Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Facebook/YouTube/Myspace access during office hours 6

Status
Not open for further replies.

chriscboy

Programmer
Apr 23, 2002
150
GB
Hi,

The head of our dept has asked me whether we should allow our employees to have access to Facebook/YouTube/Myspace so that they can find out information about our customers / prospective customers.

I personally think this is a bad idea as I believe these apps are productivity killers and should only be used outside of work.

Do you have any policies/suggestions regarding the above? I would be interested to hear your thoughts!
 
Hi all,

I think there are two distinctions here?

1) Whether the IT Department block content from the web should be viewed in only the IT perspective. Does it protect the network? What threats are being stopped and does it bring down even bandwidth usage etc... Are these Technology needed for the business? Maybe a Director needs to review this?

2) If emplyee are unhappy about content they cannot view and then refuse to work from the home-office that is a company operations problem and not the IT Department.

As long as the IT Department have good justified reasons in the interest of the company why content is being block then maybe the operations manager (managing Director) needs to review all the facts and maybe restructure how the company is run and not point the finger at IT.

IT is there to help and not play cop and wait to catch people.

Alex
 
Whether or not someone is working, or playing on the internet is not IT's concern, but the employees supervisor, or manager. So get over this argument, it is not an IT concern, some managers permit more than others, and it is their call.
Whether or not the employees have access to the internet, or any portion of is not IT's concern other than to carry out the orders of the upper management. SO get over this being an IT issue, rather than a policy issue decided by management which may or may not be within the veto powwer of the IT director.

Is it IT's job to communicate the concerns, costs, needed equipment, software, staff, etc. to implement managements instructions, YES.

The only limiting factor within IT is whether or not it is possible with existing technology, not how hard it is to deal with.

IT is customer service, the customer is everyone else in the company not the other way around. Customer service advises, serves, takes instructions, and passes on the cost to the customer. They do not refuse to do things because it will not be convenient, if it was not an inconvenience we would not get paid.





 
So get over this argument, it is not an IT concern, some managers permit more than others, and it is their call.

This may be the case at your company, but it is not the case at all companies. At many companies the upper management or HR department sets the rules rather than the department manager, and with good reason. You can't have every department manager independently deciding what is and is not appropriate. Not only is it unfair to hold people in different departments to a different standards of "professional conduct," it's a legal timebomb. All it takes is one person to be disciplined or dismissed for something that was let slide in another department, and there's a lawsuit. God forbid if the dismissed person was a minority.

In ten years of consulting I have never worked for or with a company that did not have an IT policy that stated that IT resources were for business purposes only. That policy may have been more strictly enforced at some places than at others, but they all had it.

And while I do agree that usually it is a policy that is determined by upper management, usually IT is consulted (or should be consulted) in the creation of the policy because there are certainly implications for the IT department. I've brought it up several times before, but there is a IT security component to web filtering. It's part of using industry standard best practices to protect the assets of the company. You want to eliminate as many unnecessary compromise vectors as possible, and filtering web content is a good way to do this.

IT is customer service, the customer is everyone else in the company not the other way around. Customer service advises, serves, takes instructions, and passes on the cost to the customer. They do not refuse to do things because it will not be convenient, if it was not an inconvenience we would not get paid.

I disagree with that too. IT is not customer service, it's IT. If you're on the helpdesk or an outside vendor then there is certainly a customer service component, but your hands are tied by the technological and policy environment. If you work in the IT department for a company the "customer" is not always right because the needs of the "customer" (aka, end user or department) have to be balanced with the needs and goals of the company.

I really don't understand why you're so vehemently opposed to companies deciding to limit Internet access for their users. It offers an additional layer of technological security, it offers a degree of legal protection against unnecessary lawsuits, and it also removes one more unnecessary distraction from the work environment. It just makes good business and policy sense, and the only argument that I've heard against it is the semi-hysterical "if you treat people like criminals then they'll leave" argument. I don't think that really holds water though since a) it's not treating someone like a criminal to filter their web content at work and b) most people aren't going to quit a job just because they can't surf Myspace at work (or at least not the sort of people that you would want to keep anyway).
 
