Leadership

The "Can't Do" IT shop

Patrick Gray discusses why IT has to let go of the attitude of "it just can't be done."

There was an interesting response to my last column suggesting that one of the CIO's biggest challenges in the coming years will be supporting employees who want to "bring their own technology" into the workplace. If you work in a company with remotely trend-sensitive or tech-savvy leaders you most likely have already seen this phenomenon firsthand, with the CEO or CFO poking his head into the CIO's office, holding the iPhone in his hand, and demanding "make this work with our e-mail!"

Most of the comments pointed out that there are legitimate security and management concerns for employee-selected technology, but when your competitors and customers are using these devices, the benefits rapidly begin to outweigh IT-centric drawbacks. Despite this, the preponderance of comments to the last article concluded that this "just can't be done." If you have been dealing with corporate IT for a couple of decades, the arguments might have sounded vaguely familiar; these were the same cries and doomsday predictions that rallied against giving the unwashed corporate masses Internet access, e-mail, and even the now-ubiquitous personal computer. When a legitimate business case was presented for each, that chorus of "can't do" reached a fever pitch, often until IT was bullied into joining the party, or merely ignored and bypassed.

Even for less dramatic changes, in far too many IT shops, "can't do" becomes a knee-jerk reaction. From the junior programmer fighting a minor change request, to the IT executive providing pages of reasons why something can't be done rather than exploring the request in any detail, "can't do" at its worst becomes an institutional policy and the sound one hears right before IT ceases to expend the mental energy to look for solutions, options, or alternatives.

I am certainly not suggesting IT should be a cadre of order takers, ready to unquestioningly leap toward anyone's merest whim. What I'm saying is that in too many IT organizations, the pendulum has swung too far in the direction of "can't do." All the well-intentioned management-speak about business alignment, focused execution, and strategic partnering immediately goes out the window when your standard operating procedure is "can't do." How can I be "aligned" with you when I immediately match any request with a reflexive "can't do"?

Expunging "can't do" from your IT organization's vocabulary will not only polish up a potentially tarnished image but also allow you to better grasp business or strategic trends affecting the organization and capture rough ideas and suggestions that can later be refined into a gem of an idea. If nothing else, allowing legitimate requests to be aired and responding in a thoughtful and transparent manner make the requestor feel far better about their interaction with IT, even if in the end the request is denied.

In many areas, the old standbys of security and cost no longer outweigh potential business benefits, and when IT comes aboard as a partner in figuring out how to best deploy these technologies it will likely result in far less heartache than being forced along, kicking and screaming, to comply with a corporate fiat.

Patrick Gray is the founder and president of Prevoyance Group and the author of Breakthrough IT: Supercharging Organizational Value through Technology. Prevoyance Group provides strategy consulting services to Fortune 500 and 1000 companies. Patrick can be reached at patrick.gray@prevoyancegroup.com, and you can follow his blog at www.itbswatch.com.

About

Patrick Gray works for a global Fortune 500 consulting and IT services company and is the author of Breakthrough IT: Supercharging Organizational Value through Technology as well as the companion e-book The Breakthrough CIO's Companion. He has spent ...

53 comments
jobej
jobej

Sorry so late to the discussion; just saw post. 1. IT "professionals" & "experts" are not (at least SHOULD NOT be) paid bobble-head dolls -- we are expected & depended upon to explore the length, depth, & breadth of any or all worst-case scenarios we can concoct in our own quite fertile imaginations or of which we can locate anecdotal evidence of occurrence 2. We are expected & depended upon to weigh consequences of what can go suddenly, horribly, catastrophically WRONG with the possible benefits to the organization, business, agency 3. We are expected & depended upon to deliver concise, understandable reports of our analysis, assessment, results, & recommendation to management for consideration 4. Regardless of the direction of management's decision, we are expected & depended upon to "make it so" Just 'cause it's new & shiny, has fun noises, & incurs a collective "I want it!" from the crowd who firmly believes s/he who has the most toys 'wins' doesn't necessarily mean "it" is worth the cost in hardware, software, or time to incorporate "it" into the business. One of the things I've noticed is the majority of the "I want it!" folks are usually the loudest boo-hooers & whiners when they don't get their collective way in something, which is where a sizeable proportion of the myth of the "Can't Do" IT shop originates. IT CAN do it & DOES do it every single day! What we try NOT to specialize in is mindless slavery to fads, recommending the business spend money just to satisfy the irresponsible acquisitiveness of the "I want it!" children to own every new electronic plaything on the planet, & careless disregard of network & data security. Sorry if that irks you, Mr. Gray, but we're actually earning our wages.

