Micromanagement in the name of “security”
I am so tired of seeing IT professionals who have to plead to have access to web sites they need to do their jobs. I am so tired of someone responsible for completing a multi-million dollar project not even able to change the screen resolution on their desktop because the people in charge of “IT security” have locked it down. And heavens forbid that you install any utility not on the “approved software” list, whether or not you actually need it to do your job.
The one thing no one seems to get, and one thing which causes many of the headaches for IT professionals, is that a skilled professional should be responsible for her tools.
When you take your car to a garage, do you demand that they use a specific brand of wrench? When an electrician comes to your house, do you demand they have a specific brand of voltmeter? Do you search their toolbox, and chastise them if they have a MP3 player or a DVD in there?
Of course you don’t.
The current way security is managed in every organization I have seen in the past 15 years is based on the flawed premise that the professional whom we trust to administer and manage multimillion dollar projects can’t be trusted to select and maintain her own workstation.
This is ridiculous.
IT professionals should not have their software selection restricted (or worse, chosen for them). IT professionals should not have their Internet access filtered or obstructed (for many IT professionals, Internet access is the #1 tool in their toolbox).
“Does she get the job done safely, legally, on time, and under budget?” That is the question that should be asked of any IT professional. That question has a yes or no answer, and it has nothing to do with web filtering or “nailing down” her workstation so she can’t install “unapproved” software.
Hold IT professionals accountable, by all means, but do not pre-emptively cripple their ability to do their jobs. You hired them to be experts: let the expert choose and care for her tools, like any other skilled expert does.