==> If you work in the IT department for a company the "customer" is not always right because the needs of the "customer"
I think the point that aarenot was trying to make is that from the perspective of IT, the customer IS the company. IT's role is one of support -- to support the company through the use of technology. IT supports the HR department, the sales department, the inventory department, and management as well. IT supports virtually every department within the company. I think aarenot is also making what I consider a valid point that it is not IT's responsibility to MAKE or dictate policy, but rather, to enforce policy. I do not believe that IT should be deciding what is or is not permissable. And I think, to a large degree, we're all in agreement.
At many companies the upper management or HR department sets the rules rather than the department manager, and with good reason.
As it should be. Upper management sets the policies, and with respect to technology, IT implements them. IT's concern is not with making the policy, but enforcing it.

That does lead to the question in cases where there is no company wide policy for internet access. Does IT have the authority to impose an internet policy over the entire company when senior managmenet has not declared that such a policy exists? I think not, because that is not IT's job. Further, it may be intentional that upper managment has not established a policy. However, it is very much a part of IT's job to advise upper management why there should nor should not be a policy, and the benefits and dangers of either approach. But in the final analysis, IT is not a policy making department, nor should it be.

--------------
Good Luck
To get the most from your Tek-Tips experience, please read
FAQ181-2886
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
CajunCenturion said:
IT's concern is not with making the policy, but enforcing it.

IT should also be up to IT to be pro-active in advising those who make the policies about the security and costs involved in various options before they become an issue

Regards,
Mike Lazarus
ACT! Evangelist
GL Computing, Aust
 
KMC,
First of all if the supervisor, or manager is directing employees in opposition to upper management set policies, that is a management issue which needs to be dealt with. The issue in that case is not with the employee, but with the supervisor or manager intructing employees in violation of company policies. So that is not an IT issue. I am not saying it is not an issue, and although your knowledge of the pitfalls of setting company policies may be considerable it is possible that company counsel may be better suited to determine policy in regard to these areas. For all you know the upper management may be trying to establish a pattern of disregard for company policy in order to justify a termination, and therefore letting it slide for documentation purposes to be presented at a later date.

Just like any other department, employee, entity in a company, IT is there to do as they are told. Follow procedures, and give feedback in a responsive, and sometimes pro-active way about company concerns, and policies within their area of subject matter expertise.

Setting company policies is within the upper management area of responsibility including within IT related functions. While good upper management will listen to their IT staff in regard to areas they are qualified to determine, the final decisions are with upper management, not IT in most cases.

Cajum Centurion seems to have the spirit of what I am saying in regard to IT's role. The idea of everyone who uses, the product of your efforts as being the customer is not so new to other than IT mindsets, but it seems to be within IT. The janitors customer is the IT guy taking a crap, and IT's customer is the janitor who orders the arse wipe over the network so the janitor can keep his customers hands clean. The customer may not always be right, but it is the person whom we serve whether an internal, or external customer.

You may disagree, but if XYZ porn incorporated sets a policy to allow viewing porn over the web, it might just be so they can do quality control on their own web site dude, and may have a valid business objective. LOL

 
I do not believe that IT should be deciding what is or is not permissable. And I think, to a large degree, we're all in agreement.

If you don't think that IT has a role in determining what is or is not permissable then we are not in agreement. The policies at a company are usually set by upper management with input from numerous departments. Legal gets to weigh in on issues where liability could come up. HR gets to weigh in on matters where their expertise is relevant. IT also should weigh in on areas involving technology. Because IT has become so prevalent these days, I think you'll find that our interests cross the boundries from simple security into legal and HR protection as well. Also, because we are experts in the IT field we will undoubtedly have legitimate concerns that should be addressed through policy, and because other people who help set policy are not technical experts these concerns usually are not addressed until/unless IT brings them up.

