Collaboration

Sanity check: The six consumer technologies that are destroying traditional IT

If you believe the Gartner Group, consumer technology and IT departments are in the midst of an all-out civil war. TechRepublic's Jason Hiner lists the six consumer technologies that are causing the most havoc for IT departments, and says that IT can choose to sink to swim.

Earlier this year, the researchers at the Gartner Group published a series of reports on the invasion of consumer technologies into the enterprise and the challenges that this phenomenon has created for IT departments. Gartner has wrapped all of that research into a special report called Consumerization: The IT Civil War. If this really is a war, I think it's fair to say that IT is losing.

Many users are circumventing IT by using widely available technologies such as Yahoo Messenger, Gmail, USB drives, and BlackBerry phones to help them accomplish their tasks at work. The practice is so common that The Wall Street Journal has even published an entire article aimed at helping business users circumvent their own IT departments. I wrote a diatribe about how irresponsible it was for WSJ to publish that article, but that does not diminish the fact that this is happening everywhere and IT has become virtually powerless to stop it.

"It's almost become a sport for users to vilify IT." -- Jeff Comport

Gartner Analyst Jeff Comport, said, "There's a reason people are trying to use this kind of technology and very often it's to do their jobs better... We have IT very often coming from a world of budgets, controls, and projects, and they have spent their lives keeping this kind of stuff out." As a result, "It's almost become a sport for users to vilify IT," said Comport.

Let's take a look at the six consumer technologies that are causing IT the most trouble and then consider what IT can do to turn around a situation that is quickly going from bad to worse in many places.

6. Instant messaging software

Whether it is Yahoo Messenger, Windows Live Messenger, AOL Instant Messenger, Skype, Google Talk, or a variety of other IM clients, the fact is that instant messaging has spread to the point that as many as 20% of business users or more are now running it at work. Those are U.S. stats. The percentage is higher in Asia and far higher among younger workers everywhere.

Users typically install the software themselves, often against IT policy. Most of the IM clients send data unencrypted so even two workers in the same company and on the same network can end up sending corporate secrets out onto the Internet for any hacker to sniff. There's also the issue of IM file transfers that can introduce files that have not been scanned by antivirus software.

However, IM can also be a good thing. It can relieve e-mail inboxes from worthless chatter and it can help users quickly locate colleagues to solve timely problems. And there are enterprise options from Skype, Microsoft, and others that are making IM much easier for IT to regulate and standardize.

5. Personal smartphones

Now that BlackBerry phones, Palm Treos, and Windows-based phones are priced as low as $200 by many of the big cellular carriers, lots of users who don't have a spiffy company smartphone are just going out and buying one of their own. Many of them have figured out how to forward their business e-mail to their personal smartphones, which opens up a ton of privacy, regulatory, and security issues.

There are secure ways for IT departments to handle this. Turning a blind eye or trying to block it are not valid options.

4. BitTorrent and P2P

Transferring big files is very difficult for most users. E-mail policies usually restrict it. FTP is too slow and often too difficult to configure (and sometimes even blocked by firewalls). IM clients are clunky and often fail at file transfers (usually blocked by firewalls). That's why some users will turn to P2P programs such as BitTorrent, because they are much more effective. Unfortunately, these programs can also have a lot baggage since they are regularly used for hosting and transferring illegal music and video files.

That doesn't mean IT should necessarily abandon P2P software altogether. It can often prove extremely useful and efficient. For example, Collanos software can be used for sharing and collaborating on documents between various users in a team or workgroup.

3. Web mail with GB of storage

Another method that users often employ to transfer large company files is with a consumer e-mail account, such as Gmail, Yahoo Mail, and Hotmail, which all have much larger storage capacity and allow larger file attachments than most corporate mail accounts. The problem is that not only are these systems far less secure than corporate mail servers, but many of them thoroughly index messages and files and so sensitive corporate data transfered through these mail systems can get spread throughout lots of different servers and search indexes.

New Windows storage technologies that do not save multiple copies of the same file can help IT deal with the e-mail storage issue and allow IT administrators to expand storage limits for users. There are also new Exchange plug-ins, such as Mimosa, that offload all attachments from messages and store them separately to streamline inboxes and allow IT to increase quotas.

2. Rogue wireless access points

It's a wireless world in home networking now. Users who see how easy it is to connect a router to their DSL or cable modem and roam the house wonder why they can't just do the same thing when they take their laptop from their cubicle to the conference room. If the company doesn't offer wireless LAN access in their office, many of them just get sub-$100 wireless access points, plug into their Ethernet jack at work, and start roaming the building.

Of course, if their desk is at the window next to the parking lot, they don't realize that they just provided anyone who drives up with a free Internet connection and easy access to the corporate network.

IT departments can follow best practices (see TechRepublic's ultimate guide to enterprise wireless LAN security) to establish their own secure wireless LAN, or they can use products like Xirrus to simplify secure wireless deployments. They can also educate users and use intrusion prevention software to scan for rogue access points.

1. USB flash drives

Portable storage is nothing new. Twenty years ago, users were carrying around floppy discs full of files. However, the size of those old floppy discs limited the amount of data that users could take out of the company. Today, with 4-GB USB flash drives costing $40 or less (and flash drives as large as 64 GB now on the market), users can copy all of their My Documents files to a flash drive and walk out the door with them. Or a user could copy a huge chunk of a file server and walk out with it on an unencrypted USB drive.

Users need to be able to easily transport their files in order to work from home or on the road, transfer documents to partners, etc. IT has to find ways to make it simple for users to do this while also protecting sensitive corporate data. For example, an IT department could educate users about flash drive security, provide encryption software for those who need to use flash drives, or simply provide company-sanctioned flash drives that are preconfigured with encryption and other security standards. The cost of the flash drives would be much cheaper than the legal fees and/or fines of dealing with customer data that slipped into the wrong hands.

