by
Gabe Knuth
Note: If you haven't read the introduction to this type of post, FUIT posts are written in a somewhat snarky way, with a fake company and situations that, while true, don't necessarily reflect stuff that we (as in Brian, Jack, and I) actually do. All we're doing is talking about what's going on already in organizations, trying to raise awareness by exposing the methods people are using to circumvent IT policies and regulations. The idea is to lay it out there, and discuss possible ways to remedy these actions in the comments.
When we talk about "The Powers", we're referring to IT departments and the policies, regulations, and whatever else is getting in the way of users at TRI, Inc. (the fake company name we're using). For more, check out all of the articles in the FUIT series.
The Situation
Sandi is a sales rep for TRI, Inc. that travels often enough to have a corporate laptop that she also uses at her desk when in the office. She has a portable WiFi hotspot (like the Verizon MiFi) for when she's on the road. When she travels, everything she does works just fine. She can work via the VPN and various external websites that she needs to use, as well as do all the personal things that she wants to do to kill time or stay connected on the road. She can access Dropbox to share files between her laptop and her home computer, use Facebook, download songs via iTunes, or watch videos on Hulu.
(Maybe she even reformatted her machine so she could install some apps? :)
But when she goes to the office, only the work-related sites and activities are available to her. The Powers have restricted the corporate network so that only certain things can be done, and to open up Hulu would require a business case and a small roll of red tape. Not that Hulu needs to be open, but there are also completely legitimate cases of sites that are blocked that Sandi can otherwise use. Some, like her personal SalesForce.com account, are IT Consumerization challenges all by themselves (Yes, sales reps regularly get personal SalesForce accounts rather than deal with corporate systems. If only the corporations knew...). The point is, Sandi is hamstrung in the office.
To some degree that's understandable, but not to the users like Sandi. She thinks this just interrupts what she's used to doing, and tries to avoid the office altogether. Still, when she's not on the road, she needs to be at her desk, so she has to go in.
The FUIT
Realizing that the entire problem revolves around the corporate network, Sandi decides to go around The Powers and simply use her MiFi to operate as if she wasn't in the office at all. She still gets to work with people closely, it's just that her network connection is a bit different than everyone else's.
Plus, since her MiFi can support up to 5 connections (some others can do more or less, but this instance is using the Verizon MiFi as an example), she and four of her coworkers can all take advantage of the less restrictive network. Sandi is now "Office Hero Sandi" and users spend their time alternating between coffee breaks and reruns of "My Mother, The Car" on Hulu.
A match made in TV Land
The Powers Should
First, The Powers should identify this as a real threat/problem. Users can do this right now. Today. I do it. Brian does it. Anyone with a MiFi or a phone that has a built-in hotspot can do it. I know lots of people will disagree and say users aren't smart enough, but it only takes one.
Consider this: If they happen to be plugged in to the corporate network while accessing the WiFi too, they've now bridged the corporate network to the internet. It just takes one person to do that in an uninformed or irresponsible way. One gamer who opened up his WiFi IP address as the DMZ address that is now wide open to the internet (gamers have that dangerous amount of knowledge between novice and skilled that can screw up corporate IT). Keep in mind, too, that a single device can support multiple connections, so one person can enable several others to also circumvent policies and protection.
So what can the powers do? Certainly a policy saying "don't use MiFi's in the office" isn't good enough. Is the solution to just open things up to all the users? That would solve the problem, I guess, but not in a good way. Plus, some people would still feel like Big Brother was breathing down their necks and continue using the other method. Remember, employees really don't care about company policies or why they're in place.
To be honest, this one isn't that easy to answer, so I'll put it out there to you. Keep in mind, this is not speculation. It's happening. I'm not saying it's happening everywhere and en masse, but it is happening. It doesn't have to be a corporate-provided device, either, so there's a BYOD concern, too. Yikes! What do you think?
(Note: You must be logged in to post a comment.)
If you log in and nothing happens, delete your cookies from BrianMadden.com and try again. Sorry about that, but we had to make a one-time change to the cookie path when we migrated web servers.