What's the most ridiculous IT policy you've come across

syklops

To be compliant with those, a company cannot simply allow employees to use whatever tools they like.

No-one on this thread is advocating a free for all when it comes to installing software. The point numerous posters have made is banning all Open SOurce software is like banning all software with a specific letter in the title. It is arbitrary and poor business practice in a modern organisation.

j8wk2feszrnpao

If the argument been made by someone is to ban all Open Source on the basis that it is Open Source, then that is irrational.
There are huge benefits to some Open Source and it doesn't come with risk attached.
As in most cases, it should be evaluated and then a business decision made.

I just wish that people would reference their IT policy before they come to IT to implement a solution (often with new equipment/software already purchased) that conflicts with the IT policy of the business.

jester77

In 15 years of working I've never come across any silly policies. Usually have the choice of OS and I could install what I want. Never heard of anyone FUBARing their machine because of it.

cython

fl4pj4ck wrote: »

No I am not. You don't seem to realize that allowing or disallowing certain software to be used is ultimately a business decision. What a business needs is a set of tools to accomplish certain range of tasks. Decisions needs to be made regarding availability of these tools, the cost of them being introduced and cost of the IT infrastructure being maintained. And it has nothing to do with what employees are thinking is the most productive. It's the business decision when case studies are performed.

Also all processes have to be documented to certain extend, to achieve certifications as ISO. To be compliant with those, a company cannot simply allow employees to use whatever tools they like.

You on the other hand seem like open source evangelist with a little or no knowledge of what impact it has on business or business improvement process. Allowing people to use whatever tools they want is only asking for trouble and will ultimately lead to disaster.

As you failed to provide any evidence of why using open source software is beneficial and should be allowed without any if's and butt's, I will refrain from further posting in this thread.

Funny that that last sentence tends to be most often used by posters when they are fighting a rapidly losing battle......

It really isn't rocket science to understand the conversation though:

1. Blanket ban on open source software? Bad!
2. Carte Blanche for open source software? Also and equally bad!
3. Considering a piece of software (either a tool or a library on which to build additional code) based on its merits and the requirements and making an informed decision? Bingo!

As it happens, the company within which I work has a requirement that any dependency libraries used must be open source, as that way if we find a need to extend them or if the maintainers cease maintaining them we have the option of developing them ourselves. We do have criteria as to which licenses are acceptable, and there is a review process before a brand new one will be accepted, but we would be utterly hamstrung if there was a blanket ban on OSS in house, and a lot of the development work would have been massively slower over the years.

beauf

IT policy. IT Development policy. Not the same thing.

COYW

'No open source' is common enough from my experience, particularly in corporate environments.

ethernet

This is in a large multinational...

Devs needing to request and justify admin rights every few months.

Having to create tickets for the simplest things, like a replacement mouse.

Tiny limits on inbox sizes (no server-side processing allowed)

Excessive web filtering - a lot of solutions to problems are blocked!

Not having full access to your own dev database - having to create tickets and format SQL to a certain line length for the script monkeys to execute it hours/days later.

And more!

COYW

ethernet wrote: »

This is in a large multinational...

Devs needing to request and justify admin rights every few months.

Having to create tickets for the simplest things, like a replacement mouse.

Tiny limits on inbox sizes (no server-side processing allowed)

Excessive web filtering - a lot of solutions to problems are blocked!

Not having full access to your own dev database - having to create tickets and format SQL to a certain line length for the script monkeys to execute it hours/days later.

And more!

I have to say that none of the above are unusual from my experience. It slows things down massively alright but the points you list above are facts of life in a large company. On the web filtering, I looked on that as a challenge and I had great fun finding ways around it.

DublinWriter

PrzemoF wrote: »

No way I could do it without open source. Getting photoshop licence approved would probably take me a week or more as I don't use any image processing software on daily basis.

One of the classic issues with IT management/governance has always been the ever growing chasm between the in-house IT function and the business process it serves.

