Would you pay for IT Freedom in the workplace?
I ran into this article this weekend about “Unchain the Office Computers! – Why corporate IT should let us browse any way we want.” by Farhad Manjoo. The reaction went from Yeah right, this guy is nuts to maybe there is some merit to somewhere in between.
The article starts off talking about the somewhat hilarious answer to a State Department worker asking why they were unable to use Firefox on their work computers. Being an IT Professional, I can understand the answer. Every additional program installed is another one to install, patch, and support. I am also unsure if there is a good way to block plugin installs, which could be a major issue. So the expense of Firefox comes in other ways which might not be understandable to the enduser.
I think that the author does have some basic misconceptions of technology. He states that he cannot forward his mail Gmail but others are allowed to forward to a Blackberry or Iphone. What he is misunderstanding is that the problem is where the mail resides and who can have access to it. Typically Blackberry’s and Iphone’s still keep mail on the organizations server, compared to Gmail, which who really knows where it goes, or how long it is actually kept. The thing that amazes me if that this person seems quite alright trusting Google, but seems to have an inherent problem with his IT organization. I guess it is because Google is that big ol’ free cloud that does everything right.
Where I do agree is that IT Professionals can be closed-minded and power hungry. Our policy was that if a user could show business use, that we would try our best to accommodate the enduser. (Keep in mind I work in academia!) However, I have seen others in the same organization who would still rather run Windows 98, Eudora, and Netscape and won’t budge. It think where the Farhad goes wrong is asking for unfettered access to their computers.
I wish he would spend one week in an IT Support person’s shoes. While in IT support, I received request for anything from coupon printers, to WeatherBug, to even Bonzi Buddy. What Farhad does not think about is that 6 months from now when some computers are overflowing with spyware, adware, etc., that the user will state that their computer is slow. This is additional work for support to rectify which is easily handled with some of these rules (running with least privilege). I guess you can put it into the category of one bad apple spoils the bunch. I am sure that there are users that can take care of their computers just fine. That launches right into my next point.
I stepped into a conversation on Twitter between Michael Santarcangelo (The Security Catalyst) and Ax0n discussing this article. Michael wrote:
accountability requires pre-agreement (albeit implied)… without that and the ability to achieve, can accountability exist?
Then it came to me. I remember from Michael’s book Into the Breach (really a book every IT Professional should read) that he talks how people will not realize their security gaffs until they are held accountable. So I wonder this, would you accept unfettered access to your desktop in exchange for accountability? Would you be willing to be docked pay for downtown, fined for breaches/compromises, or even fired for these offenses? A put your money where your mouth is kinda deal. I wonder how many people would step up. Would you? I have seen compromises from ad malware just from surfing to common sites such as Fox News or Yahoo. Is having your IT freedom worth it??
I think it gets down to another point from Into the Breach, Users just want to get their work done. Michael said it right: “We need more dialogue, which means we need to listen, learn and act…together.”
Edit: Michael brought up a great point. Not only have negative consequences, but have positive rewards. Great idea! Almost a new way of thinking. Hold people accountable, reward them when they do well and people could actually want to learn how to be secure!
Related posts: