

Using Amazon EC2 to Thwart Crappy Internal IT Services  - snewe
http://www.cerebralmastication.com/?p=391

======
noonespecial
Most of the restrictions you might want to circumvent are put in place for
legal reasons, not technical. Some data is not allowed to leave the state,
some _the building_. Amazon servers are not on the list!

One tiny slip, one mishap, and all of the "being freakin' awesome at your job"
in the world won't stop you from being a great big minus sign on your
company's balance sheet with regards to hiring you.

If you happen to be an employee considering these methods in order to improve
your own awesomeness by breaking the rules, consider why those restrictions
where put there in the first place: _"jackass,you are the problem"_

Sorry for the rant, just an old IT guy here who's had one too many dealings
with over-clever users who broke stuff big time by "knowing better" without
knowing enough...

~~~
bockris
I had a manager in 2001 that broke internal IT policy by buying a wireless
router to use in his office and he didn't secure it. Why did he need it you
ask. Because sometimes he didn't want to sit at his desk but at his conference
table 10 feet away. We almost failed a PCI audit because of his stunt.

Also we bought a software application that the vendor insisted needed
unrestricted access to the internet. We tried it from behind our firewall and
whatever they were doing couldn't get past our proxy. We actually had to
deploy this internal application in a DMZ and waste a public IP to run it. We
had a tech from that company doing some upgrades and later we found that we
were running an FTP warez site. The tech had started up the default IIS FTP
server so he could leave some files to retrieve later and didn't bother to
tell us.

~~~
jmount
I never did it, but my frustration with one IT department was so great that I
planned to: buy a wireless router, turn it on, name it "ITDeptPrivate", give
it a random password, NOT hook it up to anything and lock it in closet or
drawer somewhere. Let them wasted their time hunting down something that in
some sense does not exist.

~~~
bockris
If you valued your job that little, you might as well have quit, IMO.

You aren't going to change policy with nose thumbing pranks. I have a decent
win/lose record by engaging the decision makers over policy issues like this.
When you don't win, you can't cry about it. You find a new job or live with it
and wait for an opportunity to bring it up again. Playing tricks or willfully
circumventing restrictions just makes it worse for everyone when you are
caught.

------
ohhmaagawd
IT depts don't care about developers getting shit done, they care about
covering their asses. I work at a software company that has an IT dept that
seems to do anything in it's power to keep work from being done. They do on
access virus scanning which increases compile times 5x (which we can't turn
off). They banned IM because of "legal issues". They banned itunes because of
"legal issues" and "bandwidth issues". Any streaming media is banned because
of "bandwidth issues". They installed software that keeps track of everything
you install. They set up our (proprietary Nortel) VPN to route everything over
their network. Chatrooms like Campfire - banned. SaaS - banned.

Of course I've worked around all these issues, but it's a PITA. I don't buy
the legal issue argument as companies like google and msft don't have all
these restrictions.

I'd love to know the reality on these legal issues. Is there really a legal
reason for a company to ban IM/Chatrooms/iTunes/etc? If so, why is it that
Google doesn't?

~~~
hapless
You are absolutely correct. Covering the company's ass is half of IT's job.
Providing services is only the other half. It's a tricky balancing act.

Legal problem #1 with IM is logging. In public companies, particularly in
regulated industries, anything that has ever been recorded by any employee can
and will be used against you, and the discovery will come at your expense.
Everything that is said, but NOT logged, will be used as evidence of your
malfeasance.

For this reason, E-mail systems are typically centralized, and users are
prevented from pulling mail off the server, so that all e-mail can be retained
for exactly six months, no more, no less.

With third-party IM services, that can't be done. This is the reason for the
rise of highly restrictive internal IM - Lotus Sametime, Microsoft office
communicator. With Communicator you can ban both logging AND copy-paste
centrally, at the server. It's a terrible tool, but it controls the legal risk
quite nicely.

\--

Google doesn't worry about this because they have more money than sense.
(Also, not a regulated industry.)

~~~
ohhmaagawd
The root of the problem is IT has no incentives or checks in place to maintain
a reasonable level of productivity. Their only mission is to make sure that
services are online and there aren't breaches. Productivity doesn't factor in
at all.

I'm not in a regulated industry (enterprise software). I completely get this
if it's healthcare or defense. But we are just talking about middleware here!

~~~
hapless
IT is a cost center. There's constant pressure to contain its headcount and
budget.

The costs of providing a high level of service are obvious, but the costs of
lousy services are all hidden. As a result, yes, there's usually NO incentive
to do anything more than the minimum.

(The minimum, of course, involves the ass-covering.)

------
dacort
"Let me reiterate that all three of the above uses put me in direct violation
of my corporate IT policies."

Not to mention several state and federal regulations depending on the data
being uploaded...

------
pmorici
Ugh, if you are a rank and file employee why would you do this. You are
basically taking on a large risk where all the upside benefit is for the
company.

~~~
tomjen2
Because you care about your work?

Granted you are being exploited, but some people will rather slave away than
being seen as a greased wheel.

------
patrickgzill
He doesn't know how to write Oracle PL/SQL, nor apparently how to use DECODE
etc.

So he blames the company and puts sensitive corporate data up on an external
resource with no ability to audit its security.

Brilliant!

------
jodrellblank
And the only reason IT would give you 100Mb of space is because they hate you
and want you to fail. Nothing to do with corporate policy or budgetary
limitations or staff or any other kind of limitations.

Uh huh.

"The rules are there to prevent disaster, but as a consequence they ensure
mediocrity" - <http://www.youtube.com/watch?v=lA-zdh_bQBo>

Sometimes no-disaster is all a big company wants.

------
borism
Avoid crappy Internal IT services/policies by not joining the crappy company
that put them in place.

Great tips for us teleworkers though.

~~~
JoeAltmaier
IT guys are a different breed - paranoid, detail oriented, clever, overworked.
Because they thwart us, make our jobs harder, does not make them jackasses.
Ok, maybe jackass is a relative term, but don't make the mistake of imagining
they don't know their business. The world changes fast enough - IT maybe
doesn't follow the latest trends. Try perhaps working with them? No mention of
that in the article.

