IT must rein in "rogue" users of wireless
John Donovan thinks that IT departments have a big problem. It can be solved, but doing so will require a radical change in the way IT people think. Wireless devices and networks of all types—from cell phones to PDAs to $100 hot spots to laptops—are proliferating within organizations at a dizzying pace. The problem is that the nature of these technologies makes it easy for them to be used in ways not authorized by IT management.
This can make the CIO's worst nightmare a reality: The enterprise can be invaded by a hidden army of costly and unsecure technologies with no management or security oversight. “The cumulative spending level within the organization on wireless has gone up dramatically in the recent past, without visibility or the ability for the CIO to manage things that are always a concern: security, cost, productivity gain, and the business case aspect,” said Donovan, president and CEO of inCode Telecom, a wireless technology consultancy.
It's a complex issue, since these technologies—authorized or not—often enable workers to do their jobs better. A related issue is that early adopters drive the technology, and these employees most often are very successful employees—competitive and savvy. Reining them in can rob the organization of momentum and initiative. Even if you try to stop them, they're hard to catch. They can be adept at moving funds around to hide the costs of technology that they go out and buy on their own.
Using the outlaws
The good news is that these folks—whom Donovan refers to as rogues—can be keys to a more successful wireless operation.
Examples of how rogues do things differently aren't hard to find. Perhaps a sales executive doesn’t want to use a company cell phone because too many clients already have the number of his current phone. Perhaps he loves Mac iBooks and hates the Dells issued by the company. If he's a road warrior, he may feel that purchasing high-speed connectivity at hotels is a must. Perhaps he's an amateur techie and decides to set up a private Wi-Fi in the office with the three or four people he works with most often.
Donovan maintains that unauthorized activities are proliferating. Moreover—just as the class clown may be voted the most popular kid in class—folks who pay no attention to policies may set the tone for the enterprise. “It’s very, very hard to rein in early adopters,” he said. “Early adopters went in and infected the whole organization. There is a wildfire being started by the rogues that have the best of intentions.”
The situation is not hopeless. Donovan suggests several steps to controlling runaway wireless IT use without stifling the creativity and initiative that causes it. The most important thing is to identify the users. Indeed, the need to do this goes beyond IT as wireless communications becomes a focus of law enforcement efforts.
“It’s really not possible for employees to throw up their hands and say, 'Employees are going to do what they want and we can’t control their actions,’ because e-mail [and other electronic communications] are the equivalent of DNA evidence in importance in workplace lawsuits and regulatory actions,” said Nancy Flynn, executive director of the ePolicy Institute and author of E-Mail Rules, a guide to electronic communications policy management.
Donovan gave four steps to addressing unauthorized wireless IT:
Find the rogues: Employees may want to use nonapproved equipment and networks but they won’t want to pay for them. This means that they must seek to hide expenses. Donovan said that rogues are generally smart cookies who are good at moving funds around a T&E report. Regardless, a savvy bean counter can find them. “The procurement department has to tighten up the points of leakage,” he said.
Reward, don’t punish: “Establish or build an acceptable solution in which compliance is viewed as not just necessary but as worthwhile,” Donovan said. It’s not a good idea to be punitive for two interrelated reasons: You're dealing with some of the brightest lights in the organization, and the ideas their nonstandard approaches represent may well be positive steps for the organization. Also, these employees are good at what they do and probably bring in a lot of revenue. It’s far from certain that you would win a power struggle with them.
Enfranchise the rogue: Let the rogue know that his or her ideas have merit and that the IT department simply wants to ensure that what he or she is doing is accomplished in a way that complements the basic goals of the organization. For instance, you may tell the rogue that he has good reason for a private Wi-Fi for his immediate circle of contacts—but that these networks are inherently unsecure. Once informed of the dangers of such networks, the rogue is unlikely to object to letting IT implement security.
Codify: Once the details are worked out, codify the new arrangement into company policy. It doesn’t help to have a dozen handshake agreements with a dozen rogue executives.
No messages found
No messages found
To enhance security it is necessary to prevent end runs.
The only way to prevent end runs is to know more about the technology than the first adopters.
That means keeping up, which is hard, but after the firstfew times that problems have occurred, and you sit down and explain the technology and where the error was made, they come and ask for recommendations.
That is your alert signal.
Then the "We are going to "test" some new technology"
approach keeps the risks of "Rogues" compromising security to a much more reasonable level.
(This only works on first adopters, the "Fools" will still still do "foolish things" to compromise security.)
Pull the plug..
A: He is degrading the integrity of my hard built and hard secured network.
B: Due to recent laws past or laws that will be passed soon in the US the IT department has more responsibility to secure networks and due to this responsibility they should have more power over such "rouges" that compromise network integrity.
Bottom Line: Security First! Pull his plug!
Make it a Data Security issue...
In my earlier post, I I may have inadvertently implied that that business users are alone in turning "rogue" (and I agree with the earlier post that labelsthe word "rogue" as perhaps overly dramatic...but since it's the term that started off the article, I thought I would just run with it.) on us. If so; to my counterparts on the business side of the world, my apologies.
Our techs, and fellow managers, are even more likely to want to play with new or emerging technologies on the job, and I am no less guilty of that than anyone else in the IT arena. Let's face it, we like our toys! The only thing working in our favor in this area is that techs are far more likely to understand the risks and downsides to doing so in an uncontrolled environment.
There are no posts from your contacts.
Adding contacts is simple. Just mouse over any member's photo or click any member's name then click the "Follow" button. You can easily manage your contacts within your account contacts page.