Don't Network Administrators Require Privacy? 457
An anonymous reader writes to tell us that Recently their company has decided to move the IT staff out of their offices to make room for the Service Department. The move has placed the IT staff in cubicles that all face inward and lack, obviously, the ability to lock their doors at night. This is, to them, an obvious breach in security and privacy for what may be sensitive network information. Have any other Slashdot readers dealt with this sort of problem before? If so, what specific information was best suited to rectify these security concerns?
Yes, and stripper girlfriends (Score:0, Insightful)
Man up, nancy. (Score:5, Insightful)
Just behave well (Score:2, Insightful)
Where I work we have the same situation (Score:5, Insightful)
Re:I don't see that they do, no... (Score:5, Insightful)
Bullshit. Once you have physical access to the PC you can compromise it.
Money talks (Score:5, Insightful)
Be thorough, but don't make stuff up. Don't make it a turf war, just make it clear that you're working to protect the systems that you're responsible.
Come up with this proposal, and an estimate of the costs, and request that Accounting begin soliciting bids from vendors. And then lightly suggest that this would not be necessary if you could have good locking offices.
Keep in mind, though, that private offices are only effective if they are truly private. If they're not always proerly locked, or if too many people have the keys, then you'll be the worst kind of office hypocrite.
Re:Yes, and stripper girlfriends (Score:5, Insightful)
The "looking over your shoulder" problem is more difficult to deal with than you might think. More than once I've had issues with users stalking up behind me and reading my screen before I even knew they were there. (the really rude ones ask questions about what they've read) I could be doing any number of sensitive things - sending someone an email discussing the layoffs that are scheduled for next week, chatting with someone sending them their new account password, drafting a memo to someone outlining new security policy... posting the new router passwords on a secure filestore... any of these and more could be serious breaches of security and privacy if observed by the wrong people, and as another poster mentioned, could violate state or federal laws.
It's really a design problem to set up a cubicle where the user faces away from their door. For one, they can either look at their visitor OR their computer, but not both. I always prefer looking at my monitor, and then off to its side to see my guest. This also allows me to look up information for them without having to turn my back on them. Intelligent cubicle design has the desk on the left or right of the doorway, not opposite it. If your desk is opposite your cubicle doorway, tell your HR to get a clue. The best cubicle design is of course to have to walk around your desk and sit down, facing the doorway as well as your monitor, but I'll recognize that not every company has the space or the funds for such large cubicles.
As for physical security, that's another matter in itself. The best design is of course to have every computer imaged identically, with network login and home folder, and to allow no one to store their own information on the local hard drive. This seldom goes completely followed, and all sorts of things wind up on the local drives. Besides being a backup risk, anyone with physical access when you are away from your cubicle can rummage through your hard drive. Some I.T. are paranoid even of the nighttime janitors and clean the I.T. room themselves so they don't have to give out another key. But for that I'd say if you don't have janitorial staff you can trust at least that much, you need to find new janitors.
And of course if the fileserver is in your cubicle with you, that opens up a whole new can of worms. (and if not, why is your office away from the server room?) On that note I will say one thing I am against... leaving the server with an account logged in on it. I see that where I work sometimes, and it bothers me. I like that extra layer of security on top of physical security, and knowing someone with a key can play with the server is not my idea of a Good Thing(tm).
Re:Nobody cares for IT (Score:3, Insightful)
We will revolt until our spouses scream "Go out and get a damned job already you lazy, good for nothing loser!"
Re:What A Retarded Quesetion (Score:2, Insightful)
Which actualy, I see as a legitimate complaint. An office has a certain kudos, so being forced out does mean an effective (albeit small) demotion. Maybe not a major deal, but certainly something that would justify complaint.
Re:I don't see that they do, no... (Score:2, Insightful)
Re:Might Even Be Illegal? (Score:5, Insightful)
Monitors need to be faced in such a way so that they cannot be viewed from the walkways.
I also run mine at maximum resolution (1400x1150 for the laptop and 1600x1200 for the 20" second display) with small fonts so that my eyes are the only ones that can read anything displayed (unless someone looks directly over my shoulder).
Important papers have to be stored in locking cabinets/file drawers.