The 'G-Man.'
The 'G-Man.'

Just sign this legal disclaimer telling you that 'you are on your own' should you lose the device and data fall in to the wrong hands.

dcollins
dcollins

A word of caution about jumping on the latest gadget bandwagons. Once you set this up, your staff will be forced to support it - are you prepared to support every variety of gadget out there? This can become a huge time sink for a staff that, if like most, is already stretched thin. Another cause for concern is that if you don't know anything about this device, and attach it to your network, do you really know how secure you are?

Pete6677
Pete6677

So develop a support policy. Either you support personal equipment or you don't. If you do agree to support it, make sure you have the appropriate resources with which to do it. If some sales droid comes to you 5 minutes before his big presentation one he's discovered his iPhone can't connect to the conference room projector, that's his problem and not yours, but only if you have established and followed the correct policies from the beginning.

Deadly Ernest
Deadly Ernest

in this thread. I, corporate IT support leader, am approached by senior sales staff and asked if if I can install his special presentation on his brand new iPad, because he loves Mac stuff and wants to use this things that's lighter than the corporately supplied notebook. I look at it, and say, " Sorry, I can't do that as we don't support Mac hardware, company policy to save money..." And I stop speaking because as soon as he heard 'I can't do that,' he's turned around and stormed off to tell his next level of management how stupid we area as we don't know how to do such a simple task for him. You'd be surprised how few people read corporate policies that they do not have to use on a daily basis, even ones where they have to sign for reading them. And then, how fewer still will remember the content an hour after having read them. A few examples that have happened in real life. Corporate policy in a Fortune 500 company says, "No member of staff, except the IT staff, will attach any device to the company computers or company network." New staff are given a copy of this policy and sign a sheet as having read it once they have read it, part of the sign on policy. Company senior vice president, hired for special skills, salary (with extras) is seven figures. Four months after starting wants to change his office around and is told by IT that a tech will be able to get it rewired for him in fourteen days - they need to run some new lines in walls to do it for him. The company HQ is an older building and on the exec level they can only work in the walls at certain times, thus, the delay. When the tech gets the wires fed through and organises to enter the office so he can install the Ethernet jacks, he finds the office has already been rearranged, he can't get at the correct spot on the wall until a couple of others arrive to help him move some of the furniture, and then they find the exec has installed a wireless point in his office and computer. He couldn't wait, so he just bought a point and card from Best Buy and had a nephew put them in for him. A check of the connection showed it was not secured in any way, and they had no recourse but to sack him for cause - that or lose a major contract for breaching the security requirements of the network the client's data was stored on. Another major company with a lot of travelling senior staff has a policy that states: "Company notebooks are to be used only for company work and no additional software is to be installed, under any circumstances." Further in, the same IT use policy states: "Whenever a member of staff is travelling, and they are in the same city as a company office, they will take time to visit the office and copy all data onto the corporate network for storage. Every time travelling staff return to their home office, they will immediately back up all data to the corporate network. While working in a corporate office, all data will be saved to the corporate network." Senior exec who spend a third of his time out seeing clients has a problem with his laptop, he's been back in the office for two weeks, this they know from the logs. Corporate policy is that notebooks for repair have the hard drive checked by a test tool, and are re-imaged, unless they go faulty on the road. In such a case the hard drive is removed, a new one installed, and the old drive is later examined for data and checked against the stored corporate data. Guy's been back more than long enough to download the data, so a standard re-image on the OK hard drive. Major scream, he's lost six months worth of data he hasn't copied to the corporate system, and also lost four special games programs he paid pay - he played them of an evening while on the road, and a few hundred songs he'd paid for. His complaint about the IT people NOT saving all his precious data resulted in his dismissal for breach of corporate policy. These types of incidents are not isolated, especially the last. And they occur simply because people just will NOT read, take in, and obey company policy. Then, when you say you can't do something due to company policy, they always see it as you being technically inept or just not wanting to do the work. And that, my friend, is why we have problems with the IT 'I can't do that' statement.

