That's what a few employees called me in my former work life and I couldn't care less, then or now. What prompted that...er, disclosure is that Glenn Reynolds has a TCS column up that rips on companies that are cracking down on Internet usage by their employees. Reynolds criticizes, rightly so, management that uses Internet monitoring because they are unable or unwilling to actually deal with, or measure, the output of their employees. I tried for years to get my management to recognize measurable employee output so that my staff or I could occasionally work from home. Some tasks are best done without the constant interruption of phones or drop-in visitors. No dice, even if it was quantified and measurable. Idiots.
So I don't have any problem with that aspect of the column. There are a lot of reasons though, why companies restrict Internet access and the most important ones are listed in the Chicago Tribune article that he links. I'm kind of surprised that Reynolds just seems to blow them off. As a former IT Director, I'm not just surprised, I'm a little irked. I base that attitude on my last job, the IT Director one, where at the end of my tenure there were 40 locations and about 1,000 employees. Most of those employees and all of the locations had access to the Internet. They were a pesky bunch at times. Why? Well, security for one reason. Bandwidth was another. And then there was security.
Did I mention security?
Anyway, let's tackle bandwidth first. Networks cost money. In managing a corporate network you have to balance budget constraints against usage demands. Most of the segments I managed had average utilization during business hours of between 10% and 20%. What really drove how those segments were provisioned were the demand peaks and their frequency and duration. On occasion, I'd get calls from one of our locations complaining that the network was slow. About 90% of the time, no exaggeration, the problem would be someone downloading or viewing something completely unrelated to work.
Real life example: I took a call from a pissed-off salesperson at a small office complaining about the network...."It sucked". Ooookay. As he berated me, I took a look at the routers, traced the problem back to our email server, and found the 8MB email that came from "stupidname_at_yahoo.com" that he was pulling down. It was a funny, but completely unrelated-to-work, video. I killed the process and, wonder of wonders, no congestion anymore. Except now he was pissed because his email failed. There's a freakin' shock.
Over the years, that kind of thing happened more times than I can count. As a user it may not be obvious, or even visible, but IT professionals who deal with corporate networks see this crap all the time. It may be email, or streaming audio/video, or God knows what else somebody has come up with. Pardon my language, but what the fuck is the problem with doing that shit at home? There's a big difference between advocating the Internet at work as a tool for helping people do their jobs, something I'm strongly in favor of, and an anything goes attitude that says we all ought to be able to download the latest antics of cousin Billy Bob at work. Call me a troglodyte if you want to, but I'm not buying the latter. Time and place, you know. I understand that there are some companies out there where subsidizing this stuff can benefit the organization. In most cases though, I think it's self-indulgent crap.
I'm not even going to get into the legal liability issues that are ignored by Professor Reynolds. Though they are exaggerated at times, today's legal climate demands that they be managed.
The bandwidth issues pale compared to the security issues. I'm really glad I don't have those to deal with anymore.
There are some nasty people who work the Internet. When it comes to corporate network security, I'm a believer in a layered defense. There's the outer perimeter guarded by firewalls. At the other extreme is the PC with Internet access, guarded by AV or other tools/configs that limit user access or, if compromised, limit a user's PCs ability to access or damage other PCs or network devices. I banned access to personal email accounts at work because they didn't go through our corporate email server with it's AV that I knew was up to date. We worked hard to make sure that individual PCs were up to date also, but circumstances meant I could never be sure. Personal email accounts were a potential vector for serious problems such as worms. It was a risk I was not willing to gamble the company on.
There are other tools that are in between the Firewall and PC, sniffing for and alerting admins to threats. In theory it's easy. In practice, it's tough. Sure, there are a lot of freeware programs that can be used by network admins, but there are issues with reliability, scope, and interoperability with them. A lot of those issues can be solved with comprehensive vendor solutions, if you can get management to pony up the dough, and it can be serious dough for a 40 location, 1,000 seat company. Lots of companies choose to risk it instead. So it goes.
Imagine being a network or IT security admin, working to keep the company's network from being compromised from some of those very sophisticated assholes out there. And then you read this, from Instapundit no less:
And I've heard stories about employees in companies with locked-down Internet access setting up pirate wi-fi hubs (which can even be EVDO-powered) to get their fix.
No words of caution, no recognition of the security implications of a "pirate" wi-fi hub that could and ultimately would be a gateway to compromise your company's systems. Not to mention cause your ass to be terminated, with good reason. I never had the "opportunity" to run across this situation, thank God. I might have beat the living shit out of the offending little prick. Seriously. Poking a hole in your company's security with a pirate wi-fi access point is profoundly stupid. Don't do it.
There's a good balance that companies can strike when it comes to Internet access. It can be a great tool for employees and yeah, within reason, it's a way for people to stay connected and even enliven their, and their colleagues', day. There are limits though, to what any company should be expected to subsidize. And don't be too hard on that IT person, you may not really understand the half of it.
Recent Comments