Wednesday, August 20, 2008

System Admins are not stupid hacks (generally) pt.1

For the past few months I have seen a steady stream of "How to work around your IT dept" styled articles. No I admit that some IT departments are not helpful, and are not interested in helping, but sometimes there is a reason for telling you to not do things. On the chopping Block first is a Wall Street Journal article from a while ago, "Ten things your IT Dept won't tell you". I don't want to tear apart all 10, but I feel compelled as every suggestion is inappropriate, dangerous or stupid.


Now the first point that I came up with is that if you have to send extremely large files externally as a part of your day to day job function and you don't have an appropriate methodology in place, there is a significant failing if the design of work flow and should start and your management should address it with IT. Barring that you are more likely doing something not work related, or inappropriate for company time. So begin with asking you supervisor why there isn't resonable accommodation (FTP, WebDav, etc) in place, if they don't give you a satisfactory answer, look further upstream. Most everytime you will find that the reason there isn't a reasonable solution in place is that no one thought to broach the subject with the IT department, or if it has been brought up, the line of business was unwilling to pay to play. IT rarely covers out of its own budget all of the hardware in a company (how could they?) so business lines are responsible to purchase hardware to support their IT initiatives. They don't like that they cannot get IT to cover the cost, so they encourage their employees to be creative. This is really both irresponsible and stupid. The largest files that I have had to work with are always Multimedia (picture and video), and utilizing a third party to transmit those files (in the case of licensed Images and video) transfers liability for any misuse of those files by that third party to your company (as you implicitly authorized them to act as an agent for you). As you are unlikely to have the authority to authorize such relationships, violations like this are grounds for termination should it ever result in a misuse. Even worse you may find yourself personally liable for the misuse, especially if you are found to be violating your companies IT policy for information handling. Accountants sometimes are tasked with sending rather large reports. Since this is normally internally there should be some way of accommodating this with out resorting sending it as an attachment (ever heard of Read-only?) that is best evaluated by working with your IT department.


This one is pretty obvious and really shouldn't have to be addressed, but again this is mostly all about liability. XYZ application has unknown interactions with company systems and leads to future potential for trouble. iTunes and Instant Messanger applications are the most common place that people butt up against this restriction and up until recently I was fairly tolerant of these uses, but given how The Shadow botnet spread quietly through IM systems I am very cautious about this. Couple that with the iTunes updater force installing the Safari Web browser onto users and opening them up to the infamous "not a bug" carpet bombing vulnerability(recently patched) and the two most popular ways to waste time at work are dangerous to the network. On a final note the WSJ article specifically mentioned file sharing applications. I am at a loss for this one, folding at home on company equipment is bad enough, but participating is what is more than likely illegal file sharing is really asking for formal discipline or a pink slip. I may have to come back to this separately as there are really so many things wrong with suggesting that people install whatever applications they want on a work machine. I think the problem may stem from the number of people that have PC's in their home that are given administrator access come to expect that they can do whatever they want on any PC.

I won't waste too much on this one, but really do you come to work for your own needs or to work. Leave the casual browsing to the professionals on your IT staff and get some damn work done in a given day.

I can only assume that this was aimed at the traveling professional, but I am still a little frustrated with the mentality, the work laptop is for the working. If you like looking at the nice naked then maybe you should take along your own laptop to look at them on. Behind male enhancement, the quest for free pornography leads to more spyware/adaware and general maliciousness than almost all other browsing combined. You want to explain the next day at a meeting/presentation why your laptop is owned because you had to look at some neekedness (sadly yes this has, and will continue to happen). Clear your tracks by not going there. An Eee PC is about $400 runs XP or Linux, and is small enough to not be too large to travel with.

No, just No. Indexing documents from work onto other servers (even working on them from home on your own pc) exposes your computers to the possibility to being seized in the eDiscovery process of litigation (lying in the face of litigation can extend the discovery process and possibly get you fired) which is becoming very prominent in the minds of IT departments due to recent rulings(pdf)

No comments:

Post a Comment