Just because you can, doesn’t mean that you should
Recently I have noticed a rash of client workstation lock downs at corporate and government sites. This is where the IT department locks the computer work station down of the users and prevents them from using the PC as little more than a terminal. It prevents the users from even making changes to their web browser settings or if they do make changes to the settings, an IT controlled program periodically will go and reset everything on the client workstation making the user go through hoops to reset their browser. Aaaah, IT services, we are here to help you! You know…. sort of like the tax man.
With the rash of incidents I have been noticing lately, it is like all the IT folks either went to the same seminar on security or read the same magazine article on the topic of how to totally secure the PC. With all this mindless level of security, you may as well go ahead and remove the PC. If I count all the time users screw around with their PC because of poorly thought out IT security policies you may as well throw the PC out. It would be more productive to do calculations by pencil and paper or manage lab data on note cards.
What about regulatory compliance? Well that is a good point and as with everything, there is no single answer to how to balance regulatory compliance issues with user productivity. Each regulatory requirement is composed of its own ‘Real’ requirements but there is no need to do blanket rules and policies that go for the lowest common denominator when it comes to what users can and cannot do. It is easy to turn off the brain and just go for the conservative approach to policies but that is why senior management gets paid the big bucks… to actually do some thinking about things before they apply policies to the organization.
This brings me to the point of this blog title “Just because you can, doesn’t mean that you should”. Within an organization, IT is not in charge. It is senior management of the organization that is in charge. The IT department ideally does what the senior management commands. As with everything, the buck stops with management. So I am not here to crack on IT but actually the senior management that directs IT. The advice is to exercise some leadership and try using people management over gimmicks like technology to lock users down. When you provide leadership rather than force, you find you have a better, more productive workforce and one that is better in tune with the missions of the organization.
So while technology gives you all sorts of tools to make up for lack of a leadership backbone, let me advise that you not rely on those tools but develop better leadership skills. Only put in the level of controls that are needed to meet regulatory requirements and business objectives but exercise restraint in applying automated policies that will have sweeping negative impacts on users. You will gain more productivity, better quality and all at less cost.
