Home Forums SQLServerCentral.com Editorials Lockdown or Let Them Free RE: Lockdown or Let Them Free

  • September 21, 2009 at 10:18 am

    #1056361

    Having worked as a Systems and Network Admin in support of many types of businesses, developers, and DBA's, I have to say that security is a risk versus value proposition. Everyone needs to get their work done within an acceptable amount of risk.

    For most users, and I consider everyone a user, doing the simple things like not running with Admin permissions, being aware of the potential risks involved with running software on your desktop/laptop/server, and understanding what the software does in your environment is critical. Running with normal, base user permissions, and in the case of any Windows OS, using an antivirus and spyware solution, can eliminate most security concerns.

    With the boiler plate commentary out of the way, I would like to address the issue of Ego and the responsibilities of IT workers in general. The post was absolutely correct that IT's function is to serve the business and not our personal egos or goals. However, taking ownership of any system, whether that is your own desktop, a server, an entire network, database, etc. is a requirement of an IT worker. I have never worked in a place where there wasn't some form or process, verbal or heavily documented, where a user could request that new software be installed to meet their business needs. The idea that anyone can simply demand the permissions to install anything they want at any time is ludicrous within a business. You can do that stuff at home on your own systems. When a user installs software without understanding the impact it can have, not only on their computer or server, but within a network of systems, it puts everything at a potential risk. I have been privileged to work with some very senior developers and DBA's with skills I can only hope to have, and yet they too have installed and broken their systems and servers and caused hours of unnecessary work for themselves and others. I know it's not intential, but when the best and brightest of us can make mistakes, what is the potential risk for the average user who isn't knowledgable about their computing environment? IT professionals have to take ownership of their areas of expertise in order to serve the greater good of the business and all of the users rather than just the needs of the one. IT professionals must take ownership because they're the ones who must fix the issues and maintain availability of computing resources for everyone. In most operations, IT is a department serving the whole of the business or multiple businesses. IT is often a shared resource established to centralize Information Systems management to cut costs within the organization. So yes, IT can be a bottleneck, but it is most often one of choice and necessity within the orgainization.

    If you work for a place without a process to address your computing needs, be proactive, develop a process. Take ownership and responsibility of your work and your needs and create or improve the processes you work within and realize that there are more than just your needs to be addressed. As a Systems and Network Admin, I serve, but I serve to the best of my abilities to keep everything available in order to run the business, not serve the ego of those who believe they have a right to administer their own computers.