And that's the typical ivory-tower attitude I run into with folks I call "full-of-themselves IT management".
Well I'm sure the best way to combat that is with the ivory-tower attitude of "full-of-themselves users who think they need admin rights, no filtering controls, and no release management or configuration management in order to read and write PDFs and create their Holiest of Holy PowerPoint presentations."
Hmm... Let's see where
this one goes, shall we?
Like the one that announced that if she had her way, everyone in the organization who travels should not have a laptop but a blackberry (only). Sorta wastes the money that was spent on laptops.
And I'm sure she just manufactured that idea out of thin air, from the clear blue sky, for no reason whatsoever. Because, you know, that's what the geeks in IT do: They like to
prevent technology from being used. And what's more, there's
nooooo cost associated with supporting those laptops whatsoever. Not a penny. Nope... All the Superhuman PDF Readers, Excel Chart Makers, and PowerPointers out there, they
never waste
anything when they're given more resources than they need.
Never.
I asked her to explain how I was supposed to read a 25 page contract, mark it up, and send it back from a blackberry. She had no answer.
Oh, my, there are
twenty-five page contracts involved? Well, then, why yes, bring them laptops! Laptops for one and all, across the land!
And while they're at it your GPOs should all be removed and you should be given local admin rights too,
right away. Probably need patching disabled and the corporate firewall blown open too, so you can get that
word processing taken care of. Forget "security." Forget "manageability." Forget "standardization." Forget... um... what's the word... oh, yeah, forget "
COST." The Almighty User has
WORD DOCUMENTS they must be free to edit (and lose, without backup!) unfettered!
What's beyond dumb is setting up a system that will effectively not allow folks that travel with a laptop to store local files on the laptop (despite being protected by PGP-whole-disk encryption, then another layer of encryption after log-on, and yet a third level of encryption on the email data), nor make any configuration changes - even ones that are necessary to keep the system operating, like the ability to turn on or off WiFi or Bluetooth without it being done remotely by support. How am I supposed to VPN back in to get the file that I can't store on the laptop... since the support folks can only access the laptop to turn on the network card through a VPN?
So you've had the great fortune and unique experience of stumbling upon a specifically dumb corporate policy crafted, implemented, and managed by clearly misguided or incompetent people. Shall I call the engraver
now to start work on a congratulatory plaque?
It's dumber than the policy that says that only the top couple of levels are allowed to have aircards (most of those folks don't travel), yet those who ARE heavy travelers can't have 'em. Made a real mess when I was on crunch for a drop-dead deadline for a deal (in the office) and the corporate network went down... leaving me with no access for four hours. Wonder if the so-called protection is worth it when we came within minutes of losing a $400 million deal. Support couldn't care less. Corporate IT "felt good" because they "protected" our data. Well, DUH, the data is protected because EVEN THE EMPLOYEES THAT NEED IT COULDN"T GET TO IT!
Well, since it's a $400 million deal you're working on (just like the last 10 people who called the helpdesk who knew the tech's job better than them), then not only should the policy be "Laptops! Laptops for all the people, and a color laser printer in every cubicle, cost be damned!" Clearly given that -- not to mention the extraordinary technical complexity of the PDFs, Excel, and PowerPoint you work with -- you should also have the
best support available. Only MIT grads and the like. And, since you're all
so pleasant to work with, they should all be paid at least $75,000 a year to keep them around and happy, too -- and you'll be more than happy to shoulder the
cost of that service. Because what you're all really looking for is a
partnership in success, right? You want to really work
with the IT people to improve your situation, as evidenced by the fact that I'm sure you professionally and responsibly voiced, in the proper channels, the shortcomings in the services as you saw them, instead of just whining and complaining -- and impugning the virtue of an entire professional discipline -- thereby creating an unnecessarily adversarial relationsh... Hmm... Oh.
I've been known to risk violating company policy to get my work done on deadline. Kind of a Hobson's choice.
And again, I'm sure you properly and effectively communicated to management the shortcomings in that policy so that you never had to do it again. Right?
I'm not even going into talking about our software developers that are hampered by the crap.
Oh I see. If their managers aren't getting their developers the resources they need, it's
IT's fault. Of course. Makes
perfect sense.
