Crouching Admin, Hidden User


Published on

Field experience and random thoughts motivated into action by Richard Diver. Added content suggested by Shelly Bird.

Published in: Technology, Business
1 Like
No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • The well meaning IT and Security department tries to protect the user base from malware, spyware, industrial espionage, viruses, worms, software bugs and defective hardware whilst increasing user productivity and managing corporate assets (physical and intellectual property).
  • The IT user is not a child, though often they are treated as such by the departments that manage and provide services to them. Most often users are college educated, mature, professional individuals. Some are quite tech-savvy themselves in fact.
  • Now this dichotomy of IT administratorvs corporate user exists in almost all companies. IT administrators often have the attitude that their users akin to wayward children almost.Now there are reasons for implementing controls and impeding users from achieving some tasks without checks and balances.These can generally be broken down into Security, need for internal and external Audit, and preventing the corporate assets and communications from ending up on Wikileaks.
  • Crouching Admin, Hidden User

    1. 1. Jeff Stokes Microsoft Field Engineer, GBS Crouching Tiger, Hidden User Thoughts on the IT process and the human impact of same.
    2. 2. The lock down vs the smack down Why corporate users sometimes resent their IT departments
    3. 3. How the IT Department sees itself
    4. 4. How the IT User Feels
    5. 5. The Case for Controls • Security • Audit • WikiLeaks
    6. 6. Security • Digital Rights Management • Anti-Virus • Mobile Device Management • Email Discovery • Remote Access Controls • Patching and Updates • Desktop Lockdowns/Branding
    7. 7. Audit • Compliance • Change Control • Enforcement
    8. 8. Wikileaks/Breaches • Public Image/Reputation • Legal Liability • Theft of IP/Monetary Assets
    9. 9. The Results of Extreme Controls • BYOD • Reduced Productivity • Lower Morale/Trust Issues
    10. 10. BYOD • In some ways, BYOD is the loss of respect and faith in the IT organization by its user base. Users feel they can be productive with own equipment rather than corporate assets. • Long Boot Times/Slow Performance • Frequent Crashes • Tight System Controls • In other ways, BYOD is an empowerment of the user to ‘get things done’. In these cases, the “BYOD” could better be coined “PYOD” (pick your own device).
    11. 11. Reduced Productivity • Usage of overly managed systems impede users from getting their work done. • Change control and heavy audit processes slow innovation, creativity and organizational agility. • Siloing creates team resentment and poor communication channels
    12. 12. Lower Morale/Trust Issues • What is the cost of to the institution for an employee to walk? • To go to a competitor? • For both of these, one must consider the cost of training a replacement, the cost of loss of institutional knowledge (why was a system setup a certain way 10 years ago?) • What is the cost to an organization when teams break away and do their own thing because of operational inefficiencies or overbearing rules?
    13. 13. What to do?
    14. 14. Control but Trust • Remember employees, from all divisions and teams, are in it to win it. • Control lightly, trust heavily. • Give people the opportunity to do the right thing. • Trust their judgment, listen before reacting!
    15. 15. Data Protection, not User Restriction • Use native OS capabilities to protect the ‘good stuff’ • Digital Rights Management appropriately • Classify Data according to Impact and Importance • Mobile Device Management for BYOD is Paramount here • Patch/Secure the end point devices • Complex Passwords and Security Enforcement that is Reasonable • Extranet Access, what is needed to do the job, control the floodgate of information here.
    16. 16. Empower and Enable • The primary task of IT is to use changing technology to improve business productivity. Do not lose sight of this. • Give the users good tools to achieve results. Take feedback on what their view of ‘good tools’ means vs what IT’s view is. Invest in training. • Remove blockers to employees and teams, make sure they can get their job done. Remove barriers between orgs. Why reinvent the wheel?
    17. 17. Adapt and Change • Create feedback loops in the environment. System monitoring, alerting for performance, SLA breach, etc. But more importantly, survey the business heavily. And Listen to the results. • Be ready to be wrong. Be comfortable to admit mistakes. Nothing stymie's innovation and action more than fear. • Readiness and training are paramount. Change with the times, more so, innovate with the times.
    18. 18. And more importantly • Have fun. More time in life is spent working than anything else. Do what you love. Love what you do. • Remember, “if nothing ever breaks, IT isn’t innovating to improve business productivity” • A system that worked great 10 years ago, does not a great system today make.