0:13
In today's lesson, I'll talk about if you build it, they will get around it.
Now, what do I mean by that?
Well, I mean that if you build IT, somebody doesn't like something and
they will eventually go around you if they don't like it.
I've seen this numerous times where we put something in,
people to like it or they get to campus.
They don't like something.
They're going to bypass whatever you were doing and use whatever they want to.
Well, that's inevitable in IT.
So, we need to partner with our stakeholders to make sure that
we're not placing undue burden on are users.
So today, we'll talk a little bit about understanding what undue burden is in IT.
Understand that information technology is a hard job to do to please everyone and
explore how IT departments can partner with their stakeholders.
1:27
Information technology is a hard job.
It takes a lot of people to do a lot of different things and
it's also a very hard job to make everyone happy.
The more users that you have,
the more you're going to have to satisfy the needs of everyone.
So, you can't do that to everyone all at once.
So, let's talk about Office 365 and G Suite.
They're two very competing technologies.
One's Microsoft.
One's Google.
They have very robust platforms, but
somebody that may be used to G Suite may not like Microsoft and
someone from Microsoft may not like the Google applications.
So, it's a balance.
How do we provide everything to everyone and make people happy?
2:29
Several years ago, we had a Network Access Control product, a NAC.
Well, NAC is great for
securing the Enterprise for security reasons.
It was a very black and white system.
We had it on our wireless network.
It provided or it ensured that users were up to date on their
3:07
It was a very black and white system.
Unfortunately, users didn't like that, because guess what would happen
on the first day of class or after Microsoft Tuesday, for example.
Students would come in or faculty would come in, they would open up their laptop.
They would connect to the wireless network.
And because they had to install those updates,
the NAC kicked them off the network and then they had to transition to
a different network in order to be quarantine to download their updates and
they got kicked off the network again and rescanned.
And then finally, they were allowed to join the network again.
3:52
So, that process may have taken 15 to 20 minutes.
So, that was an example of placing undue burden on your stakeholders.
Do we absolutely need that kind of security for the general population?
Well, yes, we need some type of security.
Maybe we should also look at other types of products that allow us
to be more flexible and not so black, and white.
So what we did is while we had a 45 to 55%
split where 55 was the insecure network,
users were actually jumping on to our open network and using VPN.
So, they were effectively bypassing the security
controls that we put on the secured network and
45% were on the actual secured network.
That was a big problem.
5:00
We put the secure network in place for people to remain secure.
So what happened, we evaluate some other products and
we found a product that would allow us to have grace periods.
So, they log in to the classroom.
They open up their laptops and jump on the network and it says,
hey, you've got three days to update your virus definitions or
you've go three days to update your operating system updates.
This is much more flexible.
So what we saw is a shift from that
45% secured network to 90%
adoption of the secured network,
because we weren't placing that burden on the users.
The burdens happen all the time.
IT implements something that the users don't like.
I have to change my password every 90 days or I have to change
it to a longer password, or I can't use my last 5 passwords.
How am I supposed to think of a new one?
These maybe burdens on users,
but we also need to explain some of these burdens and why we have them.
Maybe we could go with a longer password and not have to change it so often.
It's a balance.
The more burden that we put on users,
the more they're going to try to get around it.
And if we try to lock down resources,
the more users are going to try to get around it.
So, would we rather know that users are trying to get around it and
using different technology?
Or would we not like to know at all and have a data leak?
Corporate data needs to be protected.
However, we need to have a balance.
7:26
Come up with a sustainable model for security.
Understand that users don't understand systems the way you do.
I understand completely how things.
Well, not completely, I guess.
I understand mostly how things work in the IT realm.
However, users don't.
So when I had seven different devices which I typically
connect to on a regular basis, daily.
Accessing email when we switched email from on-premise to Office 365 and
the transition was smooth for me, I thought, great.
This is going to be perfect for end users.
It wasn't so perfect for everyone else.
So, think about I am only one person.
How are we going to transition this to the other 30,000,
40,000 accounts that we have?
Be transparent.
Transparency in IT is critical.
We need to let users know what we're doing.
How we are doing them and
partner with our stakeholders to make sure that we are doing the right things.
8:49
Don't release software that doesn't have any support behind it.
Don't release services without proper documentation and
also don't release services that put undue security
burdens on employees just because you can.
9:12
So in conclusion, IT produces a lot of technology.
However, they need to be a partner with stakeholders.
They need to be a partner with users in general.
If you place undue burden on users,
they're going to go around the IT department.
This is where we have shadow IT happening, you lose control.
So, partner with your users.
Make sure that they are happy.