What will come of all this?

Gartner Analyst Stephen Prentice said, "The critical thing to understand is that your employees are not doing any of these things ... to be awkward. They're not doing it because they're trying to break security. They're simply trying to get their job done... The approach has be to not go in there and stop them from doing it. Go in there and find what constraint have you put in their way that's forcing them to do something that is out of your control, and then fix your problem. If you gave people the option of using an in-house, secure, controlled environment that meets all of their needs, they simply aren't going to have the need to go outside. If you fail to give them that -- if you give them restrictions that are unreasonable or stop them doing their job effectively -- then they will find another way."

Gartner Fellow David Mitchell Smith added, "If rogue users start to see some flexibility on the part of the IT department -- some genuine interest in wanting to provide what they need -- they may be more open to go to them first and say 'Can you help us provide this,' as opposed to just going out and doing it. [They could] be part of the solution, instead of part of the problem. But long term, there's this unstoppable force which is demographics. New people are coming into the workforce, in IT and in non-IT functions, and they are becoming more open-minded and having more and more of an impact. Over time it's pretty inevitable that the trend is moving toward the more open way of doing things. It's just a matter of how long it takes and how well it fits into the culture of each organization."

Ultimately, this "civil war" is merely a sign of two larger problems that IT must address:

1.) There are lot of IT departments that have policies and attitudes that are stuck in a time warp. The procedures that allowed IT to deploy important technologies while protecting users from themselves are no longer valid in a world where individual users often have newer and more advanced technologies in their homes than the IT department has in the office. IT is now entering into more of partnership with users, and policies and attitudes need to reflect that.

2.) There's a general disconnect and lack of constructive communications between many IT departments and their users. IT departments need to view themselves as customer service organizations, with their users being their primary customers. IT departments have got to lose their paternalistic approach to users and focus their efforts around serving users and enabling them to become more productive.

The IT departments that make these changes will thrive. The ones that don't will see their role within the organization diminished and become prime targets for outsourcing.

What do think about the challenges that consumer technologies are causing for IT departments? Join the discussion and take our poll to tell us which consumer technologies cause the biggest problems for your IT department.

About

Jason Hiner is the Global Editor in Chief of TechRepublic and Global Long Form Editor of ZDNet. He is an award-winning journalist who writes about the people, products, and ideas that are revolutionizing the ways we live and work in the 21st century.

207 comments
nichola.dinnoo
nichola.dinnoo

I am not a trained techie. I know a bit about computers because I own a desktop and a laptop. I joined to learn a bit more because I would feel like an absolute moron around IT and Software Dev. This was a well-written article, which really serves as a benchmark for other articles. The purpose of this was not to make either party the villain, but goes to show that sometimes a little knowledge shared with the right attitude can foster better understanding. Who would have thought that network security could have been a Human Resource issue?

bchant
bchant

Even more unfortunately is that managers will always be managers, the music industry is proof of this. Short-sightedness by those on top is labelling people as "criminals" who just want a more efficient way of doing things. Just as the record companies refused to see WHY people download MP3s, IT Managers refuse to see WHY people go above and beyond their old technology. In both cases, it's because the old method is cumbersome, but the people in charge have too much $$$ invested in it to want to change. So instead of labelling your customers as criminals, embrace the future.

kristofuh
kristofuh

I only needed to read the first few lines to know where this article was going. IT would like to think it should drive an enterprise, the thing is... IT is the support inlay to a business structure. As technology changes, IT must change along with it and make the necessary adjustments to function within an ever changing landscape. This is nothing new.

vuong.pham
vuong.pham

Those aren't disruptive technolgies.. they are not destroying IT... Those technologies are CATALYST for change! Something is not working correctly with current IT/ and how Technology is applied. Users with some savvy will find a way to get their job done. Albeit without understanding the fully the consequences of their actions. If P2P is allowed at work the network will grind to a halt... Someone who does the Firewall isn't paying attention to traffic and not shaping traffic to block ports correctly. IM -- There are several examples in the real world of business justified uses. Telecommuting is a prime example. Establishing a remote presence with IM. Look at Lotus/ IBM Sametime. Look at MS Communicator.. all are enterprise class examples of how IM is done. Secured. As for USB there are many technologies used to block / monitor USB ports. SafelinkID.com deploys lots of these technologies!! The point is this. Borrowing from a biology model. Change is the catalyst for evolution. In technology, change is in many forms. Poorly designed IT infrastructure will be subject to 'ad hoc' measures to "circumvent" current IT technologies, because it isn't to break them.. but in order to get work done. i.e. broken floppy drives, translates to USB keys/ flash drives i.e. sneaker net. gmail, yahoo mail etc is because poor smtp filters block all attatchments.. justified or not. Call it what want, but these technologies aren't destroying IT but forcing IT to evolve. Vuong Pham vuong.pham@gmail.com

caspianhiro
caspianhiro

Users know they shouldn't expose company secrets, but they do it anyway. When IT tries to stop them, IT is vilified. Why would ANYONE with any intelligence or ambition ever go into IT? The real reason IT has a hard time attracting top talent is it is a crappy career, it is getting outsourced, the hours are stupid, and the money is crap. You then attract bottom talent, and get what you pay for.

