Justin du Coeur (jducoeur) wrote,
Justin du Coeur
jducoeur

What does this actually teach us about IT policies?

One more from Ars today: 12% of employees knowingly violate company IT policies. The fun part of the quote, though, and I suspect it is true, is "in order to get work done".

Take that at face value -- really, it doesn't surprise me. But the right conclusion to draw, I believe, isn't that employees are bad and are maliciously or carelessly violating policy. Rather, it is that IT policies are often short-sighted, and wind up hindering employees from doing their jobs. This happens all the time, in ways from overly-tight web-browsing enforcement to stupidly-frequent password-changing regulations. Overly broad or restrictive policies often necessarily force people to work around them -- and therefore wind up putting the company at *more* risk than a slightly looser (and more consistently followed) policy would have.

Okay, yes -- I'm probably preaching to the choir here. But it's a good illustration of the Law of Unintended Consequences, and why stricter rules can backfire very badly. The solution isn't tighter enforcement, it's better-chosen rules...
Tags: technology
Subscribe
  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 4 comments