Internet Explorer 8

I sure hope that the productivity wasted doesn't exceed the IT labor you tried to save.

That's the idea, to avoid that. And that's why the people making those kinds of calls tend to get paid what they do... In my experience:
1) Many times it's really hard to tell which way to go
2) The people protesting the most about potential "productivity" loss are as likely to be absolutely right as they are to be absolutely full of ****, and just trying to protect their own turf.

Like I said, it all depends.
 
BTW, you have no idea how many requests we get to unblock MySpace and Facebook because it hampers productivity. Give me a break.
My group develops interfaces and applications to MySpace and Facebook. It bought a COTS Internet filter and it shut down access to those sites. Stopped 30 people from working for two days and took the VP I work for two hours of his time to plead with the CIO to unblock the frappin' sites so those peope could get back to work and meet a contract obligation. IT is the most hated department in every tech company I know. The hatred surpases that of HR.

Running a network is not an easy job, but like anything zero tolerance policies of one size fits all just do not work.

Not too long ago our IT locked down emails to domains of other companies that were our competitors. That was done to stop internal info from getting out. Someone thought it was a good idea and thus it happened.

Problem is people like me WORK with those competitors on several problems thaat require daily contacts. So for a week I had to resort to phone calls and faxes. Finally was able to get that stupid lock down policy reversed. But at least we did not have to go to the CIO. We went to the CEO. It was a real facepalm moment.
 
2) The people protesting the most about potential "productivity" loss are as likely to be absolutely right as they are to be absolutely full of ****, and just trying to protect their own turf.

This is the post of the year. We have had to make special exceptions for certain people, which is a giant PITA to manage, but they whined long enough that they actually have a need to get to YouTube that upper management came down and told us that those people are to have access.

I tell you what - I'm glad its not my job to enact those policies (thank god I'm in development mostly), because its a thankless job. We're constantly fighting to fill a position that would give us manpower to help out, but the same people that ***** about us not getting things done fast enough are the ones that ***** when we try to fill the job.

Users, on the whole, are twofaced..
 
That's the idea, to avoid that. And that's why the people making those kinds of calls tend to get paid what they do... In my experience:
1) Many times it's really hard to tell which way to go
2) The people protesting the most about potential "productivity" loss are as likely to be absolutely right as they are to be absolutely full of ****, and just trying to protect their own turf.

Like I said, it all depends.
We're saying the same thing Slappy. The big thing to grasp is that making work easier for IT is not always in the best interest of the company -- and this is where a lot of people fail.
 
So productivity should suffer to make IT's job easier?

With respect...sometimes things are locked down to improve productivity. I remember once taking the e-mail server off-line to clean out the virus sent around the company because someone didn't heed the procedure not to have the outlook preview pane open (this let the old e-mail viruses run). One person not following procedures killed the productivity of many others.

In the course of my legitimate work, I found a couple of web sites that tried to send me a virus (according to our anti-viral program)- our IT dept's procedures probably saved me a lot of productivity. I also noted those companies and will not do business with them- the lack of fairly simple controls cost them millions of dollars of potential business.

When colleagues concentrate on their work and show a little common sense, the lock-downs are very minimal. At my last job, I was offered access to a database based on a question I asked- I declined as I only needed that data once in 4 years and I felt that if data did get out, IT would know it wasn't me since I had no access to the data except by asking for a report. I don't need access to the HR data nor the financials except as how it relates to products I work with. Locking me out of data I don't need makes ITs job easier (less chance of data being shared with others who don't need to know, or data being changed) and it doesn't hurt my productivity.

It's a fine line to walk and it depends on the position and the people involved and their job duties.
 
This is the post of the year. We have had to make special exceptions for certain people, which is a giant PITA to manage, but they whined long enough that they actually have a need to get to YouTube that upper management came down and told us that those people are to have access.
Similar issue. Last week LiveLeak became a blocked site. Mostly because "too much network BW was being used in accessing it", according to IT. The video application research manager who sits in the office next to me is pulling his hair out trying to reason with IT to get that changed.
 
This is the post of the year. We have had to make special exceptions for certain people, which is a giant PITA to manage, but they whined long enough that they actually have a need to get to YouTube that upper management came down and told us that those people are to have access.
Do you think that upper management is just being stupid? Or is it possible that there is a business case to do it?

Always remember that what is easy for IT is not always the best thing -- and those that'll find the right solution instead of the easy solution tend to do well in the field.
 
It's a fine line to walk and it depends on the position and the people involved and their job duties.
It is a fine line. in big companies it is very hard. i think things were better when IT was de-centralized and not outsourced to contractors located in different countries.
 
Do you think that upper management is just being stupid? Or is it possible that there is a business case to do it?

Always remember that what is easy for IT is not always the best thing -- and those that'll find the right solution instead of the easy solution tend to do well in the field.
Ain't that the truth. Used to be that to do well you needed a "a good doctor, a forgiving priest, and a clever accountant' now you need to add a good IT person to that list! :D
 
So productivity should suffer to make IT's job easier?

As an IT manager myself I know that when someone hoses their computer no matter how or for what reason productivity suffers. If I understand what Nick is trying to say it's not just a pain in the neck for the IT department but a loss of productivity for the user since their machine is either down or screwed up to the point where they are unable to do their job.

