End User Goofs and Who's to Blame: Top 10 IT Pet Peeves, Part 3
End users are guilty of committing several IT pet peeves, but whose fault is that? Let's talk servers in sinks and temps with admin access.
In our previous installment of IT pet peeves, we discussed – among other network headaches – the problem of disorganized datacenters.
Even a once-organized datacenter, however, can become problematic when the road to Hell is paved with good intentions.
5. Access Granted…Too Easily
There's an old joke about a repairman who had a sign in his office explaining his rates. The sign read:
$5 to fix it.
$10 if you want to watch.
$25 if you want to help.
$100 if you already tried to fix it yourself.
"That's another peeve," says Ken Quigley, an IT engineer for Rockport Technology Group (who, readers will recall, shared part of his laundry list of networking woes in our previous installment). "Users…mov[e] wires around thinking they can diagnose a problem that way, then they never put things back to the way they were."
This problem is easily prevented, of course. Quigley suggests that users shouldn't have access to the patch panel to begin with.
Other IT professionals we spoke with, stereotypically elitist as their position may seem, agree. "Simon," the Fortune 50 security threat analyst we spoke with in our previous installment about his anti-GUI stance, squarely places the blame on users when it comes to basic problems.
"Yes, it is their fault!" asseverates Simon. "We [in IT] constantly remind our users [about security best practices]."
Simon would like to see more restrictions on user empowerment. He advocates architectures wherein users have to go through a formal process to install anything, even from a trusted source.
Some user access problems, however, are much more basic.
4. Servers Are Not Desktops
When it comes to excessively freewheeling user-access practices, servers are their own Pandora's Boxes.
When we interviewed Steve Athanas, a former IT consultant in the private sector who currently serves as Director of Systems Engineering for the University of Massachusetts Lowell, he quickly identified one of his biggest pet peeves: Servers used like regular desktops.
[W]hen I first started in this career, I [w]ould come across servers at different organizations that were treated like desktops. I once sat down at a domain controller – the server that houses all usernames and passwords in a Windows environment, and ergo critical to security – to find AOL Instant Messenger, ICQ, mIRC, Weatherbug, and a few other known [software security risks installed]. I freaked out and asked what was going on, and it turns out that the company "needed a computer, so they had the temp use that one."
That's right. A temp had unfettered administrative access to the company's domain. He could have shut down the company's systems. He could have stolen and/or destroyed all of the company's data. Even if he meant no ill, he could have easily and unwittingly contracted a piece of malware from one of his chat programs and compromised all of the company's systems and data (chat programs, incidentally, that the company probably should have had a strictly enforced policy against installing and using to begin with).
Still, this isn't even the worst of what Athanas and his colleagues have come across.
3. Servers Are Not Tabletops
Athanas notes that his biggest technological beef is one that should never happen, but that he's seen all too often: "Organizations that like to put servers…anywhere that isn't a secure, safe space for your data."
Note that when Athanas is talking about security here, he is not referring to stopping hackers and thieves (at least, not primarily). He is talking about the potential for actual physical harm.
Here's a short list of some of the notable ways and places Athanas has seen co-workers and clients stash their data-rich, unbacked-up servers:
- Under desks
- Beneath chemical storage areas
- "[U]sed as a table for a coffee pot"
- Immediately next to the office microwave
- Immediately next to an arc welder
- Near the slop sink in a janitorial closet
- Actually in a sink ("[T]hey…said it was okay because that sink hasn't worked in years.")
According to Athanas, janitors' closets (often full of wet materials and cleaning chemicals) are depressingly popular storage places for servers, especially among small businesses.
"[Some] companies aren't set up to have datacenters, obviously," laments Athanas, "but they could at least put the server in a dry area."
2. Poor User Education
Despite all of these problems, Athanas makes a special point of clarifying that – unlike other IT professionals we spoke with for this series – he doesn't blame the users or other non-IT folk for these problems.
"It's ultimately [the responsibility] of IT, [whether] internal or…a contracted service provider, to help explain the risks of doing stuff like that and how it can impact both business operations and…the bottom line," argues Athanas.
In other words, all the things your users do on your systems are ultimately your responsibility, and, if those things go wrong, your fault.
No matter what.
What a headache.
Ready for Part 4? Check out the #1 IT pet peeve here. And if you missed our previous installments, you can find IT Pet Peeves, Part 1 and IT Pet Peeves, Part 2, and stay tuned for the final installment.
Photo courtesy of Shutterstock.
Joe Stanganelli is a writer, attorney, and communications consultant. He is also principal and founding attorney of Beacon Hill Law in Boston. Follow him on Twitter at @JoeStanganelli.