rw
rw

Good article, consumerisation is here already, to fight it is to try and turn back the tide. We have a choice accept that we have to accept it. Remember the pressure is from users, like in my old Job the COO wanting an app and wanting it NOW. All the IT techies said no. IT director got a serious talking to by the COO and presto implemento!!! we had a new product to support. The tail cannot wag the dog, no matter how hard you stamp your feet. The business cases for minimalist smartphone remote working, network outages so personal email fall back, USB drives to carry every changing multimedia presentations not like a static DVD burn and free international calls with Skype etc is all compelling, but that new skype worm does make me winch a bit! We need to be able to ensure only the business bit we want to talk to our network is all that can talk to our network. P2P, skype, VoIP...don't care. If the rest of the client apps can???t talk to or even see the network then business security is upheld and user freedom granted. Plus massively reduce TCO by telling pesky users get your own laptop (one that suits the individual) and do what you like, as long as it is legal! If only your business apps can talk and only they can use the encrypted network tunnel with No data on the PC! The PC now no longer matters. Drop it, leave it in a taxi. Minor inconvenience not an information embarrassment. (Who lost all those social security numbers the other day?) There is a product that can do this. Tamperproof menus means a user get only that that they are meant to see. The whole system is encrypted from the start so no hack me websites. Only specifically adopted client devices are allowed to even start talking. Nodeless connection so the users own DNS and routing is maintained, unlike VPN can connect securely to dozens of sites simultaneously. Ability to automatically access the environment the client is running from as known or unknown and adjust the security clearance automatically. A runable client that can be run directly from a USB device. (if you wish tied to a user and or device in a specific environment) such that the USB device can be given away with a username and password and still not allow access. You could stop fighting against the problem and just side step it all together

cquirke
cquirke

"The IT departments that make these changes will thrive. The ones that don???t will see their role within the organization diminished and become prime targets for outsourcing." If you're going to do it badly, you may as well do it cheaply and badly. It's hairy to consider to what extent your sysadmin "owns" your business's nads. The same suspension of disbelief that says "let's use Web 2.0 productivity apps and store our data 'in the cloud'" also applies to "let's outsource our IT management".

catseverywhere
catseverywhere

"Six." All I come up wit is "beer." Is this a word-association game?

chris
chris

I agree with the article. Similar articles were published in Computerworld in the early 1980's when corporate employees first bought PC's at home and started "sneaking" them into the work place.

mjelsenb
mjelsenb

Demand always outweighs Supply The demand for these devices and different ways of doing things can far outweigh the supply of investment expense or capital that IT departments can keep up with. In some cases, the infrastructure was not built for these devices but was built to service clients. I think most IT departments do work on servicing their internal customers but are primarily caught up in servicing the companies external clients needs. This creates an inbalance as to what technologies/investments the IT department can make. There is no doubt that these can increase an organizations productivity and work life balance but it does cost money to do so. As an example, Blackberry's generally are used for access to a company's internal email system, not for that person to check a 401K balance or to buy a product using a web site. Most IT departments are now caught up investing in the infrastructure to open up the network, servers and access points for these devices while also working on the company's client's needs. I disagree that the devices are destroying typical IT, as an IT professional I hope that IT does what it always has done, increase the organizations efficiency and bottom line by providing automation and technologies which drive business results. I think the issue is one you pointed out in the article, which is a lack of communication and possibly a lack of understanding by executives, on how complex and costly some of these technologies are. Maybe I can suggest someone create a survey to see how many executives running the Fortune 1000 Companies truly understand what it costs to support their internal corporate systems as they demand these devices and software. Several execs I have dealt with understand generally the cost of their Blackberry, not the cost of the data center, servers and staff to support that device.

zbyte
zbyte

If the technology field did not create new technology, there would be no IT. The truth of the matter is, IT lost a lot of control over it's turf when the microcomputer was unleashed. So placing blame on the most recent encarnations of this micro technology is essentially whining. Stop the whining and get with the program. Unfortunately, IT has always had an implementation problem. It is aways low on the totem pole in projects or is not even mentioned at all. It is a matter of having a good implementation/ integration strategy for new innovations. When the microcomputer came out, there was whining about lack of standardization (do you think there was standardization in the mini-computer and mainframe arenas?). Ha! I remember when a good portion of IT people in the 80's had difficulty integrating micros and were bitching about "standards". Well Microsoft smartly capitalized on that attitude to convince these types to standardize on MS-DOS, then Windows. With those came a variety of problems/nightmares. Like viruses, spyware, malware, sadware, etc. You name it, it came. Would you like Microsoft to come out with an all encompassing network/OS where you can monitor all these do-dads that come out. ANd at the same time, loose your civil liberties and privacy? Get up and smell the coffee and get with the program.

DRezanka
DRezanka

In our environment, we want to be a business parter with our customers (users). We want to anticipate our customers needs and be the best provider of their requirements. We want our customers to feel confident that IT will help them solve the problem so they don't have to facilitate their own work around. That sounds great on paper. But the business controls the budget they allocate to IT and IT is an administrative cost. We are occassionally limited in what we can do because of budget limitations. One way we are trying to manage this issue is by developing an IT Business Plan that includes a department Service Catalog. This should allow IT to communcate better with the customers and help them understand what they are getting for their money. Helping the customers understand what IT is doing should help them to realize that these costs are an necessary part of doing business.

