The preventer of services

If you asked an IT person what their function was, they would tell you that they are a provider of services, specifically of computing resources within an organization. However, in most businesses, that may not be the case. Scott Adams highlighted this situation when he created the character of ‘Mordac, the Preventer’, Dilbert’s nemesis in IT services. An IT person might argue that point, but let’s examine some cases:

* Digital cameras are useful tools, providing documentation of conditions or results in a visual format.

– However, corporate email accounts often will remove the photo file.

* Webmail accounts allow the access of e-mail from any computer.

– Frequently banned by IT services.

* Microsoft Windows has been developed to allow even the most complex of programs to be installed easily and almost completely automatically–no trivial feat!

– Most company computers do not allow users to install any software.

* USB ports allow the connection of a multitude of accessories to a computer: mice, cameras, printers, projectors and more.

– USB ports are often disabled.

Naturally, you might get a different viewpoint from an IT person. They are attempting to prevent the transmission of malicious software (malware), which can be hidden in photo files. Webmail allows the unrestricted transfer of information in and out of the company’s network, and might allow malware in undetected. Users could install unsuitable programs on their computers, and USB ports could allow the wrong people to have too easy access to corporate data or networks. As you can see, paranoia is a way of life for IT – they have to be constantly vigilant for threats to their networks, aware that they will inevitably be at least one step behind, because new threats are constantly being invented. In addition, they are tasked with looking after hundreds or thousands of users.

So, on one hand, users want access to the wonderful facilities of modern computers–the ability to create, manipulate and share data in ways undreamed of 20 years ago. On the other, IT needs to protect the huge investment in both dollars and time represented by the corporate networks and the data therein.

Unfortunately, ever-more-savvy users are bypassing corporate restrictions–gone are the days of the typical ‘clueless’ users. Now, many people have grown up using computers and may know as much as the IT group, similar to the weekend mechanic who does his own car maintenance. On the IT side, ever greater restrictions are imposed with draconian enforcement, up to and including firing for even minor infractions.

However, an adversarial relationship is not inevitable. Most users are content with a simple computer; they are happier having a computer that they know they cannot ‘screw up’. As usual, the devil is in the details–there is always a certain proportion of people who need greater resources and access than the typical. How can you accommodate both groups and still keep IT happy and secure?

A colleague manages a team that is responsible for 25,000 computers, both desktop and notebook, for a corporation with locations across North America. He estimates that 98% of his users are happy with a computer that they just turn on and use, as you would use a TV. For the other 2%, he requires that they justify greater need–and greater ability. He monitors that 2% more closely and revokes privileges as necessary. He acknowledges that there is risk, but he views it as the cost of giving them the resources they want.

Maybe the solution is to avoid the adversarial relationship of IT imposing restrictions and users circumventing them. Perhaps it is a case of taking responsibility: for IT, to provide access to services and resources that users need to do their work; for users, to use these facilities responsibly and acknowledge the security needs of IT and corporate networks. Although most stereotypes have a basis of truth, we need to keep the Mordac’s at bay; after all he was only a cartoon character.

Freelance writer Dan Davies can be reached at dan.davies@shaw.ca.