IT Challenge: Providing End-User Needs/Protecting the Enterprise

I read a blog post recently advocating end-users to have full admin rights to their work computers and have the ability to install softwares for efficiency and productivity. I agree that end-users (of which I am also) need to be provided the tools required to do our jobs, which includes researching new technologies. These tools include the software we need installed on our desktop that may not be provided by IT. I hear and read frustrations from end-users who seem to constantly hear “no” from IT when a request for a software or service is requested. I feel the same way sometimes. However,those software on the desktop are useless when the network or some other critical services used by the entire organization (e.g. email, student information systems) are not available as a result of disruptions caused by malicious software. I will admit that there have been a couple of times when I have had to re-image my personal machine because of a virus that I had unknowingly downloaded from an infected site. My point in sharing my experience is that even the most careful end-user with the best intention can still introduce malicious code to the network.

In my role as a liaison between business units and IT, I have to find the balance between the need to provide the flexibility to end-users (including the ability to install any software), protecting the network, the possibility of confidential student, financial and medical data being compromised, as well as conforming to federal (FERPA, HIPAA), state (IS-1386) and campus electronic policies.  In addition to the responsibilities mentioned above, there is also an issue of capacity, specifically with regards to where IT should be spending the time and resources. I don’t think IT (of which I’m a part of) say no just for the sake of saying no (I hope your IT folks don’t). I work with helpdesk staff, network, and server staff and I know that sometimes it requires an entire team to fix an infected machine. It takes time to troubleshoot and repair desktops and there’s an opportunity cost to this time and effort. Every minute spent on troubleshooting a machine is a lost minute towards working on projects that are already under-staffed. While standardization of tools has its disadvantages, there are also advantages. Imagine having to support 1000 computers that have different configurations and so when something goes wrong, IT doesn’t know when and where to begin to troubleshoot it.

Few years ago, a worm hit our network from a software downloaded by a staff and it took down our network causing outage for a few days. Our IT staff had to work through Thanksgiving break to troubleshoot and fix the problem. The effect of that outage included delays to critical projects for a couple of months. The point is that a user’s desktop is connected to all other computers on the network and it just takes one entry point to introduce a virus to affect all the other computers as well as the servers where FERPA, HIPAA, financial data reside.

I’m very active in social media and I have my differences with our network/security admins to the extent of how social media is used in our organization. I can tell you that they’re probably not happy with my efforts in promoting social media as business tool given the security risks associated with the use of social media. However, I do understand their concerns  and it’s my concern as well, given the responsibility to safeguard our sensitive data. The repercussions to the institutions when a data breach happens and/or the network goes down is very expensive.

Accommodating the specific needs of an individual user vs the entire organization (enterprise) is a constant battle in part because of support issue as well as cost, not just financial, but time and effort. There are always more tech demands than IT can provide. How to address this issue is a topic that requires another discussion in itself.

Any thoughts on how IT can better provide service to end-users? I’d love to hear your thoughts on this.