Deadly Ernest
Deadly Ernest

the users that's permitted within the company policies, agreed to and set by the very senior management, and doing something outside those policies or the laws applicable to the company. I know of one company that thought the lack of responsiveness of the corporate IT unit was not enough, so they took the advice of the accountant and outsourced all IT activity. Twelve months later, they sacked the accountant and started to rehire IT people, it took them five years to rebuild a strong IT team. They had no trouble outsourcing the day to day IT work, but when they needed to put together a bid for a new government contract that would be worth many millions over five years, they did NOT meet the government's requirements for security. One term was that ALL personnel who may come into contact with the documentation and material for the bid and contract had to be pre-cleared to National Security Secret level. All the company staff were already cleared to that, part of their normal recruitment process for other contracts. However, the company looking after their IT had no one so cleared, and since they had access to the server farm, the company wasn't allowed to bid as they didn't meet the security requirements. Another point against doing everything that corporate clients want have been raised, such as the money and expertise to PROPERLY look after and maintain the new gear. I've worked in an area where a sub-unit put up a strong case for some special IT gear. In the end it was given, on the understanding they would provide all the required support and maintenance themselves, as they refused to hand over part of their budget for the IT people to look after it. They signed the undertaking, and all went well for a year, then the only person they had that knew how to look after the gear (they couldn't afford to send more than one off on the support training course) left to work elsewhere. A few months later, none of the special gear was working as no one was doing the routine maintenance it required. They came bleating to have the IT area look after it, and got very upset when the agreement was waved in their faces. Last I heard, that gear was still not working properly due to poor maintenance as now funding was ever forthcoming to provide for it. One of the nastiest things I've ever done, was before I became a dedicated IT person and was still an accounting / management person. I re-aligned the chart of accounts so that when any corporate sub-unit did some work for another sub-unit, the cost of that work was listed as an operational charge for that sub-unit. After the first full year of operation, the expenditure analysis showed that 95% of the IT budget was expended in costs associated with the direct support of other sub-units, most of them being other HQ units and not direct client contact units. Unless you can show all the associated costs in such a manner, and they support and outsourcing option, outsourcing ANY unit will cost you a lot more in the end as you NEVER really know who does what for who in such a situation without such a full analysis.

Pete6677
Pete6677

This is the kind of non-responsive IT department that will inevitably be outsourced. When you can't get it done for your users, they will look to someone else. IT must be more than just a cost center or else it will be treated like a cost center (minimized).

Byron 67
Byron 67

I read a study on IT Dept Burn Out in the early 90's that made a point I have carried with me (sorry I can't support the report with a link), but the point of the study was: IT staff generally burn out for one of two reasons. Reason 1, because they say "Yes" and end up supporting everything -- or, most everything (read company resources and now increasingly personal IT resources of staff). It is exhausting. Reason 2, because they say "No" to "stave off the onslaught" and end up angering everyone and building antagonistic relationships with their colleagues. The "obvious answer" of "well, strike a balance" does not work really well when there are more of them than us and personal equipment has become SO popular. We're damned if we do and damned if we don't. Sorry, not an optimistic post.

efehling57
efehling57

You should never say "it can't be done" without first offering to look over the request and make sure it doesn't present any policy conflicts. "It can't be done" can soon become "sorry, but your employment here is terminated."

entnow
entnow

I have worked in it environments that have a bring your tech to work approach.Its a goddamn nightmare

gcrain
gcrain

I find this article rather disingenuous. If IT has become reticent to accede to requests to expand their responsibilities it's because they have realized that when budget time comes around nobody wants to pay for it.

