Browsed by
Tag: Legal

Photo Credit: "Ethics-cloud" (CC BY-NC-ND 2.0) by CCIKentState
Does a Bad Culture Create Bad Business Processes or Is It the Other Way Around?

Does a Bad Culture Create Bad Business Processes or Is It the Other Way Around?

It is a circular debate – does bad culture lead to bad processes or do bad processes corrupt a good culture? The answer is more complex as these two issues do not work in isolation. Recent news headlines and blog posts have raised the issue of weak corporate culture encourages dangerous business practices. Harvard Business Review recently published an article that raises the counter argument. Executive leaders shared with the authors of the HBR article that fixing the broken business processes corrected the cultural problems. Focus on the processes and let the culture take care of itself.

The truth, or better yet, the facts probably reside somewhere in the middle. Even with noble intentions, a less than stable corporate culture could develop bad business processes. It is the slippery slope by which a company begins a downward spiral. The reverse is equally plausible as poorly thought-out incentives or policies create an environment of opportunity by which less than ethical processes form.

Strong corporate cultures founded on high ethical standards and open communication would fix bad processes before they corrupt the environment. I would not be so comfortable making the same statement about mediocre or weak cultures. It is easier for bad processes to entice these company cultures into accepting questionable ethical judgments. Weak corporate cultures may encourage the development of awful business methods that are often splashed across the news headlines. Harvard Business Review’s point about fixing the culture through improved processes seems reasonable. However, there is one linchpin to the thesis. The leadership must realize the failings of the existing corporate culture and processes to carry out the needed changes. In fact, these are the first steps in strengthening the culture. Leadership is doing their job by leading. Even if the processes were not entirely overhauled, the awareness by the leadership team would begin to alter the corporate culture towards a stronger and healthier place.

Failures in judgments and corporate ethics are a severe and interrelated problem. It is not an issue of “all bad people” or “all bad processes.” The issues are interconnected and mutually reinforcing. It is the leadership which must accept the responsibility to make sure that the corporate culture remains strong, healthy, and supported by sound business practices. Corporate governance processes and the Board of Directors share this responsibility with the leadership team in ensuring the proper management throughout the company. When these factors are aligned, the organization is in a position to pursue the goals of long-term value creation.

Photo Credit:
Cloud Providers Should be Upset

Cloud Providers Should be Upset

Today, I was just speaking with a colleague about one of the “victims” of the NSA data “scandal.”  It is the cloud providers.  All of these cloud-based providers have got to be ‘just thrilled’ with the negative publicity online services are currently receiving with this concern over privacy and government monitoring.

I will be honest; it is made me even a little more cautious about my review and selection of cloud and SaaS providers because I too am concerned about where my data resides and who can access it.  I will not just allow corporate or my personal information to go anywhere that I do not know who can gain access to it.  Do I have anything to hide?  Of course not.  However, that does not negate my duty to my company and family to ensure that our privacy is respected.

If I was a cloud service provider, I would feel more than a little uncomfortable in the current situation, and I think the cloud industry will be set back a little by this affair.  After all, it is raised the ugly specter of “is my information secure” in the cloud or other online environment. That will take a little while for people to regain their comfort level.  On the upside, encryption should be making some nice gains as more companies look to encrypt their cloud environments for added security.

Photo Credit:
The Internet Never Forgets

The Internet Never Forgets

An elephant never forgets? Forget that. Try getting something pulled off-line when you really need it to go away. As you will quickly find out, it is nearly impossible to remove information completely off of the Internet once it has been posted. The Internet is such a distributed network with caching and proxy servers all over the world that once information is posted online it is part of that information collective and extremely difficult to sanitize (make it disappear permanently.) And when I say posted, I mean anything that is written to an Internet-based server is fair game, and you should be ready for that information to never go away.

I am not a conspiracy theorist that believes the black helicopters are scanning my brain waves or that the government is using my flat screen television to subconsciously program me. I do believe that the vast majority companies that provide us Internet-based services are honest and ran with integrity and concern for their customers’ privacy. However, I am not naïve enough to accept the fact that information does not get exposed accidentally or there are unforeseen circumstances where information may be breached intentionally or unintentionally.

So what is the big deal? Well, think about all the information that you store online; this goes both professionally and personally. Think about it really. If you are like most Internet savvy people, you have a tremendous amount of personal and professional information stored online. This can come from cloud storage such as Dropbox or to services such as LinkedIn, Facebook, or Twitter. Many of us do our taxes; host confidential and proprietary meetings; engage in personal and professional email communications that are sensitive; and even conduct medical activities online. How much of this would you like to see in Google’s or Yahoo’s search results? Would it matter that the information was accidentally exposed?

Read More Read More

Computing under lock and key, the corporate computing life

Computing under lock and key, the corporate computing life

We live in the  age of corporate compliance, complex system support, lawsuits, social media, and numerous security vulnerabilities that necessitate corporate IT environments remain locked down. For many years, cries have come from the user base to “free our systems so we can work as we want to work.” And for years, IT departments have resisted those cries.

