Art Wittmann over at Network Computing (a publication by CMP) wrote an article this week on “The fall of The IT Control Freak”. It basically goes on to mention the general trend that in most setups, the control of the IT team is slowly slipping. The reason is simple; the advance of technology. In his article he cites the early 80s with desktop computers costing $6,000 each. That’s a huge chunk of money for one person’s desktop. Compared to now, I have 2 laptops on my desk, 2 flat panel screens, and 2 desktops, combined is probably less than that one desktop back then.
He also goes on to mention software security policies, and says that at NWC they have relaxed the policies to allow people to install what they want, but track, monitor, and secure what is required… The Data.
I agree with his comment on that being heresy, however I’ve come to realize over the last few years, it’s quite simply impossible to impose any decent policies on users and maintain a usable environment.
Take for example the sales person that decided they wanted to run the preview version of Office 2007. Okay, not the brightest of ideas, but my reaction was to consider the removal of access for everybody (except development, and helpdesk) to install software. Then I realized it’d have boiled down to me granting access back later when “Joe” in “SomeState” wants to download their IPod tunes so they can listen while on the road.
Of course, this kind of relaxed security has a bad side affect. Users’ have a tendancy to cause more issues with their devices. Be it software they wanted to trial (Office 2007 Preview, or IE7 beta 1), or the latest spyware/adware. We even have somebody that thought installing a tool that converted the standing emoticons to fancy graphics was a great idea, not reading the full detail on why it was free to do so, the ads.
I’m also a culprit of this, as is my college. I have a couple of games, image editing software, and a couple of other apps not related to work. Why? Because it gives me stuff to do other than work if I need to. I have had days where I can work all day without a break, but at the end of the day, I’m shot, done for, had it… Or there are days where my productivity is a little higher, and I take a break every now and again and read a forum or two, listen to a podcast, or do some SquirrelMail programming as a diversion.
So what can we do about it? Secure what we need to. As Art says:
Emphasise security, backup and data tracking and little else. [..] It’s the data you care about, not the apps.
We’ve just been approved a new firewall, a shiny PIX 515E will be zooming its way to us shortly. I’m working on securing access to the development, QA, testing, and production environments with more than simply IP segmentations and basic firewall rules between them. We’ll be upgrading our Symantec Corporate edition this week to the latest release (with security updates), and we have a WSUS server deployed on the network taking care of updates for us.
While I do often find myself grumbling at what the users’ do, I could easily take it away, but end up having to suffer the consequences later.
IT Governs Best When IT Governs Less