The decision validity test: Blocking Facebook
Facebook, MySpace and YouTube here at work are all blocked by the corporate firewall and were before I got here so it’s too late to bother questioning why that decision … plus I’m not so fussed as none of those are sites I particularly use and certainly not for any social networking that is of professional interest or work-related - I have Twitter, LinkedIn and others for that. But I know that some people and corporations have made great use of Facebook as a workplace collaboration tools such as Westpac, mentioned in Sue Bushnell’s article Enterprise 2.0 - What is it good for? published on CIO.com.au.
However after reading that article and thinking about why IT departments block access to these sites I thought of a validity test for these decisions to determine whether the IT department is over-stepping its boundaries into HR and corporate communications or otherwise infringing on personal rights that really aren’t within its jurisdiction or mandate.
I have an Asus Eee PC and a Vodafone 3G/HSDPA USB modem that I take everywhere, including to work - which permits me to access any site including Facebook, Twitter etc as well as do what I want such as write blog posts from work like I’m doing right now.
So the rule to test whether an IT department’s decision to block access to websites and web services is valid and appropriate on the grounds of the areas of responsibility of the IT department - such as security - goes like this:
Any ruling made by a corporate or government IT department should apply only to that physical network and not be at all relevant to activities off the corporate or government network.
In addition, any ruling should be genuine, supportable by evidence.
This means if a corporate or government IT department want to block Facebook on basis of “security” then there must be a genuine, identifiable security risk. Organisations have performed security assessments of Facebook and found it is not necessary to block the entire site but only specific applications in Facebook in order to minimise the risk (see aforementioned article for case studies).
This also means if an IT department blocks access to social networking sites on the grounds of “it’s a waste of time” - well that seems to apply to any access to such sites during work time regardless of whether you access it through the workplace network or on your own laptop and wireless connection that you bring into work. Invoke the decision validity test and you realise that the IT department is stepping into areas of work productivity that its people are neither experienced in or mandated to make policy on. That is a HR issue.
And if HR were to make that ruling it may not necessarily result in an outcome that requires complete blanket blocking of access to these sites - and it would be a business decision not a technology one.
May 7th, 2008 at 3:09 pm
I agree totally. Too many blocking decisions are made opaquely or under the generic ’security’ or ‘time wasting’ concepts.
I’m pretty sure on my network all video is packet shaped, probably to ’stop time wasting on YouTube’. Which is fine, but I see probably more people wasting time on smh.com.au or news.com.au reading about Britney or the weekend League results than I would ever see on YouTube or Facebook or Twitter combined.
In my experience, people are more accepting of a decision if it is explained to them and the shadow IT is less likely to rear its head if people feel that they have been treated like adults. If something is a security issue, say ‘this site is blocked because [xxxx issue] exposes the network to an unacceptable level of risk’ or ‘YouTube has been blocked because streaming video uses too much bandwidth that is required for x, y and z internal uses’.
Anything else is just lazy policy making that treats end users like children.
May 7th, 2008 at 3:25 pm
That’s a really interesting post Nathanael, thanks
I’ve never worked anywhere that’s blocked specific sites, but it feels a little accusatory to me. In any case (security issues aside), why wouldn’t you be able to surf the net during your lunch break, for example.
May 7th, 2008 at 3:29 pm
Geez Shane, well said.
My wife is actually going through some of this bullshit at work and I believe that I thought the exact same thing. Treat them as adults, which is what they do, and it’s made an amazing difference in her office as compared to others. Morale, in some of these cubeworlds, can be everything.
May 7th, 2008 at 5:40 pm
Secondary thought:
If staff are spending significant amounts of time at various internet sites, instead of punishing the staff by blocking the sites, perhaps questions need to be asked as to what’s not working in the workplace more broadly.
In my experience, anyone sufficiently motivated and inspired by their work and workplace is too busy having fun doing their job to give SNs/YouTube/news anything more than a cursory glance on a short ‘recharge’ break. Widespread and/or excessive internet use is generally an indicator of deeper morale or job dissatisfaction issues.
(I’m leaving blog comments during work time. What does that say about how I feel about my own job? Plenty, but I think I’ve already alluded to this in a previous comment on ‘getting through the day’).
May 8th, 2008 at 2:01 pm
I worked at one gov department and they had an over enthustastic blocking system that blocked an increasing number of sites and file types based on security or time wasting concerns. The big problem was that a number of staff needed access to these sites or file types for work. So they got a blanket exemption. Last I heard over 400 of the 800 staff had exemptions. Ending up in a have vs have nots work place.
Currently, I look after the blocking software in one Govt agency. And yes we do block porn and hacking sites, not because what the 350 staff might do, but because we have 80 public access computers in public areas.
As for blocking facebook, not a chance, I have had to build a facebook app instead. Staff are being encouraged to use SNs.
August 1st, 2008 at 5:31 am
Ok obviously none of you work in an IT department. You don’t have to deal with the phone calls all day long asking why the internet is slow or employees complaining to their managers about their co-workers being on myspace and facebook and whatnot all day long instead of doing their work. Any site no matter how small uses bandwidth even if it’s just to refresh an Advertisement in the background. The company pays for these resources so you are better able to do your job, not slack off and talk to your friends.
Most employees that are in the 30+ age bracket don’t bother with social networking sites to begin with. On the other hand users in their teens and twenties like to stay on it all day long instead of working. I can
sitecite several examples at my company alone. Again, obviously you don’t have enough work to do if you have time to browse the internet. I myself ALONE run the IT department for a company of almost 300 people. I don’t have the time to babysit every user and explain to them way they shouldn’t be on social networking sites.So unless you work in the IT department and understand why they block those sorts of sites, quit whining and earn your paycheck for a change.
P.S.
It’s simple to block proxy and VPN creation by giving the users NO rights to their local machines if they don’t feel the need to follow company policy.
August 1st, 2008 at 8:22 am
@MattL I work in a large Australian Government department. One of our Ministers is on Facebook, as is one of our programs Safe Work Week Australia http://www.facebook.com/pages/Safe-Work-Australia-Week/18918481434?ref=mf.
There is valid use for social networks to disseminate infomation, collaborate and gather knowledge and ideas, bring staff together, etc etc. Not everyone on a Facebook are playing Scrabulous. Blocking access to Social Netowrks for legitimate business use is like blocking email a decade ago.
August 2nd, 2008 at 12:46 am
Hi Matt,
Thanks for your comments from the point of view of a corporate network support staff member - although I can’t help but feel you haven’t taken the time to understand why I support the use of social networking tools in organisations. I certainly don’t endorse the senseless wasting of time on, as zuzu mentioned, Scrabulous and the like.
I also don’t believe that such decisions about productivity and collaboration tools in the workplace should be based on understaffing and resourcing issues in IT departments. If that is what such decisions come down to then I think that the root problem should be identified and dealt with rather than allowing that to cause a multitude of problems downstream.