Ken Cameron
Ken Cameron

IMHO, it is NOT "can't do", it is "won't do" or "shouldn't do". The real problem is IT's lack of ability to say no in a way that non-IT people understand. If you show the CEO a draft of the legal document he/she would have to sign before he/she could use their personal device for business, this problem would disappear in a nanosecond. Interestingly, this personal device freight train is most likely going to pull out of a number of stations before the lawyers get those documents in place, and we will all read about it in the WSJ, and in various possible scenarios: CEO caught having an affair when his iPhone was confiscated for eDiscovery. -or- Highly confidential and secret merger talks disclosed by thief who stole CEO's iPhone. A few people brought up cost. IT groups have now been living in then world of "more with less" for years, but 2008-2009 were back-breakers, and I doubt if support of personal devices will be probable cause for hiring new support staff. At a time when companies should be narrowing the choice of user devices, allowing personal devices would be a joke.

Englebert
Englebert

Even though it may not be feasible or possible, just listen to what they're saying. Every suggestion is an idea and although not possible now, may be possible in the future. If it cannot be done now, just give them the reasons logically and in language they'll understand. Never be an instant head-shaker. Say ' Ill look into it and get back to you ' . Then discuss it with your Sr. Analysts and present a suitable response. Ideas and logic over negativity and emotion.

GSG
GSG

I have to ensure that we adhere to HIPAA and HITECH regulations, which means that we have to have complete control over the hardware that accesses our systems, the people who access our systems, and the information they look at. I have to be able to produce an audit that says this user was in this system, and looked at these things, and printed to this printer. If we allow people to randomly bring in their own devices, we lose all control over our information and we'll be getting some seriously huge fines when someone loses their device and patient information gets out. In addition, we could lose FDA approval on some of our systems. Our systems meet FDA approval if they run on specified hardware. If we run it on a different hardware, even just one user, and it's a clinical system, we lose FDA approval. Then if a patient has an adverse event, and it's found that we didn't use the approved hardware, then we're in trouble.

TGGIII
TGGIII

Sure "it" can be done - opportunity cost for the time and money to make "it" happen are the issue. What wil yeid the greatest benefit to the customers, invesotrs and employees. THis is a simultaneous equiation - lose at one, you losse at all eventally. Yes is the answer but are we asking the right question.

andrejs.berzins
andrejs.berzins

Barring legal or contractual barriers, the spectrum of what's available and what is truly beneficial diverge greatly. Not every gizmo has real benefit for a broad audience, often punishing or criminalizing certain behaviour is not beneficial or possible. On the other hand, when 2nd tier managers flaunt new gizmos that are outside the menu and the CIO looks the other way... its over. If you have a good robust service catalog, make such devices are both expensive and limited in scope/timeliness/quality (make sure you catch that cost center) but everything is possible when someone is willing to pay. Subcontract the service out and make sure you recover 100%. If the CEO approves, obviously you have good cards for the next budget round when you come with something with real value.

Oldmanmike
Oldmanmike

Is it just me, or are you noticing a lot of recent articles proposing ill-advised policies or activities? Is TR trolling for comments? Let's see....... Recent articles asked if we should just let people bring in their own laptops, if it's time to eliminate the password, and now, we in IT should not say no. At least this article wasn't a video podcast without transcript, but it's really lacking substance. Assuming that there are organizations out there just saying no without backup, how does the author propose to fix the problem? Could the author discuss how to create a collaborative environment? A place where the users can identify needs, and the IT department can come up with a solution? Not a situation where users come up with solutions instead of letting the experts find solutions that don't create more problems.

phillibe
phillibe

Collaboration begins on either side of the table. The user is not the expert, they just know they want their device to work in a given scenario. The point of the article above is that too many IT departments are quick to say no rather than initiate that collaborative discussion. The phrase, "You don't know what you don't know" comes to mind because users typically do not understand why IT would say no. Its at that point that someone needs to step in and start the discussion of, "How can we move forward?" The history exists in many of these companies that when IT says no, there is no further discussion.

