Thursday, 7 June 2012

IT departments are not police

Sorry folks, it's another Kelv-Rant(TM)!

This post's rant is brought to you courtesy of my less than co-operative IT colleagues around the world. You guys know who you are, and you should be ashamed of yourselves!

So, here it is in a nutshell. I'm sick to the back teeth of hearing from people (in a work context) "We can't engage properly with social media because we can't get on Facebook."

At a slightly expanded level, I've spent the last 5 years listening to variations on a theme of "Organisation X can't get a Facbook page set up for their museum because their IT department blocks access to Facebook". Today, I sat listening to a person who works for a council run museum who told us that it took her 3 months to get access to Facebook, despite it being explicitly mentioned in her job description.

This kind of thing really pisses me off. Having worked in I.T. for the last 11 years with various organisations, I feel that I'm in a fairly good position to give an opinion on the practices of IT departments and here's what I think on this matter:

There is absolutely no legitimate reason whatsoever to block access to social networking sites at an organisation wide level. 

And here are some of the many reasons why...

Organisational policies do not require pre-enforcement

Okay, so let's start by assuming that your organisation has decided that people should not access social networking sites from within the corporate network. If that's the case, then there should be a policy to this effect with clearly stated boundaries and disciplinary procedures should these boundaries be breached. Once these policies are in place, there is no call for a block on the sites in the same way that an organisational policy on no alcohol in the workplace does not require everyone's bags to be searched when they arrive at work.

If it's not organisational policy, then you have no right to block it

This should be obvious really but I'm going to cover it anyway. Just because you CAN block something, doesn't mean you should. Even - and this is important folks - even if your firewall comes pre-configured to block these sites.

Now, don't get me wrong. I'm not saying you should turn off every default rule on your firewall. I happen to believe, for instance, that blocking certain sites is a good idea, but not with the primary objective of restricting access. For instance, a rule blocking porn should not be there to STOP people looking at porn (regardless of whether you have a policy stating that they shouldn't) but to help protect people from seeing things that might inadvertently offend them.

It shouldn't be organisational policy because YOU say so

I have seen far too many organisation wide policies come into effect because the IT department says that it must be so. Now, there's nothing wrong with introducing policies that support the objectives of the IT department. But the objectives of the IT department should be to support the organisation, not to make the IT department's job easier or give it licence to do whatever it wants.

I operate on a very simple principle for any and all IT projects - that they should be doing better things, or doing things better. If your project (or reasoning for doing something) doesn't fit either of these then you should abandon it (if you need an example, see almost any project involving AR right now.)

You should be able to trust your staff

And this is the most important one. If you (and here I'm talking to the organisation as a whole) can't trust your staff to follow policy then you should either fire them or be prepared to go through your own disciplinary procedure when they breach that policy. Do not ask your IT department to act as a crime prevention unit of a corporate police force; they've got enough on their plates keeping all of your system up and running.

Which, by the way, you are NEVER grateful for.


  1. Ahh Mr. Kelvin, come back!

  2. Well said that man! There are those within IT who see it as their mission to block & lock absolutely everything down, & then inform the business that it is up to the individual users, or collective thereof, to go cap in hand to the IT department for "special access" in order for them to perform the job(s) that the individual or collective IS EMPLOYED TO DO IN THE FIRST PLACE. All the perceived power lies in the hands of the all-knowing, & utterly untrusting, upper management who then top-down commands the IT function to pre-enforce policies. That's Orwellian at best, & Draconian at it's core. "Stop them doing it in the first place, keep them fearful of our big anti-internet stick!" is the mantra; it ought to be "We get the best from our staff by nurturing a pleasant atmosphere." Disrespect breeds resentment, & you will never have an enthusiastic workforce in those circumstances.