Now there is a particular subset of people who are of the mindset that IT is customer service, that their purpose is to support the company, and that they could be treated like facilities or a utility service. In other words, they feel like they should tell IT what they want and IT should implement it. But when you think about it the problem with this mindset quickly becomes obvious. While everyone may know what sort of office/cuble layout works for them, or where they need power outlets, or how many bathroom stalls there should be, the average employee or manager really has very little grasp of the subtleties of IT. If we were to let various managers and departments choose their own path then IT support would be a nightmare with different hardware, software and training standards.

That's why IT has to bring their expertise to bear and steer the technological ship. Department managers don't dictate to HR what benefits their employees should get, neither should they dictate to IT what services the company should provide and support.

Now we're not the only people who are talking about this. In the past 5-7 years there has been a big push in the industry to get CIOs a seat at the big table. Even though they have a C-level title, for the longest time they were considered below the CEO, CFO, etc. But what companies are beginning to discover is that IT isn't a simple utility like facilities or water, but a key asset and a potential competitive advantage. If a company allows IT to take a leadership role in areas where they have expertise, they can work with the rest of the company to define a long-term technology plan that becomes a competitive advantage. These companies tend to meet with much more success that companies who look at IT as subservient to other departments. Companies that do not embrace IT and the capabilities that they can provide typically find themselves unable to compete with companies that do. And when I say embrace IT, I don't mean "make sure everyone has a computer with network access on their desk." It's the difference between looking at IT as a partner or as a servant.

I'm firmly in the "IT as a partner" camp, because I have worked for and with companies on both sides of the coin. I've seen companies that embrace and partner with IT flourish, and I've seen companies that were run into the ground because they didn't.
 
Setting company policies is within the upper management area of responsibility including within IT related functions. While good upper management will listen to their IT staff in regard to areas they are qualified to determine, the final decisions are with upper management, not IT in most cases.

Looks like we were posting at the same time, but it's interesting that you would say that. Your saying that it's not IT's responsibility and that it is upper management's responsibility is exactly the mindset when I was referring to when I mentioned the CIO not getting a seat at the big table. The CIO is (or should be) upper management.

Just like any other department, employee, entity in a company, IT is there to do as they are told. Follow procedures, and give feedback in a responsive, and sometimes pro-active way about company concerns, and policies within their area of subject matter expertise.

And that statement just underlines the "IT as servant" mentality rather than "IT as partner".
 
==> If you don't think that IT has a role in determining what is or is not permissable then we are not in agreement.
Please, let's not take things out of context. In my post of 31 Dec 07 11:06 I said, "I do not believe that IT should be deciding what is or is not permissable.". In that same post I think I was pretty clear in saying "However, it is very much a part of IT's job to advise upper management why there should nor should not be a policy, and the benefits and dangers of either approach.". There is a big difference between deciding the policy and advising those who make policy.

Whether or not the CIO is part of the upper management team is a matter of corporate culture and has no bearing on my position. It's not IT's job to set policy. It is IT's job, just like every other department, to offer advise to those who set policy, and then to carry out the decisions.

--------------
Good Luck
To get the most from your Tek-Tips experience, please read
FAQ181-2886
As a circle of light increases so does the circumference of darkness around it. - Albert Einstein
 
KMC,
It is my opinion that only servants contribute in any elevated levels to any organization.

The biggest servant happens to be in no uncertain terms the biggest leader in any organization.

Therefore the mindset of IT being a servant elevates them rather than lowers their value.

Only by serving others within an organization can one contribute beyond their own finite ability to add value.

 
KMC,
I may have a different idea of things than some do. I also have a differing set of experiences than most. 15 years of management experience, leading groups in business, as well as volunteer organizations, thousands of hours facilitating meetings, and teams at various levels including ones involving multiple C-Level members of the teams, groups, and meetings. I was not at, or near a C-level position, but they did see that I was able to serve the interests of the group, and the organization.