markros
markros

The "traditional" I.T. department operates on two false assumptions: - I.T. has monopoly control over what can, and can not, be put into use. FALSE (as explained in the article) - Users are stupid. They do not understand the technology, and they are not capable of using it. FALSE. Many times users do not have *time* to fully explore all of the issues, but that does not mean they cannot understand them. - I.T. understands the users' needs and business processes. REALLY FALSE. I have seen this so many times where the selection of critical business process systems is left to the I.T. department. They end up putting "user vicious" systems into place that do not support what people *really* have to do. Thus, the customers (the users) are going to get what they *need* any way they can. The countermeasures are to understand a couple of fundamental truths: ** Users are trying to get a job done. ** The I.T. department is a SUPPORT organization. It exists *solely* to make it's customers' (the users) jobs easier to do safely, securely and legally. Think about the history. This has been going on since Apple ][+ machines were brought into the office to run Visicalc, because I.T. could not turn around financial models with their mainframes and print-outs. It was the users, fighting the I.T. departments at every step, that brought desktop computers into the workplace. As the article points out, the world today is far more dangerous due to poorly though-out operating systems and architectures that are universal. The only way I.T. is going to keep up with it is to come out of their glass cubicles, out from behind their phone queues, and work very hard to embed themselves into their customers' worlds.

cavlosnap
cavlosnap

I worked in IT management from 65 to 2000. It was mostly no win. Mostly not enough,not timely and not the stuff really wanted. The first 2 problems were management's and the 3rd the users' and management's. IT has to change from being a total provider to being an core system provider then an enabler and a guide

groon
groon

In the midst of this reality check came these words: "Gmail, Yahoo Mail, and Hotmail... thoroughly index messages and files and ... corporate data transfered through these mail systems can get spread throughout lots of different servers and search indexes." I realize that this has certainly been the fear of many corporate IT departments. Trusting sensitive data to the e-mail provider arm of a search engine is on the face of it a little worrisome. However, is there proof that such an indiscretion has actually happened? I thought all three of these sizeable and reputable companies had assured users that their private data would remain private. I also thought that if private data had been made public by one of these folk it would have been big news. Maybe I missed it.

etkinsd
etkinsd

Funny how these guys never back up their articles with good data. There are usually anecdotal examples and then some "what could happen" scare you to death scenarios. In fact, the companies themselves are to blame. For example, how many employees really need web access to do their jobs? I would argue most corporations have way too many employees in administrative capacities, and the majority of them don't even need web access to do their jobs. Same for accounting and finance. In manufacturing, how many production employees, supervisors, and even managers need web access to run their factory floors. I would argue that these companies can turn off their outside web access and still run their companies on their internal networks. Hey CEO's give it a try -- see what happens.

etkinsd
etkinsd

Funny how these guys never back up their articles with good data. There are usually anecdotal examples and then some "what could happen" scare you to death scenarios. In fact, the companies themselves are to blame. For example, how many employees really need web access to do their jobs? I would argue most corporations have way too many employees in administrative capacities, and the majority of them don't even need web access to do their jobs. Same for accounting and finance. In manufacturing, how many production employees, supervisors, and even managers need web access to run their factory floors. I would argue that these companies can turn off their outside web access and still run their companies on their internal networks. Hey CEO's give it a try -- see what happens.

battend
battend

Could we please avoid articles written in block capitals please? Normal fonts are much more readable (that's the idea of having ascenders and descenders on certain letters).

dannocracker
dannocracker

There are things that IT can do to prevent some of these issues: A. IM Software: Set up workstation permissions such that only someone with an administrative account can install anything. This will also ensure that legitimate-use software that is not licensed is not installed. B. USB Drives: Disallow them. In my DoD organization of over 45 people, many of whom travel, we have done this. People can still function. Virtually all laptops comes with CD burners these days. If one really needs to manually transfer a file to someone, he can burn a CD. USB drives can be a source of viruses, too.

troy.johnson
troy.johnson

I've often wondered how the use of something like mySpace and YouTube could be utilized in the business world. I know talent companies scour YouTube to find new singers, bands, etc. Seems like mySpace and YouTube could be enablers for HR & Workforce Management (improvements on the old resume document approach) or selling consultations with prospective clients.

Deadly Ernest
Deadly Ernest

It's not the IT manager's job to know exactly how every unit is changing how they do business. It is the job of the person who wants to use new technology to put forward a case, in business terms and costs, to get approval to allow the use of that new technology, then wait until it's approved by someone who knows the business and the related laws. I've worked in an area where the installation of a wireless access point in the work environment would result with you being charged and facing up to 5 years in prison. It matters not how convenient it is, it's the high security and privacy in that area that over rides. One place I worked at, a fellow mentioned a piece of software that made part of his job easier to do - he wanted to buy it and put it on his systems. But to use it the way he wanted, twenty eight other people needed the software, as they needed to read the reports the system generated and it can only be read in that software. 29 copies of software at $1,250 each, to save him ten minutes work at the end of each month for the next four years - wasn't worth the cost. The main thrust of this thread has been about accepting people going outside the corporate limits to use new technology - and my main answer has always been, if it really helps the business, then they can properly justify and let those who have to ensure legal compliance check it and approve it. But you should never go outside with out the appropriate approvals my those authorised. For most office and business situations, these technologies offer no worthwhile advantage over their older variants, and rarely offer a cost effective solution. As I've previously said, there will be some businesses where they will help, but for most they will not. If staff intentionally breach corporate policies, they are acting irresponsibly, and may even be acting unlawfully without knowing it, because they aren't in a position to know WHY the policy is as it is.

NickNielsen
NickNielsen

Given current laws in the US (Australia, I'm sure has similar laws), embracing the future and enabling some of the things my customers are doing can land me in prison. That's something to be avoided, not embraced.

kristofuh
kristofuh

When many of the opinions are brought together, I think it can be simply summarized that the business and IT need to work closely together in joint effort. Business or IT - it's still one company. Sure, there are those who will abuse accessibility to technologies - still, there are valid reasons for bringing in new technology into the work place. Business must continue to advance with technology to stay at the bleeding edge. Ideally, IT should be receptive to change and jointly assist with policy and risk mitigation. There does need to be an intelligent balance though: I've heard IT banter about banning flash drives while at the same time configuring a new laptop.

