One of the challenges for IT folks is we often want to solve organizational problems with technological solutions. We try and approach all kinds of problems with our technological proverbial hammer when often a hammer is not even necessary.
An example problem would be “Our users are pirating software or using free software that loaded with malware”. The simple technological “solution” is that we remove the ability for end users to install software. However, this is just a band aid to much larger organizational issue. Why are the users installing non-approved software? What functional problem are they attempting to solve?
The end result of removing admin access to install software is that it increases the complexity and workload of your environment. All of a sudden the support staff are now inundated with requests to install software. Removing install access may have solved one problem but created a bunch of others.
The problem is not one with the technology but with the process and management and until a proper documented process has been communicated to the end users and the appropriate management functions applied. This will continue to a problem plaguing the organization. Although, the symptoms may have changed.
Over the years, the Microsoft Operations Framework has developed and matured. I recently came across an TechNet article from 2012 that goes over the different phases of the framework. I have attached a link to the article and a copy of the presentation. I would highly encourage you if you work in the IT or Management sectors to take a look. It changed my thinking on a few concepts..
Laura and I recently watched The Internship starring Vince Vaughn and Owen Wilson. The portrayed culture intrigued me. I remember reading several articles that described similar things about the Google culture.
The questions that I am currently mulling over is: What kind of company would I like to work for? What culture would I most engage with and produce my best work? If I had carte blanche to make whatever changes I wanted in my current organization what kind of changes would I make? and why?
A classmate of mine (Kevan Gilbert) in university once said about the firm that he works for:
It’s like Domain7 actually wants me to be me, instead of trying to squash me into an employee-shaped role. And I think that means clients get much better work from all of us, than from a typical agency. (http://domain7.com/us/kevan-gilbert)
Kevan describes a culture where he feels he can be himself and produce his best work. A boilerplate HR policy obviously does not create this kind of culture but is this only possible in firms under 50 employees?
Free food and a roller rink are not the answer.. Or are they? I think the answer is the fact that google has put considerable research into what employees are looking for. They have created a place where employees want to be. Is your organization a place where people want to be/work? If yes what makes it so? If not, what changes would you make to make it a place that people want to be/work?
Or does it matter?
I wrote this post for a class I’m taking on organizational dynamics. I know that normally I write about technical things here but this directly applies to the IT world and is food for thought for our role as IT within the greater organization.
One of the things that I struggle with in my current role is the tension between freedom/creativity and bureaucracy/structure. I have seen the devastation that comes from organizations that have a ‘Wild West’ philosophy where everyone is able to do as they please. The end result is mayhem and un-productivity. However, I have seen the exact opposite where an organization is so structured and bureaucratic that working in that organization feels often like a prison. Gareth Morgan (2006) addresses this in his book Images of Organization. He writes:
(Max) Weber is famous among organization theorists for his work on the nature of bureaucracy. However, his main concern was to understand how different societies and epochs are characterized by different forms of social domination. He viewed bureaucracy as a special mode of social domination and was interested in the role of bureaucratic organizations in creating and sustaining structures of domination. (pg 294)
Like my previous post, I agree with Morgan (2006) and Weber in the concept of bureaucratic organizations can be structures of domination. Weber came up with 3 types of domination that he gathered from historical research. (see attached jpg taken from pg 295). I struggle because I see myself sometimes in the ‘rational-legal’ category. I wonder about the impact I’m having on my organization. Am I dominating our people with rules and procedures? Am I stifling creativity with bureaucracy? Obviously there needs to be a tension but where does that tension rest? Any ideas?
As an IT professional one of the first steps you need to take to protect your organization is to draft and implement an Acceptable Use Policy (AUP). An AUP is pretty standard in most organizations and should be in place whether you have 5 or 50,000 users. If you do not have an Acceptable Use Policy you do not have to reinvent the wheel. You can find samples online that you can tailor to your uses. A few samples can be found here. Once you have drafted your policy you may need to contact your legal council for your organization before it is distributed. Next you will need to work with your HR department to ensure that this policy is communicated and each employee signs a document saying that they not only have read the policy but that they understand the policy. This is a key component of the employee signoff. Many a wrongful termination case has been proved valid because the employee simply said “they just told me to sign it, I didn’t understand.”
Now that you have your AUP in place, you must ensure that it has bite. When you have an AUP that does not have consequences it is like an alligator with no teeth. The alligator may intimidate some but in most cases will be ignored. When you investigate AUP violations ensure that your HR team is involved, ensure that your evidence is bulletproof e.g make sure your policy states that the employee is responsible for all use with their assigned asset. This removes the “my son must have been using my company computer. etc” excuse.
Lastly, as an IT manager you need to start looking for it. Too many managers and administrators turn a blind eye and think that this does not affect their organization. The truth of the matter is that if your organization is larger than 10 people it probably will affect your organization and no industry is immune. One of the most recent cases that has made the news here in Vancouver has been the case with the Vancouver School Board employees at the Maintenance Shed. Several employees were caught viewing Pornography on company systems and on company time.
No matter how you personally feel about Pornography. It is for sure offensive to some and is a legal risk for your organization. Not only do organizations need to consider lost time in productivity, but a lot of Adult websites are riddled with trojans and viruses just waiting to infect your corporate workstations. The cost to remediate these infections is costing organizations billions of dollars.
While Pornography is the predominant AUP violation it is not the only one. More and more organizations are letting their end users have local administrative rights on the workstation. This has led to everything from pirated software to freeware and shareware being installed. Taking the legal licensing risks aside, there are numerous corruption and infection risks associated.
Having a strong AUP is by no means a complete solution. It will not solve all of your user related problems. However, it is the first step in ensuring that your organization is well protected and a mandatory part of ensuring that your organization is doing it’s “due diligence”.