Typically most in-house IT functions can't keep up with the requirements of business. Even with the rise of Agile, most IT departments still want to seal processes and data models in aspic and like to deny the realities of an ever changing business-environment.

People tend to forget the the whole PC revolution was driven on the back of individual business departments using PCs and Lotus 1-2-3 in the late 1980's, purchasing the same outside of official IT Department sanction. If it wasn't for this end-user driven revolution most people in IT would still be loading mag-tapes and running batch jobs.

Diemos

On a previous job in a large financial institution, one of the applications I supported, a major risk was flagged up during an audit (which it had passed every year previous) because the application used an administrator account called "administrator". As instructed I contacted the vendor and asked them if we could rename or remove the administrator account.
I was told no, the account was critical to a number of jobs within the application and the vendor provided me with said list of jobs.
So I was instructed to create an alternative admin account under a different name for all those process "administrator" was not required for.
Effectively doubling the risk! I tried to explain this but I was told by management to just do what they requested so they could close the risk.

I do not miss audits.

beauf

DublinWriter wrote: »

O...Typically most in-house IT functions can't keep up with the requirements of business. Even with the rise of Agile, most IT departments still want to seal processes and data models in aspic and like to deny the realities of an ever changing business-environment....

Oddly enough if you make the business fund their ever changing IT aspirations out of their own budget, rather than the IT budget. There doesn't tend to be any gap. Letting the business units, have a little adventure with outsourcing, with their own budget, also tends to bring a difference sense of reality.

Boskowski

COYW wrote: »

I have to say that none of the above are unusual from my experience. It slows things down massively alright but the points you list above are facts of life in a large company. On the web filtering, I looked on that as a challenge and I had great fun finding ways around it.

These things may be facts of life in a corporate environment but do they always make sense?

It some sort of contradiction really. On the one hand they trust you to develop and run their stuff and be trustworthy and diligent and the people are in fact more or less the sole asset an IT organisation has. And then on the other hand they seem to assume you are a potentially criminal liability half the time so they put you in a straight jacket while doing your job.

Its not what Im doing right now but I'd take a small organisation over a big corporate every time. There is a fine line between sensible red tape and bullsh1t risk management paranoia and risk managers tend to err on the side of caution.

jdee99

Used to run a site in the UK (10 servers 750 workstations and clapped out network) and we banned USB, Floppy and CD access. IF I could have had my way I would have severely locked down internet access. Company policy was no charging of USB devices so every time someone plugged a mobile in to charge it up the got a face to face with the security people. Only coding that could be done was by the admins, no installation of any software other then what was preauthorised - and the amount of stuff we disabled via registry was unreal. The workstations literally were used for writing reports and presentations, internet browsing and that was about all they were allowed.

The Corinthian

COYW wrote: »

'No open source' is common enough from my experience, particularly in corporate environments.

Blanket bans on open source in large organizations tend to be driven by a combination of snobbery and paranoia.

The former comes from the presumption that for something to have value it must be ridiculously overpriced - Oracle's business model... actually anyone who's worked as a consultant will understand this.

The latter is because with open source there's no control on what's in the code and security consultants will correctly advise that there may be security implications when you install open source software, at which point who's responsible? Who do you sue? It's unfortunately like running something past a legal department; 99% of the time they'll say that there are legal implications to doing something. Doing anything.

Basically from a security point of view, just as a legal one, there are always potential implications, no matter how unlikely, and whoever is giving a recommendation will want to cover their ass.

However, there's also good reasons to ban open source software, at least some open source software. Firstly there's the licence question - there's dozens of different open source licences out there, and what you can and cannot do with the software depends upon this. A simple example is incorporating GPL-licenced software into your company's software product. The moment you do, you have to open up your source code, which isn't a good idea if you want people to pay for it.

