I got a request from a journalist to pick your brains, if you are willing. Esther Schindler of IT Business Network is working on an article about how companies handle employees downloading applications on to their PCs. She'd like to ask you about strategies. I hope some of you will explain about GNU/Linux systems being designed so you can disable/remove applications and functionality so that in that wonderful operating system, an employer really can decide what he will and won't let employees do. Please be specific for her, will you? Lots of businesses may not know of the advantages they could be benefiting from if they switched to a GNU/Linux system, where your browser and media player are not viewed as integral and indivisible parts of your OS.
With that, here's her question:
How does your company keep employees from loading apps on their PCs?
Howdy, folks. I'm senior writer and editor at the IT Business Network. I've decided to write a "real world" story about the way that companies (large and small) control their employees' desktop computers.
I'd like your input about what your firm does... and perhaps about what you wish it would do. I might call this a "best practices" article, except that I'm not sure there's any "best" here, just what works for a given company. My aim, however, is to collect enough data to give other IT professionals a sense of the tradeoffs among the varying choices.
This all started because I overheard an IT person complain about her users. The company has 300 employees, many of whom would have been called "paper pushers" in an earlier era. Some of those employees decide to download software and install it on their computers. The specific example was screensavers (some of which carry a payload of spyware, making it a security issue as well as a support problem), but it could have been anything else. The IT pro whom I overheard had looked at a $10,000 hardware solution, but even that required 10 hours a week to keep up with permissions and such. But that didn't sound like a great option.
So I'm curious -- and I dare say, so are a lot of other people.
How does YOUR company deal with employees installing apps on the company computers? My guess is that the answer breaks down in these rough categories.
1. We let them do whatever they want. And then we cope with the consequences.
2. They can install what they want, but we'll only support the apps we install. If they break the computer or get a virus... THEY get to fix it.
3. We control their installations by administrative policy (i.e. "if you install unapproved software, you're fired").
4. We control their installations using technology. What technology would that be?
5. Something else?
Which of these best fits your company's choices? Which option do you wish the company chose?
If you use some sort of technology, please tell me about it. How well does it work? Was it expensive, in financial or other terms? How annoying is it?
Similarly, how well does administrative policy work? Do employees follow the rules, or do they imagine that gosh, installing a screensaver doesn't qualify as an *app*, does it?
I'm hoping to get the article written by the end of the week. So I'd appreciate hearing from you sooner, rather than later.
Also: if I quote you in the article, I'll need some way to refer to you. The usual format is &name, &title, &company, &location ("Esther Schindler, an IT manager at the Groovy Corporation in Scottsdale, AZ, says..."). If you can't be identified specifically without company approval, let me know privately and we'll work out an alternative ("Esther Schindler is a IT professional at a southwest financial firm"). And, of course, you're welcome to contact me privately at esther at bitranch.com, if you prefer not to answer here. (Though I think it could be an interesting discussion!)
Thanks in advance for your help!
IT Business Network