Wed 23 Aug 2006
Fact 1: Modern computers systems can be configured to allow or restrict what users can do during their time on the computer.
Fact 2: In many companies employees spend most of their work day on computers.
It is the habit of managers to link these two facts and try and to use the security and management tools that come with their computer systems to manage their workers. This is a mistake. We receive requests to give read access to certain areas, restrict access at certain times – generally force people to do things they are doing but management would prefer they didn’t.
Unfortunately this is mostly doomed for failure for two reasons. Firstly these systems tools are primarily to maintain the security and integrity of the computer system. So that when they are pointed at people there it is invariably a poor fit with unintended consequences. The most costly unintended consequence is where someone is stopped from doing their legitimate work. Secondly, by defining the rules by the computer system this legitimises work arounds. If you use the firewall to stop Internet chat and a user finds ‘a workaround’ then this must be OK because the rule is defined by the computer system restrictions.
There are exceptions, where the stakes are high (e.g. your HR documents) or where there are no other management processes available (e.g. computer systems for students at a university campus). Everywhere else setting expectations from workers is for the company manual and job review meetings.