No sensitive information should be stored on the workstations. All sensitive information should be stored in a protected data-center type environment. File servers, host systems, database servers should all be protected. Workstations should be set to lock within a few minutes (mine is set for 2 minutes). I also have gotten into the habit of locking my workstation before I stand up for anything.
With no locally stored sensitive information, then the administrators PC is unable to be used as a tool to gain said information.
Cubicles are not necessarily evil, they are however, a fact of corporate life.
Don't be lazy, keep the information secure, rather than trusting a simple "door-lock" to keep unsecured data secure.
Re:Yes, and stripper girlfriends (Score:3, Insightful)
Get a privacy screen for the monitor. They blur the screen to anyone more than a foot or so away from the monitor and they work. Drives me nuts to work on a computer with one on it because if I move my head to far I think I'm having eye problems.
No Privacy Required (Score:2, Insightful)
I had my own private office, however a request was made by Human Resources for the construction of new offices for their own use. Rather than the $10,000 price tag, I _requested_ that I transfer out to the cubicles on our main floor. Basically, it was a decision I made for the benefit of the company.
I find that no one really _needs_ private offices, unless they participate in confidential conversations. HR, for example. But really, couldn't offices or boardrooms be booked for those type of activities?
Once I was out on the floor, it was very simple to establish security. My main system was placed in a physically secured location (data centre) and I remotely accessed the PC via secure connection.
You have to understand that nothing is really secure. I ran it like a bank - it could be hacked, but I wanted to catch the person afterwords. Everything on the remote PC and local PC was logged and I also trained security cameras (inexpensive purchase for a 2 week DVR) on their locations.
Also, you can install privacy screens on the front of your monitor so that only the person sitting directly in front of it can see the desktop. They also help with glare.
I find it much more enjoyable with the rest of the team now. Having a private office can be rather lonely for managers sometimes.
Re:Man up, nancy. (Score:5, Insightful)
Re:Man up, nancy. (Score:5, Insightful)
We had a building restack awhile back, and they wanted to bump our group into cubes. I ended up going to the Real Estate folks at HQ and letting them know that my screen would now be facing public walkways, and communications about acquisitions would be ripe for compromise. (I kinda wish we had the SOX issues back then... since I deal with private info as well, it becomes a legal issue.)
Fortunately for me, Facilities didn't want to get those goofy cubicle sliding doors, and we didn't have enough conference room space for me to be able to reserve a conference room for all my confidential meetings.
Then again, at another of our offices, all of us are in cubes, but our bank of cubes is behind a secure access controlled door, and the general users aren't allowed in there... All depends on how critical your info is, and what is available to protect it.
I wouldn't press the sube issue directly, I would press the security issue, and let management come up with their own answer.
Re:Man up, nancy. (Score:5, Insightful)
What company gives regular IT people their own offices?
I've been at a Fortune 500 company for five years, and in that whole time (which has spanned two buildings), the only people with offices were the directors.
i hate cubicles because um.. security is bad ..ya (Score:3, Insightful)
I'm much more concerned about a network admin that flaunts sensitive information as a rebuttal because he doesn't want to be moved into a cubicle, than I am about network information hidden by a cubicle wall rather than a more classical solid version of a wall. Your "bricks-and-mortar" walls are redundant in a virtual world, and so are the more limited cubicle versions. Simple suggestion: lock or log-off your terminal and turn the screen away from the cubicle opening. Now how tough was that? .... oh, the problem is you're still in a cubicle? Well most of the people around you are too; start a self-help group with the other people if it bothers you. This article isn't about security ... it's about cubicles and a whiner for crying out loud!
Lots of replies from the living with momma crowd. (Score:3, Insightful)
It could be far worse (Score:5, Insightful)
No (Score:5, Insightful)
You are NOT entitled to privacy in the workplace. You are entitled to limit access to your work materials to those employees that have the need to know.
Two completely different concepts.
You can run IT from a cubicle, there is nothing terrible about that. If you are going to type in a password, look over your shoulder and make sure nobody is watching you. Access to the machine itself is no issue since you are not going to put your servers in your own office, they go to their own room. If you were running all the servers from your office then you are not as smart as you think you are.
Regardless of server OS, you can manage it from anywhere, there is no need to be sitting in front of the damn machine.
