If you've been following the news, you've heard about the porn scandal at the SEC. Especially when you hear that at least one person supposedly spent eight hours a day watching porn, you really have to wonder just what was going on.
So, what does this have to do with IT? Well, one of the first question many people have is "why didn't the IT guys block this stuff?" The problem is that they were blocking porn sites. But, filters simply are not fool proof.
What really happened is a failure of management. How can anyone spend eight hours a day - or even "not more than and hour and a half" (which is what one of the other people investigated admitted to) on anything other than work without it having a significant effect on their work?! Why was nothing done about the inevitable degradation of work output?!
You may be tempted to use this opportunity to get your organization to spend some money on appropriate filters and other security. That's not a bad idea. On the other hand, the old saying about "be careful what you wish for" applies here. You don't want to create unreasonable expectations. You also don't want to be held responsible for something that is not in your control. Beyond that, you want to make sure that people understand that technology works when it is used properly. Technology in a vacuum does not do you much good. Technology with proper business practice is great.
So, what you really want to do, I think, is to make sure your filters are in place, and so are your reporting tools. But at the same time, you want to make sure that your people are trained, and policies and procedures are in place (and followed), to minimize these kinds of issues. That means that IT and management need to be partners.
Use the SEC scandal to build the IT organization you want. That means technology and that means better integration into the organization.
Subscribe to:
Post Comments (Atom)
Posts
1 comments:
It kills me that the norm is to have IT take responsibility for blocking and monitoring visits to porn sites in modern corporate culture. The problem isn't just that this type of responsibility rests with human resources or departmental managers, not the techies. It's that, by putting it in the realm of technology management, they're saying that IT are the corporate technology use police, not the technology supporters and enablers.
Distrust of IT is generally high, simply because people are uncomfortable with and distrustful of technology. But taking on this responsibility compounds that distrust tenfold.
As the people who control the data, we (IT Staff) have dual responsibilities. One is to not look at the things that we wouldn't be able to see if we weren't admins. And the other is to not decide, for the company, what they should and shouldn't do with computers. We can advise, and we can contribute to the decision making processes regarding computer use, as we have expertise as to what is feasible and optimal. But, if we are the ones controlling what people can and can't do on the systems, we lose all authority to recommend how it's used.
I consider filters to be a necessary evil in battling spyware and viruses, and, if they're in place, I think it's a service to the org to also block porn. But log monitoring and reporting on porn use should never be an IT function.
Post a Comment