A second problem with open source, which you realize over time, is that as a system it has it's flaws and limitations. Anyone who's ever been involved in an open source project will have come across CV-padders, developers who are only 'volunteer' to the project because they want an extra line in their CV. Often they're unreliable or will submit sub-standard code and then who will review it? Other volunteers who could be just as flaky.

And will the project be supported in six months? A year? Two? SourceForge is a veritable graveyard of abandoned projects, with no one to support them.

So while a blanket ban is a bit OTT, I can see where they're coming from much of the time. Without a blanket ban, each software component would have to be assessed on the above criteria at least - every single tiny library that a developer finds on Google - and there are resource implications to that.

Calina

Most of my issues are hierarchy driven. Not being allowed software essential to my job because - "not everyone gets that you know".

syklops

jester77 wrote: »

In 15 years of working I've never come across any silly policies. Usually have the choice of OS and I could install what I want. Never heard of anyone FUBARing their machine because of it.

Where is this utopian place you are working?

jester77

syklops wrote: »

Where is this utopian place you are working?

It probably stems from the fact that most of the companies I've worked for are either startup type companies or working in social media. I've worked for some major multinationals, but even they didn't have any silly policies. Anywhere I've worked developers are free to do as they please (within reason of course) and they are responsible for keeping their machine working and not installing unlicensed software. Otherwise it would be back to IT and the default dev image would be put back on the laptop.

I know that other departments have their machines locked down, but it makes sense. Devs need free reign and are technically apt to know what they are doing.

I have heard of ridiculous policies in other companies like PCs being so locked down that QA teams have to fight to install browser updates to test their platform.

syklops

jester77 wrote: »

It probably stems from the fact that most of the companies I've worked for are either startup type companies or working in social media. I've worked for some major multinationals, but even they didn't have any silly policies. Anywhere I've worked developers are free to do as they please (within reason of course) and they are responsible for keeping their machine working and not installing unlicensed software. Otherwise it would be back to IT and the default dev image would be put back on the laptop.

I know that other departments have their machines locked down, but it makes sense. Devs need free reign and are technically apt to know what they are doing.

I have heard of ridiculous policies in other companies like PCs being so locked down that QA teams have to fight to install browser updates to test their platform.

So you were a dev in companies that value devs. An enviable position to be in.

jester77

syklops wrote: »

So you were a dev in companies that value devs. An enviable position to be in.

I think it comes down to choosing roles carefully. It's easy enough to get an impression of policy during an interview. Development methodologies is something else that I also look out for. In 15 years I've never worked in a waterfall project. I've only ever worked in agile teams, XP, scrum & kanban. Maybe there is a link there between waterfall methodologies and strict IT corporate policies. I would say that companies practicing Agile methods are more likely to have a more flexible IT policy.

beauf

I've only worked in a fully locked down environment once as a contractor. Where I am now USB devices are blocked and some user groups have locked down desktops, no admin access to the their machine.

I'm not sure I can pick an official IT policy I disagree with in any place I've worked. Business and development policy and practise certainly. Usually people tackle the symptoms of a problem not the root cause. Band aids etc. Which then has a knock effect from that point onwards.

oscarBravo

The Corinthian wrote: »

And will the project be supported in six months? A year? Two? SourceForge is a veritable graveyard of abandoned projects, with no one to support them.

Without disagreeing with anything you've said, this point cuts both ways - commercial software can be abandoned too, and often with much more dire consequences.

Case in point: we've transitioned our (in-house written) billing system from the old direct debit format to the new XML-based SEPA system. My contact in the bank told me she was having a nightmare with several other customers who had legacy systems generating their DD files, the authors of which systems had gone out of business.

It's not always straightforward to make amendments to an abandoned open source package, but at least it's always possible.

The Corinthian

I totally agree with you. The only caveat is that with no oversight on developers who employ open source, you can get a lot of pre-version 1.0 software being used. Commercial software, at least from reputable firms, tends to have a history behind it, it's been around a few years and thus is less likely to vanish overnight.