As for privacy, when you signed your offer letter and you agreed to follow company guidelines, you pretty much signed away any hope of privacy in the workplace. The boss can listen to your phone calls, can read your mail and read your paperwork. Yes, your boss can read your personal email if you are trying to read it from your workstation at the office. It is the company's computer and you are using the company's resources for personal reasons.
Now, say you are a programmer or a DBA, then you need a bit more shielding from prying eyes. But the plain IT folks? Nah, they can sit outside like everyone else.
Re:Yes, and stripper girlfriends (Score:3, Insightful)
Of course, then there's the guy on the other side of the back wall, or on the side walls. But a big hutch and a couple plants should keep that from being an issue as well.
Re:Yes, and stripper girlfriends (Score:5, Insightful)
What do I have at that point? Enough info for a serious carreer boost!
Re:I don't see that they do, no... (Score:3, Insightful)
And that accomplishes nothing. It's just like taking guns away from people who want to own them legally. People who read that sign and abide me it, much like people who properly purchase firearms, are not the ones you need to worry about. Frankly, I don't even know what an "administrative PC" is anyway. My laptop can be an administrative device wherever I take it. This is why you use things like one time passwords and carefully protected SSH keys for security.
Re:Yes, and stripper girlfriends (Score:5, Insightful)
> But for that I'd say if you don't have janitorial staff you can trust at least that much, you need to find new janitors.
I disagree. I think your colleagues are making a very prudent move by cleaning those rooms themselves. It's not about trust, it's about money. A janitorial position is simply not worth passing up a hefty bribe.
Fun example: My sister went to school in Ghana for a year. Going price for a human to do menial labor is about $5/month (or something like that,) so the school kept four people watching the international dorm 24/7. Going price to get into the international dorm: about $20. After a "break-in" the guards get fired, take a paid month off, find another shitty job. The burgler gets a laptop to fence. Everyone's happy.
Now, if the school had one person on duty 24/7, and that person was making $20/month, then that person might start valueing the job over bribes. Job security in a position paying 4x what you could get anywhere else is worth a lot more than one month's pay.
Even ignoring the difference in salary, an IT person has a lot invested in their career that a janitor does not. So they're going to be intrinsically much harder to bribe. Even if you get a dishonest one.
What a Retarded Reply! (Score:2, Insightful)
A network administrator holds the keys to the kingdom in any environment where information is valuable. Meaning, if you're in an environment developing any type of IP which you don't want your competitors knowing about, you better treat your network admin as you would your personal body guard, because that is what he is in that scenario. Industriable espioniage is real. It happens. Having some fracknut in your organization who read 2 copies of 2600 and wants to be a hacker, is real. That happens. Key loggers are trivial to obtain and use. That happens. Booting a system through an alternative means and futzing with the info on the harddrive is real, that happens.
If your organization's information is valuable, then your information security strategy had better include physical security and not just some idiots idea of "oh just log out of the machine and you'll be fine you stupid retard."
Dumbest Slashdot Reply. Ever.
Re:Might Even Be Illegal? (Score:2, Insightful)
Don't you ever stop to think?
Good heavens, if my screen locked after two minutes of inactivity I wouldn't make it through the day.
Re:What A Retarded Quesetion (Score:3, Insightful)
Furthermore how is this any different then most other people in the company.
Does the original poster think a engineer sitting in a cubical designing a Death Ray with drawings and such about is in any less of a bad situation.
Honestly IT people would be one of the first people to get cubed in most places. They are much less likely to be seeing important stuff, or having important/need to know phone calls and so forth.
Re:Man up, nancy. (Score:3, Insightful)
No he wont. Not for the reasons you're implying anyway. A little known company called Visa [visa.com] manages to keep all their IT guys in cubes. If you think your IT guys deal with a lot of financial information...
It's all about using the correct procedures in handling that financial info. This means, lock your desktop when you leave to take a piss, and secure all your hardcopies in a lockeable cabinet at the end of the day. What exactly are the 4 walls of an office affording you that a locked cabinet cannot?
