Who’s Computer is it, Anyway?! (Part 1)
Okay – here’s the scenario: Corporate environment, computer is provided by the company, all of the initial software on the computer is installed by the company. The user signed an Acceptable Use Policy statement acknowledging their responsibilities with regard to computer use and security. The company’s acceptable use policy says something about “…only approved software…” (more on that in a bit). The end user is the only user of the computer. Employees are allowed to use the Internet (i.e. the web browser), applications, and email for business purposes and for limited personal use.
Having remembered all that (yeah - right!), the employee is out cruising the Internet. They haven’t broken any company policies yet, they come across this site with a really cool toolbar for the browser, and best of all, it is FREE! It blocks pop-ups, gives enhanced search capabilities, even has a news feed reader and chat client. So they install that neat toolbar – free download, couldn't possibly be a problem, who’s gonna know? They may have just crossed over the line with company policy, it’s probably a minor infraction, no big deal.
Now it gets better: One day shortly after installing that cool new toolbar for the web browser, the employee tries to access a web site that they normally need to access to do their job. Certain functionality of that web site depends on scripting and pop-ups (authorized ones), but strangely they don’t work right. Hmmm – they reload the web site, check access to other web sites, and if they’re really savvy, they check pop-up settings and security settings in the native browser. All good, what can be the problem? Frustrated by this time, the angry employee finally calls the company’s help desk and reports the problem. The technician, having seen this problem before, and after checking the normal browser settings that the user just checked themself, asks the five dollar question: “Do you have any other browser toolbars or pop-up blockers installed?” Let’s just assume this employee is at least an honest person and reports the Google or Yahoo toolbar that they just installed. The technician states that the employee will have to uninstall the toolbar for the web site that they are trying to access to work. This infuriates the employee and they state that there must be SOME way to make it work with that toolbar. The technician promptly replies that the toolbar is NOT supported software, and that it is in fact NOT even approved software (remember that acceptable use policy?). “NO! %$#@&* - it, this is MY computer and I will do what I want with it!!!” shouts the now livid end user.
Here’s the bad news, folks: It is NOT the employee’s computer. It is the company’s computer. Those neat little toolbars and all those other cool freebies on the web are great for the computer at home, but have no place on computers at work. And here are the issues: 1) By having to muck about through trying to fix unsupported and unapproved software, we are making our help desk people do extra work that they shouldn’t have to do, and is probably against the service level agreement that the business unit has with the company. 2) By installing these things, we are possibly creating a security risk for our system and our corporate network by inviting in spyware and potential vulnerabilities. 3) We are opening our company up to all kinds of liability issues regarding software licensing (“FREE” does not necessarily mean free for use in a corporate environment), and information assurance (the spyware in that free toolbar may be a blatant violation of security policies).
The reason why there is an approved software list is because some pretty smart people figured out 1) What software licensing would cost for the organization to have certain software, 2) They have a pretty good idea what software works with all the other software on the machine, and 3) They know that there are certain information security “best practices” that need to be followed.
My final rant in today’s post is that the above scenario is all too common in today’s corporate environment. I am sick and tired of hearing about people bitching and whining because their computer is “…always broken,” and that “…these ^&%$#@ computers are no good.” Let me give you my $.02 worth: The reason they are always broken is because of security unaware and clueless computer users constantly installing this kind of crap on their company’s computers, and then ragging on tech support for not fixing it for them. I take exception to some blathering idiot taking out their rage on tech support people who had nothing to do with that user mindlessly horking up their computer. These morons break their computers, some do it every time they touch one – the help desk should make THEM re-image and reconfigure that machine once. That will give these people a good idea what it’s like to have to deal with and clean up after clueless people who break computers because of their own ignorance and gadget lust. Go see my "Know Your Computer" and "Are You a 'Responsible' Computer User?!" articles for more about what users can do to improve their own computing experience.
Disclaimer: I used the term “Help Desk” in this article ONLY because it is the term that most people are still familiar with. The correct term is “Service Desk.” I mention this disclaimer lest the ITIL folks come find me and revoke my ITIL certification :) For more information on ITIL, please go here. You will find a wealth of things in the ITIL world about service desks, service support and delivery, and best of all service level agreements, service security, and service management. Solid ITIL practices are why the service desk people are not your enemy - they are doing their job!
More ITIL Links
Who's Computer is it, Anyway?! (Part 2)
No comments:
Post a Comment