zd
zd like.author.displayName 1 Like

I worked at an organisation that has three types of users. Let's call them: 1. Regular Users 2. Elite Users 3. Associate Users With regular users, they perform organisational duties and can be forced to use institutional tools. Should they bring their playstation on the institution network? Nope. For this type of user: "Can't do". For Elite users, they bring in big money and prestige. They want to bring their latest toys, we needed to have a can-do attitude. For Associate users, they supply their own devices and even *live* at the institution. For these users, you need to provide what they want and deal with the issues some other ways. They want to plug in a Playstation? Can do. If you haven't figured out the type of organisation I'm talking about, it's not made up - it's real. And some of these are BIG. The point is that there isn't a one size fits all. The author's opinion in a military contractor environment would be a disaster if a poorly informed senior manager "fell on his sword" to implement what he is suggesting. But, the point that is being missed here is that it's easy for IT to say no. IT has become as predictable as government in having "no" at the tip of our tongues. Personally, there's always a "yes" ... at a cost. That cost can be financial or operational.

zentross
zentross

Each organization/institution carries several characteristics that needs to be evaluated carefully in order to strike a balance within its environment. Such characteristics may include: Industry Laws or contract restrictions Budget Organizational goals Technical level of the user base involved Once the factors are identified, fact finding is completed, and heads have collided; policies can be drafted and communication to the affected users can take place to announce the new policy(ies) as well as explain the need and how they benefit from them. An important note is that the communication must be in both directions and appropriate representation of the user base should be included in the feasibility analysis in order to build and strengthen relations between IT and users.

LocoLobo
LocoLobo

If I say "Can't Do!", you as the President will fire me and hire the CFO's kid who is a real whiz and "Can Do". Maybe. You're seeing this from the desk of the "pointy haired manager" of a consulting firm. For me it's not so much Can Do, Can't Do but Will Try. But I have another job to do. PC tech, Network Admin, Exchange Admin, DBA, & IT Security. There are no funds for training, new software, hardware etc. So be patient on my Will Try. If I don't get back to you... well, you figure it out.

Kris.J
Kris.J

Here's the mission statement I've adopted in our department, and drill into all IT employees: The IT Department exists to empower the end-user. Our mission is to empower end-users with technology resources that help them do their job, while keeping the security, efficiency, and core principles of the organization as a whole in mind.

altug.gur
altug.gur

So basically it can be concluded as follows: "If there's a conflict between the security, efficiency, core principles of the organization and end-user's interests, the latter can be ignored", which is true as far as I'm concerned. If there's a large demand from business side, it can be put down on the table and made into a project (with resources, timeline and budget) rather than a chop shop job just because "everyone wants it". IT should be commended on being planned and thorough in such cases rather than pointing the finger at them and getting the flame for being negative.

Deadly Ernest
Deadly Ernest

usually are. However, practical realities come into play that can make a mission statement like that look like rubbish - try that in a high security organisation where you have four different sets of legislation that impose severe security restrictions on how your network operates and can be accessed. In one organisation I worked in, to ensure we met the security requirements, it was easier and cheaper for us to spend an extra A$120,000 to duplicate most of the network, and 80% of staff had two computers beside their desks. One to do their main work on a secured network, and the other for their other stuff and doing emails. We used to have only one and no one had access to the internet or emails outside the organisation. A directive from on high was to give everyone general email and internet access, so this was the only way we could do that and meet legal requirements. The staff screaming for the internet access were suddenly screaming about loss of office space, but they got their internet access. You must always balance ALL the factors.

fgranier
fgranier

Patrick, you are persistent in your ideas, but short on how to solve the issues. Even worst, you try to minimize the problems. Have you already solved them and do not want to share? Being short on how to solve the issues, is why IT can't do, not because IT enjoys upseting their clients and benefactors. Please enlight us.