RationalGuy
RationalGuy

Let's look at two approaches: 1. "I need a better way to organize my e-mail." The is a valid request, because you're allowing IT to provide the solution to the business problems. The onus is on IT to come up with a workable solution. 2. "We need to install [insert magic software of the week] because an article in Wired said it's the best things that exists to organize e-mail." This is NOT a valid request ... unless the exec in question can produce: a. Documented results of the regression testing he must certainly have done to ensure that said miracle software won't cause any conflicts with existing software b. The complete software deployment plan c. A TCO analysis of implementing and supporting the software on an ongoing basis d. Budget for training users on using the software and support staff for fixing it when it breaks. e. Best practices document for configuring the software etc., etc., etc. Certainly, the exec in question must have thought through all of this, taken these and many other factors into consideration, looking at the full impact of the request and come to the well-reasoned opinion that the company, in fact, NEEDS to deploy this software as the correct solution to the stated business need. Of course, these things are not considered at all. "That's for IT to worry about," they will say. EXACTLY! That's why we say, "no." Because you say, "yes" without thinking about anything. We don't believe the marketing material. We know that half the promised features will work, 25% won't work like their supposed to, and 25% won't work at all. We know there will be headaches (maybe more than they fix) and we know that something, somewhere is going to break because of rolling out something new. We know it's not going to be as easy to install and support as they say, and we know it's not going to be bulletproof.

Deadly Ernest
Deadly Ernest

technologies do NOT meet or fulfill a business need in the vast majority of business settings. They fulfill a personal need. Also, they frequently cause harm to the business in that they violate legislation and business requirements through people who don't understand the reasons for the policies, breaching the policies 'because it's just the IT people being narky.' The policies are written by senior management to meet the business needs of the business not because the IT people are anal retentive. Many people fail to realise the IT people are simply the administrators of the company policies, most of which are there for commercial or legal reasons. As a clear example, the current level of technology is such that we do NOT need any physical paperwork in an office environment or operation - yet most business do still use tons of paper each year. This is solely to meet the legislative requirements to keep written records in line with certain laws - mostly tax laws and contract laws. It would be totally irresponsible of anyone to simply do away with the paper records because they've found a better way of doing the recording despite the IT people not letting them do it the easy way. Of all the technologies listed in the article only one has an easily stated business use - USB storage devices. But even that must be used in line with corporate security concerns about the lose of commercial secrets and legislative requirements of things like the Privacy Act.

jstevens
jstevens

My experience has shown that users install and use these technology to take care of personal business on company time. Rather than talk on the phone 14 times a day to their kids, they IM. The boss has no idea they spend an hour a day chatting. If they talked that much on the phone they would be fired. They install Limewire to download music at work, because the internet connection is faster. They check Gmail so they can look at their sister's wedding photos. I have been watching these technologies for business use, and I agree they will someday be widespread in the business IT envirnonment, but for now they replace Solitare and Freecell as the productivity waster.

kristofuh
kristofuh

Well... this sort of attitude compounds the common problems internal to IT - however, it also reflects on how poorly upper management is running the show. If management isn't willing to listen to complaints and consider implementing improvements, then the suggestion would be to dust off the resume. I do like to receive complaints on the misgivings of working in any IT department - complaints are symptoms that a part of the business is not operating smoothly. These speed bumps can quickly become an abyss on the road to success.

john.mcfadyen
john.mcfadyen

I dunno what part of the world your working in but IT careers can make fantastic money. The only way an IT career would be crap money is if your crap at it. Anyone with half a brain an a bit of ambition can make a great career out of this field. In my opinion its easy money and there is plenty of it if you can be bothered to stand up and ask for it.

me
me

Only disgrunted employees wiil expose company secrets, so thats why you keep your employees happy!!! I am full of ambition and intelligence... got my degree, left uni, 1 month later i am an IT Manager on over ?30k, which isnt normal for a new graduate, i am a full member of the british computer society and all by the age of 23. My aim is to be an IT director by the time im 33. I work in IT coz i like helping people and improving business. I like to see where things are going wrong and work on it. I actively talk to my users, i fully understand them and see them as my customers. As the IT Service Framework of ITIL says, you need to run IT as a business, for the business, and its this challage which makes me go to work everyday. oh and the money. So... a) it aint really as crappy as being a IT reseller b) most outsourced IT processes are being brought back inhouse c) hours aint that bad... plus i get to travel internationally, get expenses paid on everything, taken out for lunches, meals etc... d) It aint that bad!! Take me for example. It just takes ambition to get where you wanna go. I wouldnt ever employ bottom talent, and to make sure of this, i make sure the pay packages i offer are very competitive and attractive... and i get the best of my IT dept. I've read two american posts so far, and i totally disagree with them... is the culture of IT in America that extremely different to that in the UK? Not far to base an opinion of two posts but, come on, really!?

mhayes_z
mhayes_z

Your IT Crappy Career Analysis... just a little bit of a broad stroke... just a little bit. Maybe I missed your point? Sorry... parts of IT may have crappy careers contained within... there are other parts that won't be outsourced and are way beyond crappy. Besides, if you read the news... several companies that have outsourced stuff are now re-thinking those decisions. While secrets can leak accidentally and intentionally from the home front... if they're gonna leak I'd rather have them leak from the US as opposed to a foreign country. Sure you can outsource stuff but it's still got to be managed and accounted for which for some odd reason some people didn't think about (chasing the almighty dollar) to begin with! Now they're having to back track to correct themselves. Crappy Career though... ridiculously wide and broad stroke there! Guess (assuming the title is correct) you should get out of being a computer reseller since IT needs computers as part of their function. Guess if it's crappy it'll disappear as a career and your lively hood may follow right out the door behind it? Then again maybe you only sell to foreign countries handling the outsourcing right?

rw
rw

There is annonimity that some systems lend themselves to so, IT is blamed for so many security leaks. I think the industry has been given a crazy task to defend. Crap deal but IT takes it on because we are servants of the business. What is to stop a person just talking about what they know. Legal heat I suppose. Policy and buy in of management and decent enforcement. No exceptions... especially from the rule makers themselves. They usually have the biggest secrets!

jasonhiner
jasonhiner

When IT is outsourced, it's not the management that is outsourced. It is the operations. Outsourcing does not always mean India or China. In the U.S., HP, IBM, and Verizon are popular outsourcers. They will run your IT operations for you.

