A fairly large corporation puts the clamps down on many Web sites including social networking sites Facebook, Twitter, and Youtube. Seems like a no brainer of a decision on the surface. Employees that have less time to browse social sites are going to be more productive right? Not always.
What happens when it’s your job to know and understand these sites, and their roles in public perception of your company. What if your job requires you to update the corresponding pages that represent your company on these social networks?
At each of the health care organizations I have worked for the IT and Web services relationship has always been one of cooperation, yet misunderstanding. These misunderstandings seem to stem from the fact that in both situations Web services despite being a technical team was situated outside of the greater IT department and inside of marketing. As members of outside teams your security rules become tighter and access is limited and thus limiting or stopping all together crucial site or services that weren’t considered.
Web services is indeed a technical team. We are a large consumer of IT because we are in fact IT. On the creative side, we are not just developing wireframes, designs, code, and publishing files. We also test software, new tools, and new sites or online services to improve processes and workflows. This requires an elevated set of permissions as our tools and process constantly evolve.
We utilize Web based productivity services like Basecamp, Harvest, Github or Beanstalk. We monitor and leverage social sites like Twitter, Facebook, Youtube, and Digg. Tomorrow we might need to install emulators of mobile devices to test and develop against mobile platforms like Apple’s IPhone, or Google’s Android, or even future device compatibility to things like Apple’s IPad.
The point here is our processes are nearly always in flux to compete and stay on top of an industry that moves very very quickly. We are an exception to the rule.
What’s the Solution
So Web services doesn’t warrant the same treatment as much of the rest of the organization for many reasons, but what do you do?
Segregate Web Services
What I mean by this is to put them on a segregated network. Isolate them from the rest of the blanketed policies and allow them to work as they need to, efficiently and quickly while keeping these more potentially dangerous machines off the larger network.
This network can still be monitored and governed by IT law, however it can now have a looser set of security rules than say a nurses workstation on the hospital floor.
Go Offsite
The other solution would be to take Web services off network completely, and bring on an ISP, or go through a mobile carrier to get your internet connectivity. This method has more ramifications as you lose all network resources without the use of a VPN, however this method also provides the best guarantee of external services.
I can deal with no access to the network over little or no access to services and software I need for my job. In fact, I really don’t use our network all that often aside from accessing files that are on shared file stores. Even these are for the most part available via VPN.
Summary
The fact is that we work in an industry (health care) that requires security of data. It’s extremely important on the one hand that security be air tight, and that’s understandable. On the same coin however, hindering access to essential tools and resources of employees is not the way to go either and common ground should be sought. This to my experience hasn’t seemed like the case in the places I have been and talked to.
I am interested in others groups experiences with their IT groups, and if common ground has been found. Please leave me a comment!