scripter
scripter

I would love to see an article on how to accommodate the CEO who demands admin rights on his laptop or the VIP who turns his laptop over to his 8-year-olds at home and complains about slowness after they've infected it. Every time I consider this I hit another brick wall. Can we give them a personal virtual machine on the laptop for all of their personal stuff? What are the legal ramifications if they copy their (not legally acquired) mp3 collection? Can we use software like beyondTrust to effectively give admin rights to the apps that require it? What if they want to install something not on the list? One thing I'm toying with is creating a one-time userid with admin rights whenever the user calls from the road with a request to install software, but having that userid expire within one day. But even that has issues: What if the user can't VPN at the moment? What if s/he leverages admin rights to wreak havoc on the machine? There are services out there for over-the-air smartphone management that I *think* have largely solved a lot of these issues (Zenprise, Tangoe, MobileIron) but I'm not aware of a similar "over-the-air" management platform for laptops, especially since most of them are usually offline. It would be great topic for a future column or columns.

LocoLobo
LocoLobo

I too would like to see some practical articles on how to integrate personal smart phones, laptops, etc. into the network without compomising security. I'm not necesarily against doing it. But just telling us, "Do it!" doesn't help me at all.

altug.gur
altug.gur

provided that planned resources, training, expertise and budget are given. Most of the "can't do" approach stems from expecting IT to do everything without providing the things above. Give them what they need and suddenly you'll see a smiling, more positive IT. As the old adage goes "something for nothing is a big utopia"

dallas_dc
dallas_dc

I can do that for you, but it will cost you $$$$, or I can delay this other project, while we add your request to the top of the list. My recommendation is to be very customer service oriented. Let them know what things cannot be done due compliance and security reasons. The other things there is not a policy against, just provide them with the details necessary to make an informed decision. Then they can go, "Oh, I don't need it THAT much."

Stephen Mason
Stephen Mason

It looks like the comments/replies in the earlier blog have bee ignored or passed over. People outside 'IT' struggle to understand/explain what 'IT' actually is, and therfore can't assimilate the problems connected with it. The notion that anything can be done if requested rather should it be done is so silly the writer should be given a verbal warning or better still fired! The guy is quite dangerous!The last few years in the UK has seen too many instances of this sillyness with sensitive data being 'lost' or 'found'. People like the blogger should go back to what they do, and not tread on our patch. I suppose we could start a new business explaining to Corperate Bosses that it's dangerous to NOT listen to IT specialists?

Sensor Guy
Sensor Guy

It's called IT business consulting. Most expensive translators going from IT to business terms and back to IT in the world....

BigIve
BigIve

Firstly lets get the main point out of the way - yes many time IT can be very negative to end users. There are many reasons for this; some of which are borne out of experience and some out of prejudice. The annoying thing about articles like this is that they hash up impractical ideals which have little or no basis in modern corporate life. The rest of us have to deliver daily to corporate co-workers who are focussed on making and selling products and services. The corporate world has to follow rules - including legal compliance, industrial standard compliance, safety compliance whilst managing environmental and mroal concerns as well as protecting intellectual propery. Users with their own equipment are dumb, lazy criminals. Ok I am overstating for effect but, left their own devices (pun intended), users will run amok. IT also has to have a calming effect - we need to temper the users desire for sexy tech with practicalities of running a business. For example "Technology leaders" get tumescent about using iPhones for email when better results can be achieved using Blackberry or other smartphone - often for less money and effort. Also - and this is a big mental leap for many IT guys - most users don't care about technology. They want to do their job. New tech just makes their life more difficult. We take a hit in productivity every time we introduce a new tech. Production rates go down every time the manufacturing software gets an upgrade. IT does have a responsibility to work as part of the business to bring in appropriate technology in a timely manner to a budget. I know this is a bit of flame, but it annoys me when a journalist (or consultant) who works in a rarefied environment gushes about some "new" concept which has little or no basis in reality. I'm off to explain to a PhD why he can't store his mp3 collection on the server. ;-)

andrejs.berzins
andrejs.berzins

Citing you... Also - and this is a big mental leap for many IT guys - most users don't care about technology. They want to do their job. In my experience, most of the people who bring in their own stuff and regularly come with the suggestions that push the envelope aren't just trying to do their job - they are expressing their individualism and bringing a bit of how they work at home or how they worked for their previous employer with them. Its not about doing "more" or "better" its about doing it the way they want to do it.