I, for one, do not have things locked down to the point that I would like because I have neither the time or the budget. None of my users have administrator rights on their PCs and they don't need it. What I wish I had the budget for is a web filtering appliance since most of my problems come from drive by malware on compromised web sites or from sites that people visit that they shouldn't.

There was a time when we had a means of web filtering using Surf Watch (now Surf Control) but that fell to budget cuts. When we did have that in place there were a few people who complained that they could not get to certain sites. The only sites we were blocking access to at that time were adult oriented / pornographic websites so I knew right away that the sites they were unable to get to were in no way business related.

In our organization we have very few tech savy users and I have lost a lot of time cleaning up after some. In these cases the users time was equally wasted while I was busy cleaning up the problem. Not much productivity there.

I also agree that sometimes policies can be to far reaching and in some cases prevent people from doing what they need to do. Ideally there needs to be a balance between security of the company network and data, productivity and the business needs of the users.

Just my humble opinion.

Jean
 
Do you think that upper management is just being stupid? Or is it possible that there is a business case to do it?

Always remember that what is easy for IT is not always the best thing -- and those that'll find the right solution instead of the easy solution tend to do well in the field.

Like I said, I'm glad its not my call, nor my job to enact the stuff (for the most part).

But I hear about it all day, and unlike Scott's examples where its legit, there are few times I agree with the users and their need for "exception."

We had a ticket the other day...lemme find the text to it, and see if you see it as being reasonable....people hate IT because they don't understand why we lock things down:

user said:
I have an individual who is sexually active. Part of my job involves looking up information regarding birth control, helping her find drs, etc... The site http://www.plannedparenthood.org/ is blocked, and also many manufacturers sites which have the FDA package insert information are blocked. For instance, the pill she takes, ortho-trycycline, is blocked. (the manufactureres site is http://www.thepill.com/) I have also run into probs looking up info on blood born pathogens (possibly because they could be transmitted sexually or via IV drug use?). Other nurses have complained of similar problems, please let me know if you would like a more formal complaint from all of us.

Excuse my short rant:
we are all ^% adults here, why the &*^ do we need to block these web sites? I can understand blocking web sites that are known virus spewers, or sites that suck bandwidth, or even sites that are clearly non-essential (Myspace, facebook), but... this?

thanks very much

She has a reasonable request...but why the attitude? Its because people just don't understand. Its frustrating.

BTW, that person is one of the strongest vocalists against us filling a much needed help desk position.
 
She has a reasonable request...but why the attitude? Its because people just don't understand. Its frustrating.
The attitude is because IT is deciding, apparently without input form users, what is appropriate and what is not. It appears as censorship and makes IT the nanny to the employees. It is annoying as heck that when you are trying to do your job that you find barriers being put up by electronic bureaucrats who feel they know what is best for everyone.
 
The attitude is because IT is deciding, apparently without input form users, what is appropriate what is not. it appears as censorship and makes IT the nanny to the employees. It is annoying as heck that when you are trying to do your job that you find barriers being put up by electronic bureaucrats who feel they know what is best for everyone.

The site was blocked as being sexually explicit. To remove it so that the user never sees that blocked would be to allow all porn sites except those that are blocked.

Porn = virus. Virus = lost data and lost time for many employees.

A reasonable employee would have simply said "We need access to the following sites for the following reasons."

If its reasonable, we'll accommodate. Most IT departments will, and in fact, the error message on a blocked site says:

blockmessage said:
This site is blocked by the XXX Internet Policy #5.10.5. Please complete an IT request if you need access to a web site.

Reason for restriction: Adult themed website and pornography.

So it gives an expectation that the site can be allowed.
 
As an IT manager myself I know that when someone hoses their computer no matter how or for what reason productivity suffers. If I understand what Nick is trying to say it's not just a pain in the neck for the IT department but a loss of productivity for the user since their machine is either down or screwed up to the point where they are unable to do their job.

I, for one, do not have things locked down to the point that I would like because I have neither the time or the budget. None of my users have administrator rights on their PCs and they don't need it. What I wish I had the budget for is a web filtering appliance since most of my problems come from drive by malware on compromised web sites or from sites that people visit that they shouldn't.

There was a time when we had a means of web filtering using Surf Watch (now Surf Control) but that fell to budget cuts. When we did have that in place there were a few people who complained that they could not get to certain sites. The only sites we were blocking access to at that time were adult oriented / pornographic websites so I knew right away that the sites they were unable to get to were in no way business related.

In our organization we have very few tech savy users and I have lost a lot of time cleaning up after some. In these cases the users time was equally wasted while I was busy cleaning up the problem. Not much productivity there.

I also agree that sometimes policies can be to far reaching and in some cases prevent people from doing what they need to do. Ideally there needs to be a balance between security of the company network and data, productivity and the business needs of the users.

Just my humble opinion.

Jean
not my company but another one made a policy where no one could connect to non-company domains. They also had the no admin rights policy. So when people would travel, they could not get online through external networks. DOH! dumb policy.

We sorta have the no admin rights policy. All you have to do is get a VP signature to have those rights granted. This is a reasonable compromise.
 
