Sanctioning software

Last week I wrote about the benefits of standardizing end-user hardware. When it comes to software, however, the “one-size-fits-all” approach starts to break down. While hardware can be deployed as a commoditized, multipurpose platform for most users, software is where a system comes to life and people get real work done. End-users serve many roles in an organization and do their work in vastly different ways. That’s what makes software standardization so difficult.

Nonetheless, enterprises still need to adhere to a minimum level of software standardization. Regardless of platform, base OS installs should be uniform, with at least anti-virus software, standard productivity suites, patching software, and backup clients. For medium to large enterprises, asset management, software licensing tracking, and asset discovery software can make the difference between chaos and manageability. These basic elements help protect users from external threats and their own mistakes, but this is where the easy part ends.

Once the basics are in place, the pressing question becomes, “Should I give users administrative access to their systems?” This might just be the toughest question in IT management because it has far-reaching implications. At InfoWorld, we typically provide administrative privileges to users on a case-by-case basis to do specific software installs. Users ask me all the time if they can install AOL Instant Messenger, and in most cases, I approve it. AIM certainly isn’t ideal for many reasons; but even if I had an enterprise IM system in place, AIM has become a de facto standard that allows communications across organizational boundaries, and I know that it helps our employees get real work done. If I was working in a heavily regulated industry, however, I would have to refuse the AIM requests because in many cases IM must be monitored and stored just like e-mail; and AIM is not enterprise-worthy for a variety of reasons. Other requests are more clear-cut. When it comes to installing consumer file-sharing programs like Kazaa, the answer is a clear “no” because the software has no business use, not to mention the legal issues.

Even if your enterprise puts end-user machines in total lockdown, control over software usage still isn’t absolute. In the past, I’ve written about the forces of decentralization and have splashed a little cold water in the face of IT managers who think they can absolutely control the tools that end-users choose. With the growing popularity of very capable low-cost (or free) Web-based tools, control is becoming increasingly difficult. If the users at your company don’t like the corporate groupware calendaring system, they can self-organize and sign up for Yahoo Calendar and never look back. If they don’t like the collaboration or knowledge management tools IT has provided, they can sign up for JotSpot or SocialText. Salesforce.com puts CRM and SFA in reach of the average business user.

Sure, if all of these things were in-house, they could be integrated more completely — but how long has that total-integration project been languishing on your project list? You can aggressively block services like these at your firewall, but you have to offer functional alternatives to remain relevant to the users you serve. If you don’t, your users will go around you. After all, they have real work to do, and if you can’t help them leverage technology to do it, they’ll figure ways out on their own.