Managing Personal Electronics and Software In the Workplace

darien writes "Last night Symantec hosted a round-table discussion on the topic of consumer devices in the workplace. John Brigden, Symantec's senior VP for EMEA, pointed out that regardless of the policies businesses may lay down, individuals will always try to use their favorite gadgets and websites at work. Reminds me of when I worked in IT support: no matter how many times we told users they weren't allowed to install ICQ, or to connect their personal laptops to the corporate network, they insisted on doing it. Frequently they even asked us to help them do it."

Mostly the fault of IT

[Kohath]

When IT doesn't serve the users, the users have to be their own IT. Users are bad at it and it causes problems.

The answer is to stop saying NO when users ask for reasonable (non-harmful) things. Help the users instead of trying to make your own job easier.

Solution: Give them a VM

[scorp1us]

Just give them VMPlayer and a XP/SP3 image that is only like 5 gigs and they can install whatever they want.

Then lock down the the company machine.

If something goes wrong with the VM, just give them a new one. Sorry, but there is no support other than that. If they lose stuff in the VM, then that's not your problem.

It's time to get tough

[jonnyj]

We're already there in the UK Financial Services industry. Earlier this year, the FSA (our financial regulator) issued a report on best practice [fsa.gov.uk] that, amongst other things, recommends that

• organisations should work on the assumption that staff do not know what the firm's policies and procedfures are
• staff handling customer data should not be allowed to have mobile phones or personal belongings at their desks
• staff should not have access to external email or the internet unless there is a genuine business need
• all USB ports should be disabled so that only approved, encrypted devices will work

If you're in the industry and doing less, expect regulatory sanctions if anything goes wrong. It's time to get tough on slack security.

Re:It's like Prohibition - Unenforcable

[jimicus]

The same kind of thing applies in a corporation. You don't want to lower morale, and you especially don't want employees to lose respect for your policies. That certainly poses more risk to the success of an organization than connecting your iPhone to the wifi network.

Maybe a better solution would be investing in IT infrastructure.

It's a bit awkward in IT. Hey, it's always a bit awkward.

You let everyone install anything they like and do whatever they want -> Congratulations, you've just been picked for BSA Raid of the Month! (In some countries, directors are criminally liable so you have to take it seriously) With extra interest from the PRS if MP3 files are found!

You let nobody install anything -> well, the implications depend entirely on the role of the end user. If the PC is being used by someone in a call centre, this is probably appropriate and call centre staff are relatively easy to replace. If it's in software development, you wind up spending the rest of your life installing software on people's behalf and being hated by everyone.

These things are blocked because the world's Windows support forums are absolutely chock-full of individuals who have got their home PC absolutely chock-full of rubbish like drivers for that cheap scanner which never really worked, 15 different and equally lousy photo editing programs after they found out how much photoshop costs, goodness-knows-what malware installed from a pirated copy of photoshop and whatever else besides. It is simply not practical to deal with these issues on every PC.

I am the IT manager. I'm very lucky in that I'm not having to support a vast number of people who, given the opportunity, would wind up with PCs as screwed up as what I described above - I can therefore operate much of this on a trust system- "I won't go searching for dodgy stuff, please don't leave it in plain view". However, the company I'm working for is growing at a rate of knots and I'm sure this will change in time.

Re:Fire them!

[2names]

If your IT staff members are a bunch of jackholes, then they need to be replaced. I am an IT manager (worked my way up through the IT ranks) and I simply do not tolerate my staff acting the way you describe in your post. The people we support are the reason we are here and they need to be treated with dignity. I also do not tolerate people we support berating my staff. There is absolutley no reason that IT workers and the people they support need to be at odds. One cause of this that I have personally witnessed is, for example, many IT workers can not understand why the marketing guy needs to have ICQ. Well, you know what? That is between the marketing guy and his boss. If the software has been approved by a user's manager, then install the software and support it as best you can. We have processed requests from managers asking that their reports have access to gaming sites over lunch. The boss wants you to be able to play games? No problem. Here's your access. If you have any problems, let me know and I will try to fix it.

There doesn't need to be this rift between IT staff and the people they support, the two groups need to work together. At least, that's what my group does.

Embrace, don't extinguish

[darkpixel2k]

no matter how many times we told users they weren't allowed to install ICQ, or to connect their personal laptops to the corporate network, they insisted on doing it.

We're not assholes about IT like you are apparently. We tell them "sure, bring in your personal laptops". The switches run 802.1x. If your computer hasn't been issued a certificate, you get an internet-only connection which blocks outbound SMTP, and monitors your traffic with SNORT. If it appears you have a virus or are passing bad traffic, you get blocked.

Re:Fire them!

[calmofthestorm]

The nice thing about IT people is that there are plenty of good ones, and you can afford to hire them and fire the idiots.

The joys of having linux administered for me by someone else:-)