Murphy's_Brother
Murphy's_Brother

contrary to what management has drummed into our heads, the customer is not always right. Sometimes the users are trying to get their job done as lazily as possible. We set up remote access to allow certain people to work from home when they are sick and now it seems like some are sick more than they used to be. And if I ask how updated their home anti-virus is, I'll usually get a blank stare or "I don't know." We are small enough that I can walk into the CEO's office and speak my mind and I also have authority to grab employees in the hall and say "I need to talk to you for a minute." but I still find myself explaining the same things over and over to the same people. I agree that we have to be willing to try new things but they have to be willing to live with the necessary security.

PhilippeV
PhilippeV

about online gigagytes accounts for emails on Gamil, Yahoomail and Hotmail, the assertion about its lack of security is effectively completely unproven. In fact, in terms of security, those storage spaces are FAR MORE secure than almost all private local storage solutions, that are much more easily exposed, due to lack of strict security conformance rules, and local plans to preserve this data. Also, we've never seen any offer online (not even from hackers) for indexed data or sensitive data collectd in online email storage. The author misses completely the point: the storage of emails, is far less dangerous than their transmission from one user to another, given that most mails are sent unencrypted through unsecure open networks. And local storager of emails is also often exposed to easy theft (or loss by the user himself). Really, if you don't have a very secure policy about keeping your sensitive data private, it's certainly best to leave those data (like emails) online in a very secure server like Gmail, Hotmail or Yahoo. But the main danger is that you risk this data being completely deleted if you forget to visit these sites for a while (suppose you have an accident and have to be hospitalized, in a place where you won't have access to the internet, you may stay unconnected for one moth or more, enough to get these data deleted because your account is no more used). Online storage solution on large wellknown and serious account providers, if you can connect to it through a secure layer (HTTPS, FTPS) is certainly MUCH more secure than what anything you woudl haveto build yourself (because it would be really too much expensive for you to get the same level of protection on your PC). If you don't want to have your account closed, due to lack of connection, you canstillsubscribe these services for a long period (don't remember to renew your yearly fee). Another solution: store this data at a web hosting company, offering secure servers. These servers are located in a secure environment (colocationarea) with protection against fire, theft, backup, administration... At a price that will compete with anything you can build or buy yourself alone. But if there are some data that MUST be kept very secret and not exposed to risks due to loss (business data, accounting/fiscal data), you need a backup plan including the possibility to save this data in a secure but easily accessible place: in the past, you created a tape backup and could give that to a secure proxyfor storage. Now you can backup this data and store it encrypted, saved in a online account (this is much easier than what you did in the past, it's faster, can be automated so that you won't forget it, you won't need to replace your backup tapes bynew ones...) Really, online archiving can be really secure, cost efectiveand easy. Think about it: it's even protected from stealing by someone connecting a USB drive or stealing your notebook: don't travel with your data on your notebook, put this data online in a secure storage account !

McTheo
McTheo

I found this link to this old article about Gmail security: http://www.techworld.com/security/news/index.cfm?newsid=2934 That bug has been fixed by Google long ago. But it shows the potential risks of using a 3rd party messaging services with corporate data. It's not an issue of them making private data public. It's about potential holes in their system. So in addition to worrying about holes in your company's security you have to worry theirs too. Quite a spread of risks. It's also about potential misuse or negligence by the users which cannot be monitored by the company because it's another system.

Joe_in_Florida
Joe_in_Florida

Those new fangles telephones will ruin our businesses..users always talking to friends and spouses or 900 numbers. We have to establish a department of people to sit on top of this issue and make sure all calls are encrypted and only to authorized people. Wait, maybe use tincans and string. That way they can only talk to one person at a time and it will have to be authroized before the equipment is made available. Long live the Telephone Technology Department (TTD)!!

mwesthoff
mwesthoff

I agree with you. We have some employees that barely need a computer...just because it can be done doesn't mean it should.

vbnomad
vbnomad

Unrestricted web access is a productivity killer and a serious security hole. IT departments must handle web access like a resource of doing business. Managers who grant unrestricted access to employees with no need are not protecting their company or enhancing productivity. Sooner or later businesses must take notice of which managers are protecting the business and which ones are leaving the doors wide open.

RknRlKid
RknRlKid

Horror stories have already been published about this. The woman who was denied a teaching certificate and degree because her myspace page had a photo of her drinking immediately comes to mind. What's online is used as leverage AGAINST you, not for you. I am not dismissing "common sense" and caution on the part of the individual. It didn't take me long to conclude that stuff on the web is like stuff in a library -- do you really want THAT out in the public eye? If not, don't post it. However, young and immature people do exactly that. Its the old maxim -- if you don't want your parents/grandparents/significant other to see it in public, then don't post it!