lars.aarby
lars.aarby

I use to call this "the gun to the head" principle because there not much you can do when you get the reply "can't do". I always ask (my)people not to reply in such a way but rather tell what they can do: Sure, It might not be all that was requested and at the desired time but at least the dialoge is open and we're trying to fullfill the request. The point is that the customer feels that they now get a choice and they all react posetive!

vickaprili
vickaprili

Many computer shops cry "can't do it" and rely on the format and reinstall the O/S option extensively. Very little concern is paid to saving customer data. "its your data" being another cry of the industry. Too inwardly focused for my liking.

seanferd
seanferd

because you are pretty much off-topic here. But try this on for size: How much do you want to pay, and how long do you want to wait, to have your data saved under whatever circumstance you brought the machine in? Why isn't you data that you need so badly backed up? The most common cause for a complete wipe, reformat, and re-install is a malware infection. And that is the only way to be sure it is gone, and that the problems caused are fixed. And do you want these people rifling through your data, looking for anything that you might want saved? if it is a drive failure, are you prepared to drop $8-20 K to recover the data? But since this article isn't about computer repair shops, but policy or attitude of corporate IT departments regarding the allowance of personal devices into a corporate network...

vickaprili
vickaprili

There is an infestation of unqualified, IT personnel that has helped to destroy an industry and undervalue its services by using these techniques. Also there is a difference between wiping everything which anyone can do and dealing with symptoms and taking corrective action. Enough cowboys in the industry. As for allowing personal devices in a corporate network, this is dependent on how security conscience the organization is.

altug.gur
altug.gur

This again comes to resources given to IT. If IT is understaffed, undertrained and underpaid this is a typical scenario - one just delivers absolute minimum of what one can in the minimum time with the minimal effort. As for the data, yes, you're not supposed to put personal data on corporate machines. Corporate data is what matters (and backed up), NOT what you think is important to you. Try teaming up with IT and talk to your management for increasing IT's budget (to a point that makes sense, not for the show) and watch the service levels go up.

Deadly Ernest
Deadly Ernest

legal advisers and review all contracts and laws before you even look at allowing significant changes to IT policies that restrict what is and isn't allowed. Some years back I got paid some significant money to make a five minute presentation to a company board and the company senior management, after doing two days research about the company's operations. I got called in as a consultant by one of the division heads who knew me personally. They had a major issue that was splitting the senior managers and it was IT related - it was all about the use of portable computers by senior staff and what could be on them. Existing IT policy was extremely tight about not adding any software, not internet access, no wireless access, etc. My simple presentation consisted of explaining that what the new General Manager and a few of the senior staff wanted was technically feasible and did not breach any of the laws related to the industry, one of the points being pushed by the IT section being compliance with industry and privacy security laws. I ended it by simply stating the only reason they would NOT wish to do what they wanted was it was in direct violation of the section on security with one of the their major government contracts and they would loose over forty million dollars revenue per year the moment the agency found out about the change in policy. Suddenly the wanted change wasn't such a good idea. It's these sort of issues that the IT area is more likely to be aware of than senior managers not directly involved with that account. Too often I've seen major screw ups occur because senior managers will NOT listen closely to the people working on the coal face because they are not getting and immediate 'Yes, sir, three bags full, sir' answer in response to their wants. And often, it's the companies run by these managers that have difficulties a few years later, due to lost clients and revenue because of such attitudes.

NotSoChiGuy
NotSoChiGuy

If the loss of productivity & knowledge capital along with increased security risks are only viewed as "IT-centric drawbacks", I'd argue that the firm is in a lot more trouble than trying to integrate iPhones into the mail environment. As Palmetto has pointed out, many of the arguments, while not put as delicately as someone in a leather chair may want to hear, are based on precedence. However, I will agree that IT should at least consider a (reasonable) request or recommendation before outright rejecting it; providing workable solutions whenever possible.