The site was blocked as being sexually explicit. To remove it so that the user never sees that blocked would be to allow all porn sites except those that are blocked.

Porn = virus. Virus = lost data and lost time for many employees.

A reasonable employee would have simply said "We need access to the following sites for the following reasons."

If its reasonable, we'll accommodate. Most IT departments will, and in fact, the error message on a blocked site says:



So it gives an expectation that the site can be allowed.
Planned Parenthood is NOT sexually explicit nor is it porn. It is a medical information site. You have just shown why internet filtering is bad.
 
Planned Parenthood is NOT sexually explicit nor is it porn. It is a medical information site. You have just shown why internet filtering is bad.

So the alternative is to maintain a list of every single porn site on the internet and constantly update it?

And for the users that find the unblocked sites that hose theirs and others computers, "nice job, you found a hole?"

That's the problem, Scott. People try (and a quick review of the block logs shows that they do). And when they succeed, everyone suffers. Our IT department's job is to minimize the lost productivity to the masses, and if that hurts the productivity of one user in the mean time, that's just too damned bad. I think filtering sites based on specific key terms is a useful way to do it.

Of course, instead, the way we lock down our internet is that EVERYTHING is locked except the sites we allow. Categories show for known sites, but not always. If someone finds a porn site that we didn't know about, it simply says "Admin Blocked Site" I believe.
 
So the alternative is to maintain a list of every single porn site on the internet and constantly update it?
Well you could just cruise porn sites all day for the company?? ;)

The other solution is to NOT filter.

Filters are not the best solution because they are based on criteria that tends to block out good and valid uses. The question is are they more likely to stop people from accessing what they need more often than they stop abuse.

I would have to ask just how much of a problem was the company having with employees going to porn sites when they should have been working and how many virus were brought into the company that way?

There are accidental searches that get to porn sites. I was doing a presentation for our former CTO and our department had been called 'scouts' by the former CEO. So I was looking for a graphic that would so a 'scout'. I was thinking something that was a Hollywood Indian scout type of picture from a classic western. Instead I accidentally discovered that some people like dressing up as scouts (boy and girl) for their, um, fun. Color me embarrassed and a little scared i was going to get an IT+HR nasty gram. Got my boss on the phone right away and documented the incident just in case. We still laugh about it as I had told my co-worker accross the hall and she came in to look at the innocent search strong that led to the site. Then one of the attorneys I work with started giving me grief that not only was I cruising porn but i was sexually harasing the women in the department. I still take a good ribbing over this.

My guess is that the answer is none and none but this package was sold as a way to prevent a problem that did not exists so that the IT manager or CIO could look proactive in stopping company network abuse.
 
Last edited:
Well you could just cruise porn sites all day for the company?? ;)

The other solution is to NOT filter.

I would have to ask just how much of a problem was the company having with employees going to porn sites when they should have been working and how many virus were brought into the company that way?

My guess is that the answer is none and none but this package was sold as a way to prevent a problem that did not exists so that the IT manager or CIO could look proactive in stopping company network abuse.

You would guess wrong. Most of our employees are either 17-18 years of age, or older than 55.

That means the youngsters cruise porn. The oldsters just click randomly and wind up at porn. We actually had a huge virus problem back in the day of unfiltered internet. It was so bad, before we actually had an IT department, the board actually voted to remove all internet access and require old school research for everything.

Thank god for our IT Directors guidance. This company would still be in the dark days of no internet if not for filtering.
 
So the alternative is to maintain a list of every single porn site on the internet and constantly update it?
Impossible. You can't block the porn so don't try. If you have users that are spending their days wanking off to porn that isn't an IT problem. Obviously there are some issues their managers should be aware of and deal with. If you tell an employee "Don't wank off at work" and they do it anyways--do you really want them working for you? IT shouldn't be the productivity police. To each company their own, I personally refuse to be the internet cop nanny and wouldn't work for a company that wanted me to do so.

If a user says, "ZOMG I FOUND A PORN SITE", the admin should say "Okay. Don't look at it again".

I've seen some very very large companies that don't filter..I personally do not support it.

You also won't succeed at blocking every site with spyware. It is a battle not worth fighting IME.
 
We're saying the same thing Slappy. The big thing to grasp is that making work easier for IT is not always in the best interest of the company -- and this is where a lot of people fail.

Exactly: It's all about cost. If "easier for IT" != "cheaper", then no, it's not the best thing to do.

The thing is that I think you'll find that kind of situation to be exceedingly rare, especially as scale increases; assuming whatever function is in question is something IT should be responsible for in the first place, if it's "easier", it's almost certainly "cheaper".
 
Impossible. You can't block the porn so don't try. If you have users that are spending their days wanking off to porn that isn't an IT problem. IT shouldn't be the productivity police IMO.

I agree. We do not punish people for finding ways around our systems, we just block their new path. We aren't trying to block people from doing things because its wrong, we're trying to do it to keep others from losing data and use of their systems.

If a user says, "ZOMG I FOUND A PORN SITE", the admin should say "Okay. Don't look at it again".

Well, that can't really happen right now since all sites are blocked

I've seen some very very large companies that don't filter..I personally do not support it.

