Secure the shared printers, stat!
A few weeks ago, I met with a senior partner of a mid-sized professional services company, whose 100-person firm was recently acquired by a much larger organization.
Prior to the acquisition, this partner had overseen IT for his company, as well as other professional matters. With the new management, he had no responsibility or significant input into IT functions, which was handled by the larger firm’s dedicated IT department.
This was a source of great frustration to the partner, who marveled at the pointlessness of many of the newly imposed policies, such as the new rule that restricted employees to using a single designated network printer, instead of being able to see and use all shared printers in the two-story office.
The annoyance was palpable: “In what way does restricting printers improve our security?” he asked. “In what way does it improve productivity? Nobody in IT can explain to me why we have to lock down the printers… but we have to lock them down anyway.”
The new policy came up because we were meeting in the company’s first-floor conference room, and his office – and the shared printer he was assigned to – was on the opposite corner of the second floor. You can imagine the inconvenience when, during the meeting, he wanted to print out a document to give me.
Policies are good things, and security policies are good things. However, all IT policies, whether security related or not, should to fit with broad business goals, such as “enhance or enable employee productivity.” An pointlessly restrictive policy like this doesn’t serve anyone’s best interest. Plus, a lack of understanding by employees of the restrictions caused by seemingly gratuitous policies breeds resentment.
In nearly all organizations, rank-and-file employees – and top managers – already have a visceral dislike of IT, which is generally seen as being aloof, cold, uncaring and more concerned about C-Y-A and hiding behind arbitrary policies than treating end users as customers. It reminds me of digital rights management: When the assumption is that your fellow employees can’t be trusted, is what way is IT a “service” department?