Nor am I talking about classified data (BTW, we don't have a classified-capable data connection because of corporate evaluation of "security risks" (but it's good enough for the government), instead we have to have things hand-couriered through airports, etc). Talk about productivity issues.
Again, I'm glad you've decided to take what's a (apparently, based on the hearsay you're providing) single, individual, anecdotal bit of bad tech-work and use that to call into question the validity of an entire professional function. Because that's usually the
best way to fix those kinds of inefficiencies.
Perhaps if the IT people were actually in-the-trenches trying to meet deadlines, things would be different. Risk management is about MANAGING the tradeoff between risk of a security issue against the risk of not getting work done. Something's got to give. One size does not fit all: security for sensitive personal data (such as medical records) or classified material is much different than the risk imposed by someone who's doing meeting planning. Yet in many organizations, the lockdown is the same. Likewise, the need for a complete lockdown is much different for someone with risk management experience and the knowledge to mitigate the risk vs an untrained manager. Yet in many organizations, the lockdown is the same.
Perhaps if business units demonstrated any interest whatsoever in communicating their needs and working
with the people who
actually have the skills and knowledge to get them the resources they need
while "MANAGING" risk at the same time rather than working
against them, slashing their budgets and -- oh yeah -- incessantly casting them as brain-dead hurdles to be jumped rather than skilled professionals to be worked with, maybe -- MAYBE -- they'd be more effective at crafting security and administrative policies and systems that make sense and aren't unnecessarily onerous. Just maybe. And yeah, "that's the typical ivory-tower attitude I run into with folks I call 'full-of-themselves IT management'" when approaching every conversation about centralized management and administration is
exactly how to get
that particular ball rolling.
And to think that we were talking about being
productive here.
Tell me: if a $400 million deal is missed or blown up because the security measures prevented someone from completing the work
If a $400 million deal is "missed or blown up" because "security measures prevented" some Excel Jockey or PowerPoint Whiz "from completing the work", that particular "someone" didn't know what the hell they were doing with the technology resources they were given in the first place -- or they're simply looking for a scapegoat. They probably should've talked to
and worked with the people who
do know what they hell to do with the technology resources they were given
before some mysterious "blow up" happened.
or because the document is mandatory-stored on the network but the network is down for 4-8 hours, who loses their job? I can assure you it's not the IT guy that made stupid policy.
Right. Because network outages are caused by "stupid policy", for one thing.
But in a perfect world, it'd be everybody: The IT people who didn't effectively serve their constituents' needs, and the users who didn't effectively convey what their needs were. Because the blame is never on just one side.
But guess who's gonna get
their budget cut?
Come down from the tower sometime and see what the users have to put up with on policy. Then tell me that it "doesn't affect productivity".
This is exactly why
lots of tech people -- this one included -- get the hell out of supporting users at the first opportunity. Virtually
every user is a victim of their own greatness, burdened by "deadlines", slammed with the pressure of the "Four Hundred Million Dollar Deal™" (and boy, lemme tell ya, there sure seem to be
a lot of those...), and enraged by the knowledge that they know how to do every job better than the people already doing them. I mean it's such an attractive offer: "Hey buddy, how about you provide me with some IT support! I'm gonna complain when you
do protect me from the risks I need to be protected from, blame you when you
don't protect me from the threats I told you not to protect me from, blame you for pretty much every problem I have even if it's of my own creation, will refuse to be a constructive partner in crafting policies and solutions that make sense and instead will just incessantly whine, will expect to have everything I want (even if it's well beyond what I need) and pay nothing for it, and will do everything I can to work
against your success as a group. In return, I'm going to pay you a pittance, and hold over you the threat of sending your job to a country in which last week the people were getting paid 17 cents a year to manufacture soccer ball parts, make
your group the first to take budget and staff cuts, imply that you're a dolt whose job could be done better by me and other people who don't have the first clue what your job really entails, and generally just treat you like ****. And oh by the way, if you dare question my edicts from on high about how I know how to do your job better than you do or if you have the audacity to act for just a moment like the subject matter expert I expect you to be, I'm going to consider you to have
the typical ivory-tower attitude I run into with folks I call 'full-of-themselves IT management.' Whattaya say? Sounds pretty great, if you ask me!"
But yeah. It's the
IT people who are in "the tower". Riiiiiiiiiight.