I have had this discussion with friends, colleagues, employees, clients, and countless others over the years, and my core belief has never changed. IT environments must stay reasonably locked down. It protects the employees and the company from the evils in the wild and from the good intentioned but uninformed masses. Common sense and reason must rule every IT decision, but employees must also understand that not every request is reasonable when taken into consideration for the entire company.

Slate ran an article on this topic, and I love this quote, “Here’s why: The restrictions infantilize workers—they foster resentment, reduce morale, lock people into inefficient routines, and, worst of all, they kill our incentives to work productively.” The author, Farhad Manjoo, was riled against the controlling forces of the IT department. He touches on a few of the arguments for the IT restrictions, but I do not believe he has a true understanding of the implications. He also seems to think that all employees are “power users” and employees have lower job satisfaction because they are not running FireFox. I do not think either belief holds any value.

I am not going to trying and the make the point that all unmonitored employees will run amok, that is an unrealistic generalization. However, I have had some experience with clients in a totally open IT environment, and it taught me that the lack of automated controls increases management’s supervision burden. In one of the worst cases, I was requested to put in a Web filter by the CEO of a company because he was concerned about the amount of time being wasted each day on the Internet. We ran a report after a week of monitoring and found that the average sales department employee was browsing the Internet for four hours a day. They were not browsing competitor sites or industry information but pursuing personal interests. Obviously, there was a big shakeup in the department and the worst offenders were ousted.

In that particular case, the company set sales expectations based off of past performance, industry trends, marketing efforts, etc. and the basic assumption that employees were motivated and on task.  These employees were meeting sales expectations. However, just because they were meeting sales expectations, does that give them a license to waste half their day? If they were fully on task, could they have been beating their expectations by 50%? I have heard many times quoted that most industry groups estimate that employees waste on average 25% of their day on non-corporate Internet activities. For some companies in the software, Internet, and media business this makes sense but not for most other companies.

IT departments frequently hear in new software requests that the software is free. I am still amazed at the number of people who do not realize that software installed on their office computer may be licensed differently then when it is installed on their home computer. In an open IT environment the company would need to train all employees to read licensing agreements and know the difference licensing methodologies. What happens when the employee gets it wrong? Who pays the costs if the company is audited by the BSA and they find software license violations?

What about when employees have questions about one-off software applications? The IT department is “supposed” to know how to answer them. Is it even reasonable for the IT group to have that kind of collective knowledge about every application that can be downloaded from the Internet? Even if you doubled or tripled the IT budget, I am not sure the requirement could be met. In the end, IT would have to spend time and money researching how to use non-standard applications to support the user base. But the cry we hear is that the software is free so we should be able to use it. . .free software is not always free.

I was recently lamenting with a friend about a spat he got into over software compatibility. I honestly believe that many people think this is our way of blowing them off. A few years ago, we found particular printer software caused a conflict with our phone system software. When these two applications were loaded on the same computer, it corrupted the OS within a few days. At that time, we allowed employees to install printer software on their corporate laptops for use with while at home. About 25% of those employees had their computers reimaged multiple times. This amounted to a large loss in productivity and cost to the IT department. No one should expect the average employee to be aware of these issues, nor is it reasonable for a company to run continuous training sessions to keep everyone updated on these topics.

While most employees have good intentions, they are not IT professional, nor do they wish to become one. Let IT run IT and let the staff do the work of the company.And of course, those crazy lawsuits keep popping up all the time. People find some of the strangest reasons to sue other people and their employers. One of the saving graces that companies use to defend themselves is “standard practice”. In any open IT environment, you do not have enforceable standard practices. I have seen some employees accuse their employers of singling them out for recreational web surfing, and not other employees, when confronted about their job performance. When employees are confronted about productivity issues, they tend to redirect the criticism into anything and everything else but themselves. It is sad, but the courts often agree with the employee in these cases if the company does not have policies and standard practices they follow.

I understand that some large corporations have rather open IT environments. When you peel back the onion a bit, you will find that the environment is not as open as most people believe. Filtering and active monitoring still take place and management will step in when needed.

I do think some of my IT brethren take it a bit far and lock down the environment to the point of reduced productivity. This issue is a trade-off between productivity and security. I am a cautious individual and lean towards security, but I am always open to suggestions from my user base. Viruses, spy ware, ad ware, and data mining are real threats and must be prevented. The vast majority of this “stuff” enters computers by the users own actions. Yes, IT must guard against these threats, and some freedom is part of that cost.

Some employees would “get” all the training IT would need to provide for a secure open IT environment to exist, but others would not and that would risk a data breach or worse. I could not justify it in my own mind much less sell it to management.

I do not always agree with employee suggestions, and I try to lay out exactly why I would not allow a particular application or process. Most people think this method is fair and reasonable. I want everyone to be as productive as possible but operate in an environment that is easily supported and that controls costs. I do not want the organization to face frivolous lawsuits or be compromised in any way.  Simply put, I want a stable secure environment that is always available to meet the needs and challenges of everyone. This is why the IT environment must remain reasonably locked down for the foreseeable future.