The reason with many, if not all, of these restrictions is not really to do with open source, but that people are sloppy. Just as PC's are locked down so that their users can't install apps because they'll often end up installing trojans, open source bans are a simelar way of stopping developers employing software that has the wrong licence or is still alpha or poorly written, and so on.

jester77

The Corinthian wrote: »

I totally agree with you. The only caveat is that with no oversight on developers who employ open source, you can get a lot of pre-version 1.0 software being used. Commercial software, at least from reputable firms, tends to have a history behind it, it's been around a few years and thus is less likely to vanish overnight.

The reason with many, if not all, of these restrictions is not really to do with open source, but that people are sloppy. Just as PC's are locked down so that their users can't install apps because they'll often end up installing trojans, open source bans are a simelar way of stopping developers employing software that has the wrong licence or is still alpha or poorly written, and so on.

Surely that is down to bad developers. We use lots of open source software here, but it's well established and well tested here in house. And we contribute back to these projects as well making some of our own projects open source for others to use. It's a win win for everyone when done correctly.

The Corinthian

jester77 wrote: »

Surely that is down to bad developers. We use lots of open source software here, but it's well established and well tested here in house. And we contribute back to these projects as well making some of our own projects open source for others to use. It's a win win for everyone when done correctly.

Sure. If done correctly. And no one would install a free game that turns out to be a trojan either, if they did things correctly. But it happens and hence such policies are employed.

It's all very well to assume or hope that everyone is competent, all of the time, but if that was the case, why do we have warning labels on everything, even if the warning carried is obvious?

Calina

jester77 wrote: »

Surely that is down to bad developers. We use lots of open source software here, but it's well established and well tested here in house. And we contribute back to these projects as well making some of our own projects open source for others to use. It's a win win for everyone when done correctly.

What's the turnover in your place though? It's one thing to say things should be done properly but if you are consistently turning over contract staff etc, it can be hard to manage things being done correctly.

Tar.Aldarion

syklops wrote: »

Where is this utopian place you are working?

Is it rare? We are allowed choose any OS/software/do whatever you want to your own machine. Certainly use open source for a lot of things. Some places sound horrendous.

jester77

The Corinthian wrote: »

Sure. If done correctly. And no one would install a free game that turns out to be a trojan either, if they did things correctly. But it happens and hence such policies are employed.

It's all very well to assume or hope that everyone is competent, all of the time, but if that was the case, why do we have warning labels on everything, even if the warning carried is obvious?

I can understand why warning labels are on things, too many muppets out there. But in an IT environment I would expect developers to be clued in.

Calina wrote: »

What's the turnover in your place though? It's one thing to say things should be done properly but if you are consistently turning over contract staff etc, it can be hard to manage things being done correctly.

I would say normal, few coming and going every few months. But developers don't work in isolation. We have an architect team and they are responsible for what open source projects are used and what versions of these projects to use. New developers will join an agile team and work with 3-4 other developers, QA, frontend, UX and PO. It is not so easy to mess up, there are the daily standups and weekly code reviews.

syklops

Tar.Aldarion wrote: »

Is it rare? We are allowed choose any OS/software/do whatever you want to your own machine. Certainly use open source for a lot of things. Some places sound horrendous.

Things are improving, but I worked in a place where they wouldn't let me install Cygwin. "Shure what would you need it for". That it was a network operations centre seemed to have escaped the IT Guy.

I've been lucky, in current job and previous 2 I have had, I was allowed run Linux on my laptop. I know Linux Admins who have to use windows as their base OS. Some places are horrendous.

oscarBravo

jester77 wrote: »

I can understand why warning labels are on things, too many muppets out there. But in an IT environment I would expect developers to be clued in.

You've never met a developer who was a muppet?

jester77

oscarBravo wrote: »

You've never met a developer who was a muppet?

In isolation, yes
But when they are part of a team, they can't get up to much muppetry. They would be very quickly found out.