9/30/09

It's Not That We Don't Like You... It's Just We Don't Trust You

It all started as an innocent project to find a cheap way to conduct an online panel discussion, but it turned out to be a lesson in work place rules that left me shaking my head. First, the backstory.
I really enjoyed watching an online panel discussion that Brian Cuban did last week called "So You Think You're a Social Media Expert." The topic was interesting, but what I found more interesting was how Brian was conducting the panel. Using a mixture of UStream and Skype and a couple other resources, the four member panel was able to rant, and I was able to watch and listen. It was like being at a conference and watching a panel go at it. Actually, it was like being in a restaurant and eavesdropping in on a really good conversation. However, there was a technical problem that with the audio feedback that caused everything to be repeated three times, and was very, very annoying. Thus, I started my innocent project of trying to find a way to replicate Brian's online panel format, without the feedback (still a work in progress.)
As I was working out the details, I needed someone with Skype access that would assist me in curing the feedback issue. This is where I got a rude awakening. Turns out that six of the seven people I contacted were not allowed to use Skype at their workplace. SIX OF SEVEN!!! I thought this was an anomaly, so I started asking around and found that almost everyone I knew that worked for a law firm or corporation or school district or government entity told me that Skype was banned where they work (along with a number of other Internet resources.) When I asked why it was blocked, the universal answer was "Security Reasons."
Now, I'm not a network specialist, so maybe Skype burns up bandwidth on the office network, or maybe there is some ultra dangerous virus that gets through when I use Skype. So, if you are a network specialist and know why Skype would be banned at most workplaces, please fill me in. But, I'm thinking that "Security Reasons" really means "Time Wasting Reasons." In other words, products like Skype are really banned because someone at the C-Level believes that you will be wasting precious firm time calling your buddy in Germany instead of billing time to the client.
When firms worry about "time wasting" that tells me two things right off the bat. First, whoever is supposed to be supervising is not doing a good job. Whether this is the Partner supervising the Associates, or the Manager supervising the Staff, there is a failure in managing your people. Second, it means that the management is telling their people "We Do Not Trust You!" If the answer to the issue is an all-out ban because it "wastes time", then that means that the people that work for the firm are not trustworthy enough to make good decisions on their own. If that is true, then my gut reaction to those implementing the ban is "Wow, you have made some really poor hiring decisions."
Again, maybe I'm just ignorant of the true meaning behind "Security Reasons" when it comes to outright banning of products like Skype. If so, then please forgive my ignorance. But, if you are banning products like Skype because you don't trust your people to make good decisions... then I have to say that your people aren't the problem.

Bookmark and Share

6 comments:

John C said...

I love Skype. I use it at home all the time.

For us, as an IT function in a law firm, its the risk of giving people the ability to transfer (client/internal) documents, chat and communicate in a decentralised and uncontrolled way - Skype connects to their service straight through the firewall bypassing all the central filtering, logging and controls.

There may be central policy controls that we can deploy but we just don't have time to investigate with everything else on our plates.

Also, we have no control over how Skype use the information or data that you send using their service. Whilst that's probably not a big risk in practice its there in the background.

Moshe said...

I work for the Social Security Administration (in systems development) and about a year ago all streaming media sites were banned. It turns out that the holiday season slump was directly proportional to the spike in network traffic by people using streaming media (YouTube, streaming audio, etc.). From what I understand, the global SSA network was out of commission for a couple of days because of a particularly bandwidth-brutal couple of days.
That being said, the vast majority of online-resource-lockdown is the result of concern over potential problems. Like John C. said, there's not enough time to investigate everything and unless someone takes the time to make a good case for why a particular resource is necessary, the default is locked-down.
At one point, Google Docs was banned. That was reversed pretty quickly because enough people complained with enough good reasons to require access to their Docs.

Greg Lambert said...

I understand the issue of risk that the IT departments have to face. However, I'm not sure that the policy of "Mommy, may I?" is necessarily the best method. Yes, it keeps idiots from spiking the network while streaming music, but it also has a chilling effect on your employees. I imagine (based on my experience with trying to get someone to test the online panel discussion w/Skype) that most of the time the attorney or staff will either find a way around the policy, or simply give up and not attempt to test whether what they want to try will make the case with the powers-that-be on opening up the resource. I can hear it now... "well, if we open that up for you, then we'd have to open it for everyone."
Again, I understand that Risk Avoidance overrides Creative Allowance, but I've always been a little skeptical of shutting something down by default, and only opening it back up if enough people complain. (There is my 2¢) ;-)

Anonymous said...

I work for an international company, in the privacy department. We previously had all social networking sites open, with a reasonable use policy, like we have for personal telephone calls.

As Facebook exploded, so did the number of viruses and worms we were getting in to the system. We are actually in talks with FB, they want us to advertise on their site and we have told them that when it becomes more secure, we are happy to do that.

At this point, all social sites are blocked, it was easier to do that then wait for the next wave of virus attacks through other programs.

Anonymous said...

When I worked for the U.S. Dep't of Health and Human Services, I actually got a call from the IT security department because they were concerned about "unusual" activity coming from my computer, i.e., connections from a single port going out to two or more random high ports across the internet. That's how Skype works. It was being treated like a virus/botnet by the firewall.

After that phone call, Skype never worked again and they completely locked down the firewall to only handle TCP traffic going out to ports 80 and 443 on remote servers. This was about the time that Google Talk came out, so it wasn't such a big deal, but it was annoying.

Lee said...

I work for a large hospital and we block skype for two reasons:

1) Bandwidth

2) The ability it gives people to communicate and transfer information in an uncontrolled environment that can break all sorts of laws.

 

© 2014, All Rights Reserved.