Productive flexibility

Instead of banishing all employee software installations, devise a plan that offers balanced support

MANAGEMENTSPEAK: We need to establish uniform practices across the enterprise.

TRANSLATION: We see what you're doing, and we want you to stop it.

-- IS Survivalist John Pfeifer would like to stop the uniform practice of obfuscatory exposition.

"WE CAN'T JUST LET users install anything they want!" This, the mission statement of the Value Prevention Society (VPS), has, in a decade, evolved from controversial policy to unquestioned postulate.

The history of the personal computer belies it. PCs succeeded because they freed end-users from the constraints imposed by centralized IT, letting them select, install, and make innovative use of whatever capabilities they could program themselves or acquire through the purchase of inexpensive shrink-wrapped software.

"Nice theory, but," I can hear VPS members respond, "supporting uncontrolled desktops would blow our IT budget."

This strawman argument misses the point perfectly. VPS members live in a binary world -- the only alternatives they recognize are complete lockdown and total free-for-all. The real world is more interesting. In the interest of offering solutions instead of criticism, here are some elements of a more balanced desktop support policy.

Establish multiple levels of supported software. The stuff you install, support, and pay for out of the IT budget right now is one level -- fully supported. Next comes software IT has tested and found reliable, but doesn't pay for or install. Call it endorsed. Third is software IT hasn't tested, but software that is well-known, comes from a reliable vendor, or otherwise is deserving of some trust. Call it acceptable. And finally, there's that other stuff. Call it disallowed.

Establish multiple levels of support. Problems with fully supported software are first in the queue. Next come problems with endorsed software. Problems with software deemed acceptable rate the lowest priority, with no guarantees beyond restoration to a standard image.

Require management approval. As Ronald Reagan was fond of saying, "Trust but verify." Trusting employees doesn't mean trusting them blindly, so if an employee wants to install, for example, a PIM (personal information manager) other than the company standard, his or her manager must approve the purchase ... and, of course, the PIM must be rated acceptable or above.

When integration is vital, company standards rule. If you have no CRM software in place, for example, sales representatives should be able to buy and install whatever contact manager they want. If you have implemented a serious CRM suite that includes SFA (sales force automation), the standard overrides personal preferences.

What's that you say? It's easier to just lock 'em down? Of course it's easier. That's often the nature of a bad decision.

Mobile Security Insider: iOS vs. Android vs. BlackBerry vs. Windows Phone
Recommended
Join the discussion
Be the first to comment on this article. Our Commenting Policies