CharlieSpencer
CharlieSpencer

It's not 'can't do', it's 'shouldn't do'. We can do it, but it's part of our job to state why we think it isn't a good idea. As to the lost fights against Internet access and e-mail, time has shown many fears have been realized. The problems with wasted time, strained resources, and various malware have all come true, and for the same reason many of us oppose personal hardware on company network: businesses want the benefits of these technologies but don't perform the user training necessary to minimize the liabilities. Then IT is held responsible for the misuses, non-uses, and abuses. And I'm still waiting for someone to explain what an employee is supposed to use when his personally-owned system has a problem.

balaji_rit
balaji_rit

Current Process: Every device has a shelf life. So if an employee joins your organization, you assign him with a device,and after some years you decide he should get a new device and reinvest on the device. If it breaks down you maintain at your cost. You can propose: If he uses his own device, he can get that maintenance cost. Dont trust him. After a strategic time when u wud want a person to get a new device, give him an allowance so that he buys the device of his choice. If done more collaboratively, you reduce e-waste by letting a person have 1 laptop rather than two. An iphone or a Blackberry not both.

Chris_Muncy
Chris_Muncy

The only problem I have with using personal devices in my infrastructure is that of IP. Most of our employees are sales related. If for some reason they leave, or get fired, I want all of that data on their device. Having the device owned by the company makes this a little bit easier.

Chris_Muncy
Chris_Muncy

If you let personal devices on to your infrastructure, how do you handle eDiscovery requests?

MWRMWR
MWRMWR

I'm interested, but have no experience and have never considered this topic before now -so may have completely misunderstood the issues here; so please forgive my attempt to seek clarification: Is the suggestion here that if (in extremis) all the corporate data were to be held on "personal devices" there would not be any legal requirement to search them or take responsibility for the contents [Get out of Jail Free card ?] OR is there an over-riding legal obligation to do the impossible and corporately capture all information/Data that has been "within the corporate infrastructure" ...wherever that boundary lies. Scary either way.

Deadly Ernest
Deadly Ernest

corporate headquarters. But there already have been court rulings that state ALL data and software on a corporate computing assets are the companies and the responsibility of the company - that's why the company gets a hefty find when someone finds out one of the staff has loaded pirate software onto a company machine; which is why companies should be extremely concerned about what software is put on their equipment. They can also be held liable for copyright violations for unlawful copies of music and videos etc on the company equipment. Other court cases have also held that having ANY corporate data on a computer or other device, entitles the law enforcement people, and others, to have full access to ALL other data on that device. So far, decisions about who's responsible for any additional software and data on the device have been split in different jurisdiction. The deciding factors here have been who owns the item, where it's stored, who usually uses it, and who has access to it. A personal item used mostly for business, is seen as being mostly a business item and the company has full responsibility. A personal item used mostly for personal use, the courts seem to limit corporate responsibility to only the corporate issued software and corporate data on the device. If the people conducting the search can give the judge a probable cause for corporate data being on the device, then a court order can be issued for a full examination of all data and software on the device. ................ The issue for the company here is if I, as a contractor, have my own laptop and use it only for my contract work, deleting all company software and data off it between contracts, and I also have some pirate music on it to listen too, the company may be held liable for the copyright violation as it's seen as a company device and should be controlled by the company while I work there - this currently varies between jurisdictions. Now try and tell me you have a right to control MY computer, good luck, baby.

Hobbesl
Hobbesl

IT shouldn't automatically say "it can't be done." Appropriate research should be performed. The costs and ramifications should be presented to executive management who should then make the decision. Some decision-makers will only hear the "yes, we can" part and skip blissfully over the "however". In this case, everything's in writing so if it blows up ...

pbock
pbock

IMO, it is foolhardy to think that your company's IP isn't beyond your company's hardware assets, today, even before considering more employee hardware coming in.

Snuffy09
Snuffy09

this could be a big issue for any medical profession with all the HIPPA rules and regulations.

Editor's Picks