McTheo
McTheo

Employers are already using MySpace, FaceBook, etc. but not to "improve on old resume document approach" or to "sell consultation" but to check on prospective employees. Link to NY times article: http://www.nytimes.com/2006/06/11/us/11recruit.html?ex=1190174400&en=d9f961e33986170b&ei=5070 Also it seems to me like online jobs posting services (like careerbuilder.com, monster.com, etc.) already offer alternative to the old resume document approach. Also, I think that (at least in MYSPACE case) social networks are still plagued with security issues. So perhaps not the best for IT/Business use especially when there already are business alternative to MYSPACE, and other social networks for that (link to article below). http://abcnews.go.com/Technology/wireStory?id=3386045 But... I can definitely see YouTube being used as a marketing tool. Heck! Politicians are already doing that.

shardeth-15902278
shardeth-15902278

I agree with your points, but wanted to mention one counterpoint to your subject line. I worked for a company at one point which had an unusually cumbersome restriction on folder access controls which involved multiple signatures and a large paper trail. The question "Why?" was always answered by "Legal requirement". After the implementing manager was dismissed. the question was re-addressed, and it was discovered that the legal requirement only applied to a very specific (and very small) subset of the shared folders in question. The policy was changed, users were happier, trees were saved... One must be careful when accepting that something is a legal requirement. Critical thinking should still be applied.

catseverywhere
catseverywhere

A good chunk of my clients are very small operators, 1-5 people in the office. Among these folks I see all manner of questionable stuff going on, and invariably they are doing it because their nephew or whatever came by and set up this "gee whiz" stuff. Fortunately, one of the qualities that leads to the decision to utilize my services is my insistence upon hewing to the law. Nobody questions me when I uninstall something saying "you do not want to do this." The vast majority of users, i.e. in the home, embrace any functionality completely without any thought, least of all "is this a security risk?" or even "...legal?" Most figure if the machine can do it, it's ok to do it. Most simply can't believe anyone would put a tool in their hands that is capable of swiftly violating the law somewhere. Of course this is dead wrong, but it's what probably 99% of all computer users think. Even "management," alas. The bigger of the clients I handle do not blanket operate on my recommendations as regards the law. Their loss. I was a corporate chief pilot/director of flight operations for years. My # 1 job was compliance with the law. I was so strict (and correct) that the local FAA office asked me to field calls for them on questions of interpretation of and compliance with the law, which I did gladly. I do the same for IT clients now, and like I said the effort is largely appreciated. With the increasing deployment of IPv6 I see massive trouble ahead for regulatory compliance in the future. I'm expecting a whole lot of people to inadvertently get themselves into a whole lot of trouble. Great discussion as usual. Thank you Jason, you're a most welcome voice in this office. cat

Deadly Ernest
Deadly Ernest

It's value is solely based on 'What can it do for my business for HOW MUCH?' Very, very, very few businesses need to be on the leading edge or the bleeding edge of technology - many manage quite well on the vintage edge. The most common software applications used in a business are: word processing, spreadsheet, email, accounting / bookkeeping. For the vast majority of businesses, it matters not if they have version1 or version 101 as long as they meet the current legal requirements for their business in their location. This is also true of the majority of operating systems and hardware. Anyone can write a basic letter just as easily in Word for Windows 2a as they can in Word Vista - you get no productivity advantage in preparing basic letters when you upgrade from a 486 50 mhz system with Win 3.11 and Word 2a to a Pentium IV 3 ghz with Windows Vista and Word Vista. The time taken to type and save the letter is EXACTLY the same. This basic principle applies to the majority of computer software and hardware used in the vast majority of business situations. A very minuscule number of businesses would actual obtain and advantage from the technologies listed int he article. But regardless of the value of the new software or hardware in work performance it MUST be justified on a cost effective basis showing the FULL COST of the new technology will return a savings that will justify the expenditure. For most situations the technologies listed in the article can NOT show a full cost saving for the majority of businesses. I spent much of the 1990s doing this sort of cost return benefit for changing work practices and technologies, and there are many things a lot of people forget about when introducing new technology. Most think of training, cost of the tech, maintenance; few think about the cost of expert help if there's any trouble, on going training of new staff, additional units, ability of the systems to handle additional units. I've seen a case where a new computerised stock management system was introduced, the accountant when for a product that cost $40,000 as it was cheaper than the one recommended by the technical people (that cost $60,000) - within two years the project had cost the company $150,000 as the purchased product had to be dumped and the recommended product bought when the company expanded into two more offices - prices had gone up and everyone ended up getting two lots of training and two sets of manuals in that time. Things aren't always what you see on the surface. One case I know of the accounting package was bought for a major organisation, and amended to suit the organisation, a special version, an extra $75,000. Four years later changed laws meant the organisation had to upgrade, the basic upgrade cost $5,000 for the base software - to amend it to suit their special version cost $120,000 as it meant a major rewrite of large section of the base code. The Senior Finance Officer was ready to sign off on the extra expenditure until another person convinced the Chief Executive Officer to use the off the shelf version and buy another $20,000 shelf package to do the special analysis work the CFO insisted on - this just required a little extra work by the CFO himself. Guess which argument one. It should be receptive to change, where the returns justify the cost. Back in 2001, in the area I lived in we had four companies of about the same size who delivered the same services. All computerised their operations with Win 95 and the related business applications in 1995 / 1996. Between 2001 and 2005 three were talked into upgrading their hardware and software at different times; one company upgraded their hardware as it was not able to fix it any more, but loaded their old software onto the new hardware in 2002. Only two of those companies still operate, the one that has done the minimal amount of upgrade expenditure is now the largest of them. The two that had kept up with the new technologies all along went broke through spending too much on technology - they were up to date, but they didn't NEED it to operate.