You also won't succeed at blocking every site with spyware. It is a battle not worth fighting IME.

Again, I agree. So we block everything except that which we allow. Its tight and its rough, but it keeps others' data intact.
 
Impossible. You can't block the porn so don't try. If you have users that are spending their days wanking off to porn that isn't an IT problem. Obviously there are some issues their managers should be aware of and deal with. If you tell an employee "Don't wank off at work" and they do it anyways--do you really want them working for you? IT shouldn't be the productivity police. To each company their own, I personally refuse to be the internet cop nanny and wouldn't work for a company that wanted me to do so.

If a user says, "ZOMG I FOUND A PORN SITE", the admin should say "Okay. Don't look at it again".

I've seen some very very large companies that don't filter..I personally do not support it.

You also won't succeed at blocking every site with spyware. It is a battle not worth fighting IME.

Disagree. There are products that do a superb job of blocking malware and other content, based on highly-configurable parameters. Exceptions and management are a breeze... Our IT folks use Cisco IronPort products here for both web and email filtering and -- from the perspective of an end-user of it who sits 2 desks away from the people who admin it -- I couldn't recommend it highly enough: http://www.ironport.com
 
not my company but another one made a policy where no one could connect to non-company domains. They also had the no admin rights policy. So when people would travel, they could not get online through external networks. DOH! dumb policy.

We sorta have the no admin rights policy. All you have to do is get a VP signature to have those rights granted. This is a reasonable compromise.

I can understand certain circumstances where not connecting to non-company domains may make sense. I know it may sound dumb on the surface but public networks can be dangerous places. For the sake of confidentiality or possibly HIPPA / SARB-OX requirements a company may only allow mobile users to connect to a company VPN and not just anywhere. If what you're saying is that they cannot connect at all then that would be rather dumb unless the company just did not want the laptop connected to the internet outside of the confines of the office. Not all work related activity requires internet access.

Thankfully I don't have mobile users to worry about but I was once at a hotel for a seminar with my laptop. It was a financial seminar and I would be using my laptop on the hotel's public WiFi network. As a precaution I use a personal firewall and I connected to my own VPN at home so that all network traffic to and from my laptop was encrypted. In this way everything was directed through my VPN and home computer.

There have been instances where I have granted administrator rights when the need arose. In each case these were temporary needs and the rights were removed afterward. It is very seldom in our environment when anyone needs admin rights. What really bugs me is all the crap that can still get installed on Windows machines without admin rights.

Jean
 
Last edited:
At our place we have pretty open access to most anything. IT does keep control ofmany things but our local IT guy gives myself and my co-worker a lot of latitude since we tend to not screw things up. They're usually pretty busy taking care of the admins who seem to continually screw their computers up or the senior management guys that just need their hands held.

I'm also fortunate to have my own firewall alsong with a private and public segment of my own to manage which makes it mush easier for me in many areas. I can open things up that I need open or allow someone in to a machine I might need help with and not have to wait for IT to do it for me.

All part of the Hman Network you know :smilewinkgrin:
 
When rolling out security and management policy to an environment that consists of, say, tens of thousands of users, for example, one of the more problematic issues is coming across a business unit run by somebody who has had one of their resident geeks tell them, "B-b-b-b-b-but I NEED to be able to do x, y, and z! And they won't let me do that anymore!" and couch their protectionism in a "This'll kill productivity!" argument. Almost universally -- at least without exception in every instance I've seen -- it's BS.

In environments of that size, productivity (from an IT perspective) is gained through standardization. A standard exception should exist for the staff with the kind of geekier responsibilities that would require them to be subject to lighter restrictions, and all of that staff should be a part of whatever subunit has that consideration built into it so it can be appropriately managed/partitioned.

So the question becomes, it's supposedly "killing" "productivity" for whom, exactly? If it's somebody whose responsibilities require rights beyond what the locked-down schema grants them, they should (best case) be in a part of the organization in which systems management is handled more actively... Rolling them into a centrally managed technology group virtually always makes the most sense (e.g. those groups are hardly ever responsible for those lovely "Hey, uh, we've got this 3GB MS Access file that doesn't work and the developer died. Can you help?" issues), despite the fact that they may feel see their role as less "productive" individually. But if it's some geek who simply doesn't like being handcuffed? Tango Sierra. Go work somewhere else.

And that's the typical ivory-tower attitude I run into with folks I call "full-of-themselves IT management". Like the one that announced that if she had her way, everyone in the organization who travels should not have a laptop but a blackberry (only). Sorta wastes the money that was spent on laptops.

I asked her to explain how I was supposed to read a 25 page contract, mark it up, and send it back from a blackberry. She had no answer.

What's beyond dumb is setting up a system that will effectively not allow folks that travel with a laptop to store local files on the laptop (despite being protected by PGP-whole-disk encryption, then another layer of encryption after log-on, and yet a third level of encryption on the email data), nor make any configuration changes - even ones that are necessary to keep the system operating, like the ability to turn on or off WiFi or Bluetooth without it being done remotely by support. How am I supposed to VPN back in to get the file that I can't store on the laptop... since the support folks can only access the laptop to turn on the network card through a VPN?