Most of the C-Level members knew they were there to serve the needs of others to acomplish the goals of the group. Sometimes that is done by influence, other times by the other less effective ways.
My facilitating meetings changed my perspective on what a leader is. As a facilitator I did not contribute ideas, labor, statistics, hard products to the meetings or the group in any major way in a traditional sense. What I did do was more along the lines of Synergy. Trying to draw out from all areas the unique perspectives, abilities, and ideas to serve the group as a whole in tackling their problem.
My problem was not the problem they were dealing with, my problem was to get them to work toggther using all of their resources without regard for anything except working together.
Serving is just a mature way of contributing beyond the simple inside the box mentality.

So if you can see where I come from, the participation of all those with subject matter expertise including business goals, IT concerns, knowledge of the area which the technol;ogy will be used within, and thus impact is all desired by the proccess.

I would agree that a CIO sitting at the big table can SERVE a company well, as long as that CIO knows his place there exists because of his ability, and willingness to serve the group.



 
One thing I've done in recent months is customize my blocked site message displayed by the firewall when someone is trying to access a site that I've blocked with management's blessing.

The user now sees "This site has been blocked at the request of management. If you feel that this is preventing you from doing your job, please contact your manager and have them submit a request to IT for access."

I haven't gotten a single request. Not one. Could it be because Facebook, MySpace, and YouTube are non-productive?

[surprise]
 
I have always used a similar custom message when blocking sites. Very rarely did I ever get a request to unblock a site, and they were always very clearly work related when I did get them.

But back to the argument, I was thinking about this yesterday afternoon and came to the conclusion that I believe that we're having a misunderstanding due to semantics. For example:

I work for ACME Company. I tell the CEO that we need an IT or Internet access policy, and that the policy should say X, Y, and Z. The CEO and legal department both say "OK." Who has set the policy, IT or upper management? I would submit that IT is the de facto policy setter here, whereas the CEO/Legal are the de jure policy setters. I suspect that is probably the root of our contention.
 
kcm,

I think this will depend on how the company is set up. In smaller companies, IT may very well write its own policies. In larger companies (those with more than 1 level of management), usually IT will write up the suggested policy, then management doctors it, IT re-writes it, and if it exists, the legal department will put its stamp of approval on it and get it over to the HR department.

There's nothing global on how this should be done, which makes all of our jobs more interesting sometimes.

In my small and growing company, I am usually the one keeping on top of current issues and making policy suggestions. Our website blockages didn't constitute a new policy as the "business only" statement is in the computer use policy. Because of the recently graduated nit-pickers (who's teaching this stuff?), we will probably have to take a broadly worded policy and start giving them lists of what they can and can't do, to the letter.

Sigh....

 
I have the company IP's blocked on my home network for security, and IT policy compliance purposes. Since I may not be able to afford the proper IT professionals to keep my systems safe, secure, updated, and within company policies for such I would not want to access the company network from home, LOL.

Just kidding. I use my lappy so I dont have to bother with the IT policies on my own PC's. Since I run Windows Me at home, I dont need AV cuz they dont write viri for them anymore.



 
Like MS writes an OS that is not a trojan anymore. I was kidding about Me, I sent my last Me machine to XP a few years ago.




 
Speaking of trojans, virii, and other creepy crawlies...

Here's another good reason to not allow facebook near your network:
I have also found some great whitepapers on the risks of social networking sites, and how we have a new generation of workers that "demand" access to these sites while working. I'm dreading meeting these people.

This brings up another question or two (I guess this is keeping with the original thread)... what are non-IT related reasons to keep these sites out of the workplace? Are there truly any good reasons to let work-users utilize these sites during work hours (unless you work at one of them, of course)?
 
That's hardly the first case, and definitely won't be the last. You should see some of the malware that's floating around on MySpace.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top