Originally Posted by earth
Granted, a lot of crap lately seems to install through backdoors but locking down PCs is far more economical from a business standpoint than paying and IT employee to go and run virus + spyware removal tools for 2 hours every month.
And as another aside, it's mean and generalizing, but a lot of employees outside of IT are quite dumb when it comes to computers. There's nothing wrong with that, but it can be dangerous from a security standpoint to allow people open desktops that can be compromised.
Contrary and I agree with d_fisher that a happy medium has to be met or IT can be viewed just as dumb. It's the easy way out for IT to lock everything down, then when their is a breach they can say it's not their fault. Just blame the employee whose trying to get the job dumb. But is it the employee's fault?
I remember a bunch of university students information (ssn's, grades etc...) was lost by a faculty member who had it on their personal laptop. When asked why the information was on a personal puter, the faculty replied they needed to analyse the information using company provided macro's, however the security on the company provided machine would not let the company provided macro run. She showed where she opened ticket after ticket to IT with no resolution. Her boss gave her a deadline so she did what she felt she had to do to get the job done.
I know how she felt, we have two internal websites, one has to have Java active to run. The other has to have java disabled. Because of our security, we have to open a ticket each time the setting needs to be changed. Imagine telling an out of service, escalating customer we'll make the changes to fix their account as soon as IT turns my java back on/off. Oh, and our IT is closed on nights and weekends so we must page the on call tech. I also had to get an exception to make a company provided application work.
I agree with IT security not accomodating personal software or external websites/applications but I feel it is obligated to make sure all company aplications will work. Rather it's from you part of IT or not.