It's dumber than the policy that says that only the top couple of levels are allowed to have aircards (most of those folks don't travel), yet those who ARE heavy travelers can't have 'em. Made a real mess when I was on crunch for a drop-dead deadline for a deal (in the office) and the corporate network went down... leaving me with no access for four hours. Wonder if the so-called protection is worth it when we came within minutes of losing a $400 million deal. Support couldn't care less. Corporate IT "felt good" because they "protected" our data. Well, DUH, the data is protected because EVEN THE EMPLOYEES THAT NEED IT COULDN"T GET TO IT!

I've been known to risk violating company policy to get my work done on deadline. Kind of a Hobson's choice.

I'm not even going into talking about our software developers that are hampered by the crap.

Nor am I talking about classified data (BTW, we don't have a classified-capable data connection because of corporate evaluation of "security risks" (but it's good enough for the government), instead we have to have things hand-couriered through airports, etc). Talk about productivity issues.

Perhaps if the IT people were actually in-the-trenches trying to meet deadlines, things would be different. Risk management is about MANAGING the tradeoff between risk of a security issue against the risk of not getting work done. Something's got to give. One size does not fit all: security for sensitive personal data (such as medical records) or classified material is much different than the risk imposed by someone who's doing meeting planning. Yet in many organizations, the lockdown is the same. Likewise, the need for a complete lockdown is much different for someone with risk management experience and the knowledge to mitigate the risk vs an untrained manager. Yet in many organizations, the lockdown is the same.

Tell me: if a $400 million deal is missed or blown up because the security measures prevented someone from completing the work or because the document is mandatory-stored on the network but the network is down for 4-8 hours, who loses their job? I can assure you it's not the IT guy that made stupid policy.

Come down from the tower sometime and see what the users have to put up with on policy. Then tell me that it "doesn't affect productivity".
 
Like I said, I'm glad its not my call, nor my job to enact the stuff (for the most part).

But I hear about it all day, and unlike Scott's examples where its legit, there are few times I agree with the users and their need for "exception."

We had a ticket the other day...lemme find the text to it, and see if you see it as being reasonable....people hate IT because they don't understand why we lock things down:



She has a reasonable request...but why the attitude? Its because people just don't understand. Its frustrating.

BTW, that person is one of the strongest vocalists against us filling a much needed help desk position.

The attitude is because IT is deciding, apparently without input form users, what is appropriate and what is not. It appears as censorship and makes IT the nanny to the employees. It is annoying as heck that when you are trying to do your job that you find barriers being put up by electronic bureaucrats who feel they know what is best for everyone.

+1.

Dealing with IT in our organization is like dealing with TSA.

They have a FU attitude, and are suprised when a frustrated user (who may well be overworked and not have time to deal with policy crap) takes an attitude. I would submit that the IT guy doesn't understand what the user is facing and vice-versa.

It was much easier for me when I controlled the capital to the IT department. They understood my issues VERY quickly.
 
Ran into this today.
Test computers are only allowed to have specified user ids that reside on the local domain.
Test software requires files that exist in SourceSafe in another domain.
SourceSafe is locked down so that it only allows logins from user ids not in testing domain.
We are all so safe.
 
Lawyer's perspective here: no filtering for blatantly inappropriate content (notably, porn, hate sites, etc.), someone is offended thereby, company failed to use readily-available technology (filtering firewall), hostile work environment.

---

In any event, I filter a lot of content - there is never a need for porn, etc., never a need for gaming sites, etc. I am about to choke down shopping, and also streaming audio, because of the bandwidth several streams at once chokes up.
 
As a disinterested outside observer I have found most "IT departments" will by default secure the sytem to the point of uselessness. Generally in the name of self preservation.

User generally fall into these categories.

Those who know but won't tell anybody. These are the productive ones.

Those who know and boast and are bothered to death.

Those who think they know.

Those who don't know but have found someone in category two above to carry them along. This is the majority of users.

Those who don't know or care as long as the music and games work correctly.
 
Lawyer's perspective here: no filtering for blatantly inappropriate content (notably, porn, hate sites, etc.), someone is offended thereby, company failed to use readily-available technology (filtering firewall), hostile work environment.

No objection to filtering blatently inappropriate stuff. Unless, of course, you're in the media or legal business and need to get there.

In any event, I filter a lot of content - there is never a need for porn, etc., never a need for gaming sites, etc. I am about to choke down shopping, and also streaming audio, because of the bandwidth several streams at once chokes up.

Until you represent a Porn King. Or gambler. :D
 
In any event, I filter a lot of content - there is never a need for porn, etc., never a need for gaming sites, etc. I am about to choke down shopping, and also streaming audio, because of the bandwidth several streams at once chokes up.
With all due respect Spike -- in a firm your size -- a simple "don't stream music" or "don't shop on my time" should be adequate. If they're going to waste your time they're going to waste your time. If site A is blocked they'll just use site B, etc.

Personally, I will be the first to admit that I will shop or do something quick while at the office. At the same time--I am working pretty much the entire time I am at home and a good chunk of every weekend. I'll work whatever it takes to get what needs to be done, done..and if I have something in my personal life that needs to be done I'll do that during "business hours" if it makes more sense.

I personally believe in good employees and good management versus increased IT control or forceful filters.

