(This originally appeared on ITProPortal.com)
Like it or not, moral ambiguity plays a major role in all our lives. In your personal life, you may tell friends that you’ve been under the weather and can’t make a social gathering, when the truth is that you’ve just settled in following a long day at work and the prospect of an evening anywhere other than on the sofa would be as welcome as a kick in the shins.
Lying to friends isn’t something to be lauded, and yet this can be filed under the “little white lie” category of mistruth. Such moral uncertainties also exist in the workplace—perhaps you’ve misled your boss to give yourself more time on a project, or overplayed your role in a particularly successful activity in order to reap the benefits.
This is no different for IT professionals, who may be more inclined to embrace moral ambiguity than people in other positions. This is often driven by the enormous pressure placed upon us to manage increasingly complex hybrid IT infrastructures, embrace and seamlessly integrate mobile devices into an enterprise, all while protecting networks from an evolving threat landscape.
Given these factors, and the restrictive budgets with which we have to work, it’s understandable that we are sometimes morally fallible, especially if being flexible with the truth helps ease the mounting pressure.
The problem, however, is that moral ambiguity has a habit of snowballing and, usually, comes back to bite the perpetrator on the behind—a dangerous proposition for IT professionals, whose work ensures the smooth-running of a business’ IT environment, and whose failure to do so could be incredibly costly.
So, how can IT professionals begin to clear the murky moral waters they sometimes stray into, and what can be done to ensure that the need for such ambiguities is removed?
Be honest with yourself
As much as IT professionals would like to think it, we are not omniscient when it comes to our IT environments. A great deal goes on that we unfortunately can’t know about, and the more IT services a business outsources, the more difficult it is to know how it operates. Now, thanks to the growing prominence of hybrid IT, our IT environments contain more nooks and crannies than ever before, meaning that we’re less able to gain a complete view of an organisation and its workings.
In the rare moments when we are being truly honest with ourselves, IT professionals will concede that this is the case, and admit that we need assistance in seeing the whole picture when it comes to our IT environment.
Despite these rare glimmers of honesty, there are too many times when we are more than willing to lie to ourselves and assume that we have complete visibility of our environments, and that nothing could take place without our knowing. Such overconfidence can be harmful to an organisation and lead to vulnerabilities being exploited under our very noses.
However, it isn’t only the hubris of IT professionals that casts a potentially dangerous moral murk over an organisation’s IT environment. A great number of companies are put at risk by the little white lies perpetrated by employees.
The fact that employees tell porkies isn’t exactly grounds for a witch hunt. Everybody in an office is prone to a bit of fibbing, and within an organisation that has strict rules regarding something like mobile devices, it’s all too obvious that a large number of users would surreptitiously flaunt these rules.
For example, some organisations have a policy against using personal USB devices. This can be understandable—a USB is hardly the most secure of devices and could either introduce a malevolent force into an IT environment, or could just as easily be lost by the user when they venture into the big wide world.
However, if an employee has the option of staying in the office until 10 p.m., or sneakily popping some work on a USB in order to finish off at home, chances are they’ll embrace moral ambiguity and do the latter. While this may not seem like a big deal, if the worst happens and an employee’s rogue device brings about a breach, the consequences can be huge.
With this in mind, IT professionals are responsible for keeping an eye on everyone in an agency and ensuring that employees don’t introduce unnecessary risks. This isn’t a role we relish—acting like prison wardens confiscating contraband isn’t what we signed up for, but knowing where vulnerabilities may be coming from is a vital part of our job. It’s a shame, then, that keeping everyone honest—including ourselves—is so difficult.
Handling the truth
The key to keeping everyone honest is gaining end-to-end, single-pane-of-glass visibility throughout an organisation, allowing us to see where vulnerabilities are occurring and why.
The best way to achieve this level of visibility is by embracing efficient monitoring tools and strategies, ones that offer us control over the entire infrastructure, from mobile devices used over networks, to applications that are hosted off-site. They should also provide insight across a hybrid IT environment, offering a view into network activity across on-premises and hosted applications, while showing the data that passes from the cloud service provider to the organisation.
By adopting monitoring tools that encompass the full range of networked entities, from elements ranging from a node to a CPU, we can adjust our search radius when an incident occurs, depending on the problem.
Your monitoring tools should show you everything—monitoring connections with external sources while allowing you to probe and drill down into data to identify where an outage occurs and establish its root cause. You should be able to keep tabs on network traffic while identifying employees who are using unauthorised devices, applications and shadow IT (solutions built and used inside organisations without explicit approval) as a whole.
These capabilities can help IT professionals acknowledge the blind spots that exist within their environments. It can also enable them to clearly see what it is that employees are bringing into an organisation, without being misled by untruths and fudged facts that could impede us in our search for the root cause of a problem.
The goal isn’t to turn an organisation into a 1984-esque dystopia, where all moves are watched and the littlest lies are exorbitantly punished. It is simply to shine a light through the moral murk to identify issues within an IT environment, and which could truly harm an organisation. Nobody’s perfect, but monitoring can at least keep us honest.