Re:Man up, nancy. (Score:3, Insightful)
Re:Yes, and stripper girlfriends (Score:3, Insightful)
Re:In a hallway (Score:3, Insightful)
Re:Yes, and stripper girlfriends (Score:5, Insightful)
I think that most professional geeks need to come to grips with reality. If you're in IT, you probably think you're more important than you really are, while management probably thinks you're less important than you really are. This, obviously, adds up to a huge disparity, and causes plenty of conflict when these two distorted realities butt heads.
I'm sure some will look at this and say "no, really, I'm that important", but really, you're not. First, think about how many other people have exactly as much value as you do to the business. Unless you're in a very, very small shop, there's more than one person doing critical IT things in the first place. Then consider the people who produce whatever it is that your business does. It's popular in geek circles to complain that those people don't understand that they wouldn't be able to do their jobs without us geeks. Well, here's a news flash: you wouldn't have that job to do without them.
Next, try to remove that built-in Dilbert filter you've developed, and take a critical look at your immediate management. Now, your manager may be just as utterly useless as the stereotypes one would normally apply, but more often than not, that's an unfair stereotype. I know for certain that without my team lead or our group's manager, who both know how to work within the corporate political system to get things done, I would have been either downsized because upper management had no idea whether I was of any use, or I would have been fired for pissing off enough people.
You should also consider what those other departments really do (outside of the automatic reaction you probably have to that question, which is almost certainly along the lines of "annoy me" or "piss me off"). Sure, without the network guys, lots of things wouldn't get done; what wouldn't get done without this other department? "Service Department" is sufficiently generic that I have no idea what they do, but contrary to the common jokes about it, businesses aren't usually in the habit of hiring people to do nothing. Or take the Sales department, which is one of the bigger targets of IT vitriol. The individuals may often deserve it, or they may not (I've known some incredibly slimy sales guys in my life), but either way: the business needs customers. Without the IT guys, the sales guys would lack email, IM, and possibly even the productivity tools they use daily, but without the sales guys, nobody would be paying the IT guys' salaries.
For reference, I've only ever worked in one place where the IT staff got offices instead of cubicles, and that's mainly because there weren't any cubicles anywhere in our small office space. Not to mention the fact that it was about a 25-person ISP, and our customer base was primarily in a few counties. Oh, and they've since been gobbled up by a much larger competitor, had their employees laid off, and moved operations to another state.
I think, ultimately, that the submitter (and the GP) need a reality check. Despite what years in IT have led you to believe, you're not the most important preson in the organization and you're never going to be viewed as such. Millions of people get their jobs done just fine within cubicles. And for the GP: if you have a server in your cube or office, you're just asking for it anyway.
Re:Man up, nancy. (Score:3, Insightful)
Re:Might Even Be Illegal? (Score:5, Insightful)
Cubicles are not necessarily evil, they are however, a fact of corporate life.
Cubicles present no significant cost gain over giving everyone a small office with a door. That material they use to make cubes is expensive. In fact, this has been done on Slashdot before and many link were posted to different office design styles. The general consensus was that technical types (IT, engineers, etc) like to be able to isolate themselves from the world for periods of time so they can focus entirely on a task.
Cubes don't give you that. I am continually distracted by the goings-on in the next cube. If two or three people are there looking at a demonstration or trying to find a bug then it's very noisy and I find myself having to wind up the volume on my closed-back headphones to unsafe levels.
Should I remind anyone what happens when people in your office are testing audio equipment or a product that talks over a 56k modem in an open plan environment? All I hear all day is that noisy screech of modems (we have hundreds of them scattered around the place) and "test, 1, 2, test" through the other audio equipment that people are testing.
It has been studied to death and decided that if you put technical people in an office with a door they will be more productive. I think this more than offsets all the other reasons for having cubes, and the exotic measures that you have to go through to protect people's privacy when they are in cubes (lockable drawers, filing cabinets, secured rooms for storage of documents, etc).
Cubes are put in place by management who want some level of separation between the "elite" and the rest of us. Management justify it by saying "we want to foster an interractive and friendly work environment to encourage productivity" but they have never had to work in cubes, and dont understand the loss of productivity that will occur when everyone is there.
Re:Man up, nancy. (Score:2, Insightful)
Ummm try logging off? (Score:2, Insightful)
A lot of admin types are in the 'sea of cubes' and get by just fine with security.