Just one man's opinion.
 
Last edited:
In any event, I filter a lot of content - there is never a need for porn, etc.,
What gets swept up in the filter and is called porn is the problem. As we saw earlier as an IT person Nick decided that the organization Planned Parenthood was porn because his Internet porn filter blocked based on a likely keyword issue instead of a content issue. That is the problem with filters is that they block on a non contextual case.

never a need for gaming sites, etc. I am about to choke down shopping,
That is more a quality of job thing. Being able to quickly shop for something at one's desk stops you from having to leave the office. It can also alleviate some stress when personal and professional goals are colliding. I guess it goes to how one wishes to treat their employees.

and also streaming audio, because of the bandwidth several streams at once chokes up.
That is one that is getting to be a problem.
 
With all do respect Spike -- in a firm your size -- a simple "don't stream music" or "don't shop on my time" should be adequate. If they're going to waste your time they're going to waste your time. If site A is blocked they'll just use site B, etc.

Personally, I will be the first to admit that I will shop or do something quick while at the office. At the same time--I am working pretty much the entire time I am at home and a good chunk of every weekend. I'll work whatever it takes to get what needs to be done, done..and if I have something in my personal life that needs to be done I'll do that during "business hours" if it makes more sense.

I personally believe in good employees and good management versus increased IT control or forceful filters.

Just one man's opinion.

Make that two men's opinion.

In addition to working at home as needed to get business related stuff done, I also occasionally travel for the company over part or all of the weekend. Last week the meeting/tradeshow started on Saturday- so the entire weekend was shot.
 
With all do respect Spike -- in a firm your size -- a simple "don't stream music" or "don't shop on my time" should be adequate. If they're going to waste your time they're going to waste your time. If site A is blocked they'll just use site B, etc.

Personally, I will be the first to admit that I will shop or do something quick while at the office. At the same time--I am working pretty much the entire time I am at home and a good chunk of every weekend. I'll work whatever it takes to get what needs to be done, done..and if I have something in my personal life that needs to be done I'll do that during "business hours" if it makes more sense.

I personally believe in good employees and good management versus increased IT control or forceful filters.

Just one man's opinion.

You would be the kind of CIO I'd want to hire when I once again get into the position to do so.
 
And that's the typical ivory-tower attitude I run into with folks I call "full-of-themselves IT management".

Well I'm sure the best way to combat that is with the ivory-tower attitude of "full-of-themselves users who think they need admin rights, no filtering controls, and no release management or configuration management in order to read and write PDFs and create their Holiest of Holy PowerPoint presentations."

Hmm... Let's see where this one goes, shall we?

Like the one that announced that if she had her way, everyone in the organization who travels should not have a laptop but a blackberry (only). Sorta wastes the money that was spent on laptops.

And I'm sure she just manufactured that idea out of thin air, from the clear blue sky, for no reason whatsoever. Because, you know, that's what the geeks in IT do: They like to prevent technology from being used. And what's more, there's nooooo cost associated with supporting those laptops whatsoever. Not a penny. Nope... All the Superhuman PDF Readers, Excel Chart Makers, and PowerPointers out there, they never waste anything when they're given more resources than they need. Never.

I asked her to explain how I was supposed to read a 25 page contract, mark it up, and send it back from a blackberry. She had no answer.

Oh, my, there are twenty-five page contracts involved? Well, then, why yes, bring them laptops! Laptops for one and all, across the land!

And while they're at it your GPOs should all be removed and you should be given local admin rights too, right away. Probably need patching disabled and the corporate firewall blown open too, so you can get that word processing taken care of. Forget "security." Forget "manageability." Forget "standardization." Forget... um... what's the word... oh, yeah, forget "COST." The Almighty User has WORD DOCUMENTS they must be free to edit (and lose, without backup!) unfettered!

What's beyond dumb is setting up a system that will effectively not allow folks that travel with a laptop to store local files on the laptop (despite being protected by PGP-whole-disk encryption, then another layer of encryption after log-on, and yet a third level of encryption on the email data), nor make any configuration changes - even ones that are necessary to keep the system operating, like the ability to turn on or off WiFi or Bluetooth without it being done remotely by support. How am I supposed to VPN back in to get the file that I can't store on the laptop... since the support folks can only access the laptop to turn on the network card through a VPN?

So you've had the great fortune and unique experience of stumbling upon a specifically dumb corporate policy crafted, implemented, and managed by clearly misguided or incompetent people. Shall I call the engraver now to start work on a congratulatory plaque?

It's dumber than the policy that says that only the top couple of levels are allowed to have aircards (most of those folks don't travel), yet those who ARE heavy travelers can't have 'em. Made a real mess when I was on crunch for a drop-dead deadline for a deal (in the office) and the corporate network went down... leaving me with no access for four hours. Wonder if the so-called protection is worth it when we came within minutes of losing a $400 million deal. Support couldn't care less. Corporate IT "felt good" because they "protected" our data. Well, DUH, the data is protected because EVEN THE EMPLOYEES THAT NEED IT COULDN"T GET TO IT!

