Beware:  The business-class redefines “workaround” for inclusion of unsupported devices, apps, and online services Licensed from blogtrepreneur.com/tech

Beware: The business-class redefines “workaround” for inclusion of unsupported devices, apps, and online services

The advent of social media, discussions there, and all manner of apps and services readily available for free download, has created a Wild West type of environment for organizations that are not taking careful control of their IT enablements.  In fact, many orgs don’t even know what’s happening. 

Unregulated users are downloading and utilizing all sorts of products – without permission and sanction.  These things include:  Alternate virus protection, free e-mail, social media, online storage, productivity tools, off-schedule updates to approved products (even updates that have been disallowed for various reasons of schedule and/or conflicts), sysadmin tools, graphics utilities, “junk” uninstallers, alternate messaging, file transfer utilities, unofficial “patches”, and even rivals to org-approved operating systems and core business suites.

I see many resultant bad outcomes quite frequently due to use of unsupported products.  Any particular IT department cannot be expected to know all things and all enablements, and organizations with unregulated environments risk:  Data loss; data exposure; conflicting data; systems downtime; and the imperiling of business opportunities and support to customers.  Employees – users – are working around policies and organizational security postures - or working in ignorance of them - to access and utilize all manner of enablements - some that are solid, but many that are not. 

When employees indiscriminately install their own apps and utilities, they take themselves out of the IT/org-sanctioned tools (a meshed set of puzzle pieces, hopefully) and into a zone that is an unsupported ad hoc patchwork comprised of elements that are often in conflict with one another.  Employee A may be doing something similar to Employee B, but with an entirely dissimilar tool set, under different rules, and with unpredictable integrity and continuity. 

The enterprise has the challenge and responsibility of defining what’s allowed, how, how much, and when.  Often these liberties with as-yet unapproved means and methods happen within the vacuum of lagging or outdated policy that doesn’t even define, much less address, the challenges.

No company’s security posture and standing can survive a wild rodeo of unbridled modifications to its approved suite of products and enablements, or the usurpation that happens with entirely new products.  At minimum, there must be a conduit through which all alternate tools, enablements, and enhancements to known ones get vetted for thumbs up or down assessment – and definitions of use.  They must be vetted not just in terms of usefulness, but in terms of fit, reliability, and security. 

Workarounds have their place, but so does policy, process and sanction.  Don’t let your environment turn into a Wild West of split and scattered chains of communication and broken gears.  Many organizations find that key personnel have evolved their jobs over the course of years to include all manner of “squirrely” solutions, tethered and knotted together in a manner that makes training of replacements nearly impossible, and that makes a rebalancing toward sanctioned products time consuming and painful.  Often these sorts of problems only evidence themselves upon the employee’s departure.

Many times complex labyrinths of spurious enablements and associated processes are built on “here today, gone next year” type endeavors – only exposed when things break down in the most painful ways.  Perform regular surveys to avoid a hodge-podge population of spurious workarounds, and unsupported devices, apps, and online services.  

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish