"We can't just let users install anything they want!" This, the mission statement of the Value Prevention Society (VPS), has, in a decade, evolved from controversial policy to unquestioned postulate.
The history of the personal computer belies it. PCs succeeded because they freed end users from the constraints imposed by centralised IT, letting them select, install and make innovative use of whatever capabilities they could program themselves or acquire through the purchase of inexpensive shrink-wrapped software.
"Nice theory, but," I can hear VPS members respond, "supporting uncontrolled desktops would blow our IT budget."
This strawman argument misses the point perfectly. VPS members live in a binary world -- the only alternatives they recognise are complete lock-down and total free-for-all. The real world is more interesting. In the interest of offering solutions instead of criticism, here are some elements of a more balanced desktop support policy.
Establish multiple levels of supported software. The stuff you install, support and pay for out of the IT budget right now is one level -- fully supported. Next comes software IT has tested and found reliable, but doesn't pay for or install. Call it endorsed. Third is software IT hasn't tested, but software that is well-known, comes from a reliable vendor, or otherwise is deserving of some trust. Call it acceptable. And finally, there's that other stuff. Call it disallowed.
Establish multiple levels of support. Problems with fully supported software are first in the queue. Next come problems with endorsed software. Problems with software deemed acceptable rate the lowest priority, with no guarantees beyond restoration to a standard image.
Require management approval. As Ronald Reagan was fond of saying, "Trust but verify". Trusting employees doesn't mean trusting them blindly, so if an employee wants to install, for example, a PIM (personal information manager) other than the company standard, his or her manager must approve the purchase ... and, of course, the PIM must be rated acceptable or above.
When integration is vital, company standards rule. If you have no CRM software in place, for example, sales representatives should be able to buy and install whatever contact manager they want. If you have implemented a serious CRM suite that includes SFA (sales force automation), the standard overrides personal preferences.
What's that you say? It's easier to just lock 'em down? Of course it's easier. That's often the nature of a bad decision.Lewis is a contributing editor at InfoWorld. Send letters for publication in Computerworld to Computerworld Letters.