Well, since it's a $400 million deal you're working on (just like the last 10 people who called the helpdesk who knew the tech's job better than them), then not only should the policy be "Laptops! Laptops for all the people, and a color laser printer in every cubicle, cost be damned!" Clearly given that -- not to mention the extraordinary technical complexity of the PDFs, Excel, and PowerPoint you work with -- you should also have the best support available. Only MIT grads and the like. And, since you're all so pleasant to work with, they should all be paid at least $75,000 a year to keep them around and happy, too -- and you'll be more than happy to shoulder the cost of that service. Because what you're all really looking for is a partnership in success, right? You want to really work with the IT people to improve your situation, as evidenced by the fact that I'm sure you professionally and responsibly voiced, in the proper channels, the shortcomings in the services as you saw them, instead of just whining and complaining -- and impugning the virtue of an entire professional discipline -- thereby creating an unnecessarily adversarial relationsh... Hmm... Oh.

I've been known to risk violating company policy to get my work done on deadline. Kind of a Hobson's choice.

And again, I'm sure you properly and effectively communicated to management the shortcomings in that policy so that you never had to do it again. Right?

I'm not even going into talking about our software developers that are hampered by the crap.

Oh I see. If their managers aren't getting their developers the resources they need, it's IT's fault. Of course. Makes perfect sense.

Nor am I talking about classified data (BTW, we don't have a classified-capable data connection because of corporate evaluation of "security risks" (but it's good enough for the government), instead we have to have things hand-couriered through airports, etc). Talk about productivity issues.

Again, I'm glad you've decided to take what's a (apparently, based on the hearsay you're providing) single, individual, anecdotal bit of bad tech-work and use that to call into question the validity of an entire professional function. Because that's usually the best way to fix those kinds of inefficiencies. :thumbsup:

Perhaps if the IT people were actually in-the-trenches trying to meet deadlines, things would be different. Risk management is about MANAGING the tradeoff between risk of a security issue against the risk of not getting work done. Something's got to give. One size does not fit all: security for sensitive personal data (such as medical records) or classified material is much different than the risk imposed by someone who's doing meeting planning. Yet in many organizations, the lockdown is the same. Likewise, the need for a complete lockdown is much different for someone with risk management experience and the knowledge to mitigate the risk vs an untrained manager. Yet in many organizations, the lockdown is the same.

Perhaps if business units demonstrated any interest whatsoever in communicating their needs and working with the people who actually have the skills and knowledge to get them the resources they need while "MANAGING" risk at the same time rather than working against them, slashing their budgets and -- oh yeah -- incessantly casting them as brain-dead hurdles to be jumped rather than skilled professionals to be worked with, maybe -- MAYBE -- they'd be more effective at crafting security and administrative policies and systems that make sense and aren't unnecessarily onerous. Just maybe. And yeah, "that's the typical ivory-tower attitude I run into with folks I call 'full-of-themselves IT management'" when approaching every conversation about centralized management and administration is exactly how to get that particular ball rolling.

And to think that we were talking about being productive here. :rolleyes:

Tell me: if a $400 million deal is missed or blown up because the security measures prevented someone from completing the work

If a $400 million deal is "missed or blown up" because "security measures prevented" some Excel Jockey or PowerPoint Whiz "from completing the work", that particular "someone" didn't know what the hell they were doing with the technology resources they were given in the first place -- or they're simply looking for a scapegoat. They probably should've talked to and worked with the people who do know what they hell to do with the technology resources they were given before some mysterious "blow up" happened. :dunno:

or because the document is mandatory-stored on the network but the network is down for 4-8 hours, who loses their job? I can assure you it's not the IT guy that made stupid policy.

Right. Because network outages are caused by "stupid policy", for one thing.

But in a perfect world, it'd be everybody: The IT people who didn't effectively serve their constituents' needs, and the users who didn't effectively convey what their needs were. Because the blame is never on just one side.

But guess who's gonna get their budget cut?

Come down from the tower sometime and see what the users have to put up with on policy. Then tell me that it "doesn't affect productivity".

This is exactly why lots of tech people -- this one included -- get the hell out of supporting users at the first opportunity. Virtually every user is a victim of their own greatness, burdened by "deadlines", slammed with the pressure of the "Four Hundred Million Dollar Deal™" (and boy, lemme tell ya, there sure seem to be a lot of those...), and enraged by the knowledge that they know how to do every job better than the people already doing them. I mean it's such an attractive offer: "Hey buddy, how about you provide me with some IT support! I'm gonna complain when you do protect me from the risks I need to be protected from, blame you when you don't protect me from the threats I told you not to protect me from, blame you for pretty much every problem I have even if it's of my own creation, will refuse to be a constructive partner in crafting policies and solutions that make sense and instead will just incessantly whine, will expect to have everything I want (even if it's well beyond what I need) and pay nothing for it, and will do everything I can to work against your success as a group. In return, I'm going to pay you a pittance, and hold over you the threat of sending your job to a country in which last week the people were getting paid 17 cents a year to manufacture soccer ball parts, make your group the first to take budget and staff cuts, imply that you're a dolt whose job could be done better by me and other people who don't have the first clue what your job really entails, and generally just treat you like ****. And oh by the way, if you dare question my edicts from on high about how I know how to do your job better than you do or if you have the audacity to act for just a moment like the subject matter expert I expect you to be, I'm going to consider you to have the typical ivory-tower attitude I run into with folks I call 'full-of-themselves IT management.' Whattaya say? Sounds pretty great, if you ask me!"