mhayes_z
mhayes_z

Maybe it's the IT Resllers jobs are crappy... or something... or at least "his" was/is. C'mon ... as with ANY JOB in ANY INDUSTRY there will be some bad employment deals you can run into. Crap Happens. Change jobs, move on, look out over the horizon. US vs UK ... just guessing maybe more of the US stuff has been outsourced in different areas in greater numbers although I'd guess you all have had stuff outsourced heavy in some areas as well. Other than that it's all going to be the same in alot of ways from an industry standpoint... I'd guess. Like you said alot of that previously outsourced stuff is boomeranging back as "they've" found all that glitters is not gold. Good Luck with your Directorship pursuits mate.

ibsteve2u
ibsteve2u

Just using IBM as one example (its sadly not unique to them), check out the fascinating timing link between news articles that say something to the effect of "IBM lands big support contract with U.S. Corporation" and "IBM increases its employment base in India by 10,000" over the last three or four years.

PhilippeV
PhilippeV

think about the many potential security holes you have on your own system, that leave your private data exposed very often and look at the online alternative. you'll immediately see that: ==> NO system can be completely secure; even if your data cannot travel because it is physically isolated from the outside, there is still the risk of loss of data in you own places (fire, flooding, storms, electric failure, thunder...) ==> It's extremely costly to build and manage (including paying your admins and the support/assistance solution) your own local safe storage solution. Due to that, most local solutions are not built to be secure. So don't leave you precious data there. Your data is more secure in a place built specificically for that. ==> Online storage providers will offer you places for your data in a MUCH more secure way than what you would build at the same or most often much higher price. Today, those providers will give you excellent service, including their own local backup, and 24/24 7/7 assistance, and warranties...

Deadly Ernest
Deadly Ernest

each year, laws change, operational needs change - and the policies must be updated and verified as appropriate for the current situation. But they must NEVER be just ignored or violated by operational personnel because they find them a bit troublesome; which is what is the core aspect of the original subject - people doing things in violation of policy because it's easier for them. No policy is put in place for the fun of it, someone with authority had a reason for doing it in the first place, and any policy should be authorised by top management on the basis of 'explain to me why the policy should exist' before it's put in place. And anyone wanting to go outside it should have to be able to justify their position to the person responsible for the policy before anything is done or changed - then the policy can be changed in a way to accommodate that person's needs, IF it doesn't violate the original need for the policy. A classic example of policy making life harder. Many police forces have a policy that officers working in the cells do NOT carry firearms, they must all be locked in secure storage well away from the cells. This makes a lot of extra work for the police officers, but greatly reduces the risk of a prisoner fighting officers getting their hands on a loaded firearm - a very important safety issue. In the case you cited above, the person who administered the policy didn't write it properly in the first place, and was probably very lazy about how they went about administering it as well. Thus it needed a review, one that should have been done years earlier.

Deadly Ernest
Deadly Ernest

about it - 'Tell me what you want to do, and we'll see what we can do for you.' But technology in IT should be viewed in exactly the same way as technology in the military. The army has a whole bunch of new high tech equipment to help them check out an area and kill people, but they still train soldiers in how to use a knife and unarmed combat, and they still teach them how to use their eyes to search an area, as well as using the fancy sensors. The special forces also still train people in how to use crossbow, bows and arrows, etc. In every form of employment and industry, the very latest technology is NOT always needed, or even the best. No modern rifle is as quiet as bow an arrow, or a well placed knife - the same applies to much of the IT technology as well. Back in the late 1980s I was working in a factory where they made components of modern military combat equipment using machinery used to make weapons for WW1. They still the job just as well as the very latest equipment. If your web page is there simply to make your pages of information available to people, you don't need fancy scripts, java, asp, flash players, or similar fancy stuff. Basic html will do the job quicker and better than any scripted version can. The same is true of many of the other new technologies; also, there are cases where the operational requirement does need the very latest technology. One should always choose the most appropriate method for doing what's wanted, not just the very easiest for you. Talking about this to a nephew the other day (he's in the IT industry as well) and he told me of a case where one of his boss' clients is extremely upset to be charged $300 to have one system rebuilt, as one of their staff put on an IM program that made it easier for them to talk to some clients, but it isn't supported under the IT support contract, and the IM program included some spyware, no matter how often you cleaned it off, next time you used the IM, it got reloaded. Only way to get it off for sure, was a total rebuild. Staffer screamed blue murder about having HIS IM software removed and put it back on, so the second rebuild was a full charge job as it was created by 'User damage' and not a normal maintenance thing. Formal notice was given to client that all future removals of that IM software would also be fully chargeable. He doesn't know how the client dealt with their staffer about this. A related issue is many of the ISP's in Australia do NOT provide any support for connection issues related to systems using any operating system except Windows 2000 or Windows XP - they have no notes or expertise on how to set up any other operating systems, not Win NT, not Win 95, not Linux, not Mac, not Unix, not Win Vista. They hang up if you have an unsupported OS for connection to their services. and many wonder why so many clients don't renew their contracts.

shardeth-15902278
shardeth-15902278

Your last example, in particular, is a great bit of anecdotal evidence. You always hear the fear rhetoric about getting left behind if you don't keep up with the latest/greatest. It's nice to hear real evidence to the contrary. I would think one of the best approaches that IT can use when approached about implementing new technology x would be "Sure, we can look itno that, what are you trying to do?". The key elements being 1) Accepting the request in an affirmative way, so the user views you as an enabler of - rather than an obstacle to - progress, and a willing team memeber. 2) Expending the effort to determine the actual need the user is trying to fill. From there you can make the case to the business for x, or recommend y instead as it is a better fit for the need, or change the font size setting on their computer, because that is all they were really trying to accomplish in the first place...