[NTSysADM] Re: [patchmanagement] OT: IT Philosophy

[Susan Bradley]

Mod hat on:  And I really promise not to send any more through.  Please post on the ntsysadmin list on this topic. On 12/8/2016 2:08 PM, Matthew Houston wrote: My answer to the entirety of these questions and any others like it is this:   Explain to me the benefit to the business.   Until you can do that I couldn’t care less about the morality, legality or risk involved in it, the answer is just ‘No’. If your boss doesn’t understand that, then he is not a very good boss.   Every action taken by IT is a cost, whether it’s a technical cost, man hours, cap-ex etc, it’s still a cost. I wouldn’t expect any other business unit to simply throw money away on something that doesn’t benefit the business in any way, why should you consider it as an IT department?   Also, if your business is expecting users to be available 24/7 just because they have a phone and laptop, that’s a really shitty business. Matthew Houston Information Systems Support Specialist Camden Council   I    PO Box 183, Camden NSW 2570 P: 02 4645 5168   I   Email:   matthew.hous...@camden.nsw.gov.au   I   www.camden.nsw.gov.au This mail, including any attached files may contain confidential and privileged information for the sole use of the intended recipient(s). If you are not the intended recipient (or authorised to receive information for the recipient), please contact the sender by reply e-mail and delete all copies of this message. Any views or opinions presented are solely those of the author.   From: Ray Pating [mailto:ray.pat...@gmail.com] Sent: Thursday, 8 December 2016 7:36 PM To: Patch Management Mailing List Subject: Re: [patchmanagement] OT: IT Philosophy   Here would be my answers to that:   1.      We give them laptops and smartphones and expect them to be available at all hours of the day – that’s convergence of home and office life – why shouldn’t we backup the photos of their kids, pets and vacations too? - Get a standard user, audit how much data his/her media files consume. Multiply that by number of users, get the total backup storage consumed per full backup, multiply that by 2 then get approval in writing that states that we are willing to spend department funds to backup this much non-business-related data. Once they approve that, then sure, all objections should be waived. Otherwise, consider this as insurance so that if manglement asks why you spent thousands of dollars to backup something that doesn't directly bring in profit.    2.      Do we have bandwidth issues? We have a broad link to the internet and only at periodic peaks do we hit anywhere near our limit So you're never expecting your business to grow and for your personnel to increase then? More business = more employees = more internet users. A fat pipe will not remain a fat pipe for long when everyone leaves a torrent client running 24/7 at the office, and although 50 Mbps download may seem a lot for an office of 5, it will start to feel some strain in an office of 15, and will be intolerable in an office for 50.    3.      Legality of torrents? Really? How many people care about the legality? MPAA/RIAA? Are you hosting a website? If so, do you want that site to be taken down once an MPAA sniffer tracks torrent activity on your IP and issues your ISP a DMCA notice? If you live in a third-world country in the middle of nowhere, then sure, nobody cares, but in corporate America/Europe, they care a lot about this.   4.      Malware? We have other protections in place. "I can drink poison anytime I want, I have an antidote kit in place anyway." Don't tempt fate by making risky decisions. Antivirus software cannot protect against zero-day exploits, and even the strongest of protections cannot defend against an idiot with Local Administrator rights. There are 10 kinds of people in the world; those who can read binary and those who can't.   On Thu, Dec 8, 2016 at 12:24 PM, Kish N Kepi <kishnk...@gmail.com> wrote: We keep a lax environment – our users are local admins on their Windows laptops and we not stop them from installing any software they want – the only caveat I ever say is ‘don’t be stupid’. And yes, we are a hi-tech house, well beyond the startup stage.   During a conversation about potential changes to the way we do backups today, I stated that the current back up routine specifically excludes most media files, and also that I’d used psexec to kill utorrent processes. My boss, who is actually quite knowledgeable in IT matters, had a response surprised me: why? Why not backup the media files? Why not allow torrent traffic? His points were as follows: 1.      We give them laptops and smartphones and expect them to be available at all hours of the day – that’s convergence of home and office life – why shouldn’t we backup the photos of their kids, pets and vacations too? 2.      Do we have bandwidth issues? We have a broad link to the internet and only at periodic peaks do we hit anywhere near our limit 3.      Legality of torrents? Really? How many people care about the legality? 4.      Malware? We have other protections in place.   I couldn’t come up with any answers that sounded reasonable to me, so at this stage, we’re planning increase our backup storage capacity.   Does anyone here have answers that I lack? Sorry for cross-posting, but I this question is bothering me, and I know that many people in this for a have strong, well-formed (and well-expressed) opinions   Kish n Kepi