But yeah. It's the IT people who are in "the tower". Riiiiiiiiiight. :rolleyes:
 
Last edited:
With all do respect Spike -- in a firm your size -- a simple "don't stream music" or "don't shop on my time" should be adequate. If they're going to waste your time they're going to waste your time. If site A is blocked they'll just use site B, etc.

Without knowing the exact specifics, ballparking it, I agree.

Personally, I will be the first to admit that I will shop or do something quick while at the office. At the same time--I am working pretty much the entire time I am at home and a good chunk of every weekend. I'll work whatever it takes to get what needs to be done, done..and if I have something in my personal life that needs to be done I'll do that during "business hours" if it makes more sense.

All pretty reasonable, and I think that the vast, vast majority of firms would have no problem with that.

I personally believe in good employees and good management versus increased IT control or forceful filters.

Just one man's opinion.

In general, I agree.

But there's a point on the scale line at which that starts to not work so well anymore... At some point, you have to start setting things up to deal with the lowest common denominator.
 
Exactly: It's all about cost. If "easier for IT" != "cheaper", then no, it's not the best thing to do.

I think this might be because IT departments have been increasingly moved under the CFO and Finance Department within the organization, especially since SarbOx.

Oh, and P.S., our IT department doesn't want us taking the IE8 update either. Some sort of incompatibility issue.
 
What gets swept up in the filter and is called porn is the problem. As we saw earlier as an IT person Nick decided that the organization Planned Parenthood was porn because his Internet porn filter blocked based on a likely keyword issue instead of a content issue. That is the problem with filters is that they block on a non contextual case.

That is more a quality of job thing. Being able to quickly shop for something at one's desk stops you from having to leave the office. It can also alleviate some stress when personal and professional goals are colliding. I guess it goes to how one wishes to treat their employees.

That is one that is getting to be a problem.

It wasn't my call or my decision, nor my policy. Get off it. This isn't another "Should we have a private forum" Scott, there's no need to twist facts.

Let your employees look at porn - afterall, there's no point in blocking them

:rolleyes:
 
I think this might be because IT departments have been increasingly moved under the CFO and Finance Department within the organization, especially since SarbOx.

Which is an interesting arrangement in that finance departments typically have audit resources that IT can really benefit from (edit: especially in a SarbOx world), and putting that function there prevents the kind of largesse that really ****ed a lot of people off (apparently) in the late 90's. But generally, I think if the business side wants flexible, scalable, and evolving IT services, it should operate under its own CIO-type exec. Expecting a CFO to effectively play both roles and the kind of people a CFO will hire under him/her to be able to get the kind of budgetary and strategic support they'd need to provide a competitive service seems a touch unrealistic, IMO.

Oh, and P.S., our IT department doesn't want us taking the IE8 update either. Some sort of incompatibility issue.

Probably a good call... There might not be another single piece of standalone software that in itself presents a bigger potential PITA than a new version of IE.
 
Last edited:
At some point, you have to start setting things up to deal with the lowest common denominator.

This is probably more common in larger organizations. This is something that has bothered me for a long time not just with IT but with everything having to do with rules, laws and policies. Maybe that's what it takes to prevent the really ignorant people from hurting someone but it makes me crazy. I think about all the cities around the country that are passing law against using a cell phone while driving. As a pilot I am capable of prioritizing my responsibilites, 1) fly the airplane 2) navigate 3) communicate. I think of not being able to use a cell phone while driving tantamount to stopping the airplane before talking to ATC or maybe a policeman pulling over to the side of the road during a pursuit when he needs to use the radio. But, the fact of the matter is that there are people driving cars that are unable to walk and chew gun at the same time. If it comes down to putting up with the nuisance of not using my cell phone while driving because a city is trying to protect it's citizens from those who clearly cannot drive safely and use a cell phone, well I can live with that.

IT departments should not be ivory towers, they should not be cut off from the users they support and they should not be the final say in policy making. An IT department is there to support it's customers, who are the users and the company as a whole. Policy should be decided by the entire management team not a single group. Once the policy is established then it is up to the people who administer that policy to do exactly that. If draconian policies are being put in place by the IT group alone then there is something fundamentally wrong with the structure of the company as a whole.

Some large companies, Chrysler being one that I know of, do not allow internet access to their employees. They have e-mail and a company intranet but no internet period. I'm not sure how they handle their laptops but I do know that their mobile users are able to connect to a corporate VPN while offsite.

It should also be noted that IT support people can often times be overwhelmed by what they envision as the complete stupidity of the users they are dealing with. Often times these people just can't understand how someone can be so dumb. The fact is that they are unable to relate to someone who does not have the same level of technical knowledge that they do and they become frustrated. Maybe these personality types should be in a job where they don't deal with people. Maybe IT isn't a good fit for them in spite of their technical ability.

The bottom line is that all policies and procedures should be in place for one thing, to meet the business needs of the company. Anything that interferes with that should be questioned. All too often it's not questioned by the right people if you get my meaning.

Jean
 
Last edited:
Back
Top