employees in their 20s and 30s admitted to installing such software over the objections of IT staff.

In another recent survey, eye drop manufacturer Visine, has released a survey indicating that most marijuana users suffer from bloodshot eyes.

I like truly enforced standards

[gelfling]

In the corporate arena standards are for other people and the result is that you get hundreds of disconnected so called standards. Moreover the executives get their own infrastructure and support and are so disconnected from the sweaty minions that they truly have zero concept of how well or poorly the rest of their infrastructure works. So hells yeah, let's have Google impose standardization on us. The fact is, there really isn't much of a support overhead for all those canned apps. The fact is that those

Re:

[timmarhy]

the answer is simple, don't give in to their demands. just becareful there isn't a sneaky co worker who will back stab you on it though. it helps if you have an IT manager with a spine who can stand up for his staff, that but's rare.

Re:

[gelfling]

My CEO makes a billion dollars and truly believes he is a god. No one tells him or his top 50 reports anything. They bark, you sit up on your hind legs.

Populism has always driven this revolution

[postbigbang]

We like to work, we like to play.

COMDEX is dead. CES now rules in terms of innovation because people now have technology in their hands. Consumer demand means US, not the MIS directors of old, whose high and mighty mainframes and pitiful minis used to rule the black art of 'data processing'.

So much the better.

It's not a PC, it's a WORKstation...

[spywhere]

I worked as a desktop support tech in several environments, with policies ranging from draconian to nonexistent.

In the locked-down world, our firm charged for repairs to "non-standard" machines: anything with user-installed software, even if it wasn't the cause of the problem. We were forbidden to use the terms PC or computer, instead calling every desktop and laptop a "workstation." People who downloaded stuff from the Internet often found themselves explaining the $300 repair charge to their boss, and were subject to termination at the company's discretion. (As desktop techs, we were very powerful... one guy I worked with actually received "personal services" in exchange for not reporting a young woman in the call center).

In the open environments, stupidity flourished. People would install Kazaa (with its load of spyware) and put their shared folders on the servers. Executives would download GoToMyPC and use their names as the password. During downtime, I would use PSList to remotely check computers for spyware, and remotely delete anything I didn't like. A few people complained about losing their Webshots and other crap, but the CIO was an old friend of mine and fully backed my efforts.
One day, I claimed in a weekly meeting that spyware and adware were consuming 50% to 70% of our Internet bandwidth. The head of the network group immediately heaped scorn upon that statement... until the CIO asked him to check into the claim. He had to stand up the following week and say that I was wrong: the figure was closer to 90%.

Re:

[KayElle]

Oh God on a stick, webshots. I hate that program.

so which company was

[alizard]

more efficient and profitable?

If you don't know, if they were public, go to http://www.sec.gov/ [sec.gov] and check their filings via EDGAR (something every IT pro needs to get a clue about. . . if you're dubious about a vendor. . . or about the future, if any, of the place you're working at. . . this is one place where companies are compelled to tell the truth.

It isn't about network efficiency, it's about the bottom line. Show that a company with draconian IT policy is more profitable, if you can. If anarchy i

What was that?

[UnknowingFool]

[Puts down nail gun. Stops fragging n00bs.]
Users? Real admins don't have users.
--BOFH

Re:

[hauntingthunder]

yes BOFHS do have users their just in the cemetry/tape store.

A very apropriate quote from BSG

Apollo: You know what gets me? I know that in two weeks, I won't remember his face. I can't remember any of their faces after they're killed. No matter how hard I try, they just fade.

Starbuck: I don't even remember their names.

No BOFH Comments Yet?

[Snowtide]

This many posts and no BOFH references? I am disappointed in all of you. ?

I have a sign on my office door at work that says:
"Sometimes my job will require me to limit the amount of fun you can have today to make sure you can have fun tomorrow."

I like the people I work with, and they usually are not stupid, so I don't put any more rules on their computer use than I have to. But as the IT support guy at a small department, about 40 computers, I think pla has it right. There is a big difference between us

Re:

[fullphaser]

http://it.slashdot.org/comments.pl?sid=212708&thre shold=1&commentsort=0&mode=thread&cid=17311970 [slashdot.org]

posted only about 15 minutes before your own ;)

heh, captcha says repeater, we sure these things are like adsence and detect message content?