If you think a office door will secure you, give me 15 seconds with a rake and tension wrench. ( if you have to ask, go look it up )
Re:Thats going to happen to me soon... (Score:3, Insightful)
I have told the big-wigs, in meetings now, that we will be losing our physical security.
You could always estimate how much it would cost to compensate for the lack of physical security. Make it cost twice as much as keeping the room. If they still balk, advise them in writing of the consequences and demand a signature. Keep this offsite.
Space to think! (Score:3, Insightful)
Re:Space to think! -- corollary (Score:3, Insightful)
Re:Man up, nancy. (Score:2, Insightful)
There's no respect for IT anymore, I tell ya.
Cubes and such (Score:2, Insightful)
In terms of the productivity argument, that holds a little more water. It still depends on the maturity level of the person in question, though. Give some hot-shot kid with zero professional experience an office with a door, and watch his productivity soar. Provided you count the number of slashdot posts, and hours spent on Myspace as productivity. In the case of a mature person, an office would probably increase their level of productivity. But if they are that mature, they probably have the ability to sack up, and get their job done in the face of such arduous conditions as being forced to sit in a cubicle.
Someone mentioned that the cost of cubicles is actually not much (or at all) less than that of giving people their own office. I find that pretty suspect, but we'll assume that to be true for the moment. Can someone clear up how this doesn't simply take up more floor space that may not even be available? Is floor space being taken into account in the cost analysis? I would think that if you have to construct a whole new building for every 30 people you hire, you're probably going to save a couple of bucks in just building up a cube city.
I agree that there is probably a degree of management elitism in most cases, that keeps the peons in their cubes, and the Directors in their offices, but oh well. Suck it up, and get your job done, or go find a new one. Apparently you weren't so distracted by your co-workers that you couldn't post an inane story on Slashdot.
Re:Man up, nancy. (Score:3, Insightful)
Maybe the only consoles at which critical passwords are entered should be in the server room. There are rackmount keyboard trays that can slide right out when server access is required. The IT staff can stand when doing this work and/or a tall hard stool can be provided.
All the old BOFH stuff is ancient folklore. It's all PUBLISHED at this point and management has had somebody review it.
The jig is up.
Re:Don't try to sound like a security expert... (Score:2, Insightful)
Are you going to tear apart a laptop that isn't there?
Are you going to bunk with bios settings that are locked via password, with a chassis that is locked so that you cannot open the case?
No, the systems are not configured to boot from CD-ROM, who the fuck do you think you're dealing with, your ignorant mother?
Did you know that most corporate networks have workstations that have USB DISABLED? so external drives never work... Obviously, you didn't.
So, the only way you're going to get the data, is if you physically STEAL the computer.
Pull your head out of your ass, and go work for Radio Shack, where you can pretend you know something.
Old hard drives are not thrown out - they are sent through an industrial chipper / shredder then sent to be melted down for scrap. And why, oh why would you *WHIP* your old hard drives. (i'll assume you meant wipe, but hell, I don't know)
Now, I don't know how much you spent on your *EDUKASHUN* (intentionally mis-spelled, so that you would UNDUHSTAND me), but you overpaid.
Re:Might Even Be Illegal? (Score:3, Insightful)
I don't agree that offices are roughly the same cost to install as cubes. As others have said here, cubes are easier to light, ventilate and electrify. I think you also may use less space per person with cubes than offices.
But most importantly, remember with software developers you need to encourage a certain degree of chatter/communication as part of team productivity. With fewer barriers to communication between developers on a team (ie fewer walls and doors), you increase knowledge sharing, juniors learning from seniors, coordination.
If you have a decent team of people working together and isolated enough from the rest of the world, you can evolve amongst yourselves have to handle music and other noises. eg, come up with a "silence token" of some sort (like a stuffed bill gates doll) that you put on your monitor when people shuld be quiet. Or wearing headphones is a universal symbol of "quiet, please".
Also cubes allow people to work in broader more open spaces. eg, if you have a space with 15-20 foot ceilings and sunlight coming in properly, it can be a plus to take advantage of that over being in a box with an 8ft ceiling which may or may not have a window.
Of course it's a balance. I think management in our industry has been trying to find the sweet spot here forever.