It's Not The Technology, Stupid

Shops that view their IT departments as strategic and vital--as opposed to those that see IT as a highly paid custodial staff of the technology world--recognize that the value of the IT department is not about the technology. It's about your leadership and willingness to insist on unpopular decisions for the good of the order. In a nutshell, it's about IT being relatively inflexible about what constitutes your network's AUP (acceptable use policy).

Let me put it another way. Are you or your top-level IT folks doing your jobs when it comes to steering the network, or are maverick users and hobbyist VIPs running the show? You know who I'm talking about: the folks who want networked PCs to be just like their home PCs--unfettered and without accountability. This can have bad consequences. Recently, a friend of mine was told by his crazy and irresponsible IT-department head to stop backing up Internet browsing logs because "Some of the VIPs don't like it." What?

How does this one sit with you? I know a department head who tolerates it when certain VIPs bypass security checkpoints by using analog lines. ("I need it for my fax machine," cry the VIPs.) Sure, it's in the name of confidentiality, but it's really about accountability. "I don't want anyone knowing about my porn-surfing and stock trades."

With the head of IT acting so permissive, can you honestly imagine his IT department being treated as a strategic unit? Instead, it will be treated as the purveyor and maintainer of all things toy-like. This, too, is crazy and irresponsible. Think Napster. Think Johnny Castaway screensavers. Think BonziBuddy. What the hell are these doing on any business network?

The stakes here aren't small. Toys can easily cause a technician to waste an hour or two troubleshooting a nonbusiness problem. And because the economies of scale on business networks can turn into the unruliness of scale, this type of occurrence can represent hundreds of wasted technician hours. Even "goodwill" gestures, like disabling a URL filter for a VIP to pick up her Webmail, have deeper consequences, like "MyNakedWife." More wasted hours.

The dollar consequences of a poorly written, malfunctioning screensaver are no less real than the dollar consequences of the scofflaw dial-up PC or Webmail user getting Trojaned. It's not about the technology.

Even if it were about the technology, technology can't keep up. Look at the latest: "GoToMyPC.com." Think of it as the Napster of remote control. Your user PC initiates an outgoing, permitted connection through your firewall, contacts a broker at GoToMyPC.com, allowing a remote-control connection with a user "somewhere on the Internet." How convenient. How terrifying.

Does your AUP spell out that putting your user PC security in the hands of an untrusted third party is totally unacceptable? It had better, or your users will be flocking to GoToMyPC.com. After all, it's convenient.

For many of these things, prevention begins at the desktop. If users can't download and install, they can't do anything stupid, risky, illegal or counterproductive. There's no good business reason for most workers not to have a locked-down desktop and browser.

It's not about the technology. It's about good old-fashioned business negotiation. It's about selling your AUP--and built-in consequences--aggressively to upper management. It's about being seen as a critical part of the bottom line and being willing to take the heat when people whine about losing their toys. It's about communication, not telecommunication. Sure, we talk to upper management, but are we communicating? A mentor of mine once said, "When you get to the point where you're talking without communicating, you've lost the battle." Amen.

Jonathan Feldman is chief technical manager of the Chatham County Government in Savannah, Ga.