At Martin Luther College we allow students to bring wireless routers into their dorm rooms so that they can connect their devices to our network. One thing we have seen creeping into more and more routers is the interstitial landing page and “helpful” software from the router manufacturers getting in the way of using our network.
Belkin and Netgear are the two worst at the moment but if history repeats, it will work its way into everything. The routers will ping out to some server (or a number of different servers) and if it doesn’t receive a response, it will throw up its page and keep you from using the network.
Even better is that some Belkin routers coming in recently have had some “content filtering” turned on which means that the router cannot get the proper DNS servers to allow them to register the device.
Defaults matter. Software matters. Hardware that might work just fine otherwise is broken by poor software with poor defaults. It isn’t helpful.
Rob England was kind enough to post a response to my Dark IT post. It is a good look at a major part of the problem:
Dark IT is not entirely the IT department’s fault. Nothing an IT department does unilaterally is going to fix the problem. If we are trying to fix Dark IT alone, we’ll continue to be on a hiding for nothing. It is essential that the organisation (not the IT department) puts in place policies and controls over the use of information and technology in order to protect itself, and that it empowers the IT department to be the agency to monitor and effect those policies and controls.
That is a great thing to emphasize. There is a lot of “blame” to be tossed around at any one time.
Within any organization you have individuals bringing in IT resources from the outside. This is not always a bad thing, but I have found that it is the root cause of many individual problems for individual users. I’m not going to talk about the problems that unsupported technology can cause within an organization. That’s boring and it has been rehashed by too many people.
The better topic is this: If you have a proliferation of Dark IT (unsupported technology brought in by another individual or department), why is that happening? What is or is not happening that is causing these people or departments to look outside of IT to find solutions for their problems?
Every time this happens, it is an opportunity to look inward at your department to make things better.
Nate Beran gets to the heart of the matter with IT And The Business Are Indistinguishable and I am not going to reproduce any of it here because it is so short. Technology and computing has weaseled its way into every nook and cranny of virtually every organization that the traditional way of thinking of IT as a separate entity doling out technology to everyone else isn’t going to cut it anymore.
Things change. Needs change. Department change. Dark IT can be a symptom of the larger problem of IT being pushed out either consciously or subconsciously and it is time to sit down with people and figure out what needs to be done. It is not so much that your job is on the line (even though it might be), but that in order to better serve the people around you, you need to get working on mending fences.
It isn’t a matter of if, but when.
Something is going to go wrong and you are going to be left holding a bucket to a quickly sinking ship. In that time of crisis, it would have been nice to have some sort of disaster recovery plan laid out so that you don’t have to think as much when your tech is on the line.
That is what I am working on right now.
Here is what I have mapped out as our initial run at this:
- Everything will be stored on our college’s Google Drive account. We have a folder shared among all of the employees in our department and we can share the Disaster Recovery folder will additional people if there is a need.
- The main document will be a spreadsheet outlining the names of the servers, what area the server is located, what rack they are on, IP addresses, administrative user names (passwords will not be housed in here for obvious reasons), operating system version, what services are currently running on those machines, a link to another document with more information for that machine, what order the servers should be brought back, and then a comment field for any additional funny business.
- Additional documents will be created for each server. This document will outline any additional information needed for installation of the operating systems, settings, software installation, and other stuff that might be important to know.
- A document outlining the network topology for the campus.
- List of emergency contacts for various systems and also contacts for various important vendors (like Comcast, our telecom, etc.).
The idea is to have a document with a strong overview of the entire server infrastructure and then further information if that is needed for anything. The harder part will be keeping these documents updated for the future.
We will handle the passwords some other way (yet to be determined) and then make sure that the people who need to know about this know about it.
Even if some disaster doesn’t strike us in the near term, it will still be good to just take a look at how things are setup currently and see if there are any areas where we can improve our tolerances without upsetting too many people.
It is never a bad thing to be vigilant.
On Novell’s Cool Solutions there was a recent post titled Turning Data Breaches into Positives. The best paragraph for me is the following:
Another way to use a breach is in communications to your customers. You don’t have to sell security software to offer value. The first thing you can do is spread the news. It’s often important for affected parties to act quickly after a data breach, so notifying your customer base in the hope of reaching any who might be affected is an important service.
That is true not just for data breaches, but for when anything goes “not right” within an IT department. Anytime you have the opportunity to speak with your users/customers/people, do so in a way to make it as positive an experience as you can.
Making a bad experience good can pay off hugely in the future.