Ghost

[Slashdot Parent]

As a user of IT services, I have to say that I have absolutely no problem with a policy like that. Makes life easier for everybody. If my PC ever gets hosed, whether or not it's my fault, I just want it up and running ASAP. Reimaging it doesn't take much of your time or mine.

Might be workable

[HangingChad]

I had some questions about implementing Gmail on an enterprise basis. What about local backups of the email store? Delegating? SoX compliance? Working offline?

What a bonus to be rid of Exchange! All the expense and overhead for supporting that pig and the added pleasure of giving Outlook the boot. Replace the office suite with OpenOffice or a hosted service and you could kiss Windows b-bye, except maybe a few kiosks scattered around for Windows only applications.

But just try getting in touch with a

It's not the IT staff...

[Beefslaya]

I would like to point out a recent meeting within our company...

Some of the managers of certain departments would like to install an instant messenger client for more responsive communications within the company between buildings. It was explained that a user could have more then one conversation (like a telephone) at a time and also save cost.

The upper management insisted that we do not install this program because it would "subtract" from productivity.

Even after explaining to them that I could enforce th

Re:

[PoconoPCDoctor]

Keyboards are not much better than the nasty influenza infected phone, in case you don't know, but now ya do! [slashdot.org]

Toys belong at home

[hmmm]

What many people forget about Enterprise networks and systems is that they are purposely standardised and purposely not bleeding edge because we cannot afford to have outages on such systems - boring, reliable and when they work we leave them alone. Sure we could cut call costs by using Skype on desktops, but the telephone system works, doesn't cost us a fortune and is easy to support. When we have muppets bringing in their toys and gadgets they not only screw up their company assigned desktops, they also e

It's that old dynamic again...

[Vexler]

From reading the article, it definitely sounds like Mr. Sannier leans heavily towards the "adopt new technologies, even if it sacrifices some security" end of the scale. That's fine if you are running your own shop and can take the heat if it all comes crashing down. But then he went on to disparage the security concerns as a ploy by those older IT managers to scrape some job security. I beg to differ:

(1) Older IT types are more likely to have little if any concern about data and communications security

Re:

[account_deleted]

Comment removed based on user account deletion

If your users can install random software

[OriginalArlen]

Don't come crying to me when you have to pull everything offline for a week to rebuild it. The users don't own their machines, therefore they don't get Admin or the right to install arbitrary bits of software. Add a dusting of policy on top plus some random sampling to catch out smart-arses who try running binaries from their home directories -- you may have to nail up a few of the slower sales droids outside reception before the message sinks in; there's nothing like a decaying corpse to remind people of y

Some organizations make there works buy laptops

[Joe The Dragon]

Some organizations make there works buy laptops from them and it that case they should be a full local admin

Why lock staff out of their own machines?

[banerjek]

For super secure applications, sure. We have a few people that deal with large amounts of very sensitive data.

However, for most people, what's the point in having a powerful machine with incredible software that can do everything, if all the functionality is locked out? It's like buying satellite TV and then locking out all the channels.

Having IT be a gatekeeper for determining what users "need" can do enormous damage to productivity. With few exceptions, we give staff admin permissions because we don't und

Re:

[mandelbr0t]

However, we make it crystal clear there is zero tolerance for proprietary software that we can't provide license information for or running rogue servers. They know they will be in big trouble if they install recreational software that interferes with the operation of their machines or which launches an attack.

This is basically an honor system. There's plenty of software with legitimate and illegimate uses on a corporate network (e.g. Cygwin). If you let me install Cygwin, then I can do all kinds of fun s

Routes and Proxies

[csk_1975]

>FaceTime, a Californian firm that specializes in making such consumer applications safe for companies, found in a recent survey that more than half of employees in their 20s and 30s admitted to installing such software over the objections of IT staff."

Fine, install away. What I don't understand is why these apps would work in any sane company without the complete cooperation of the IT department. Surely in this day and age no company larger than a mom and pop setup would have any routes from any PCs dir

Re:

[Compulawyer]

If the IT department can't easily ensure compliance with an acceptable use policy then either the IT department is incompetent or the policy is deficient.

Or both.

Re:

[George Beech]

Well I would guess that it has something to do with Fedora being free and Redhat not.