Social Connect via:
This week, Firefox was removed from my government work PC. This action itself was relatively minor and hardly noteworthy. However, the removal of the Firefox web browser is a symptom of a greater problem within government information technology and restricting public servants in being productive through the technology they use to do their jobs.
I am not trying to be overly dramatic when I say the simple removal of a piece of software is the end of the world. Yes, I can use Firefox portable or custom install another web browser to replace Internet Explorer 8, our web browsing standard. So, I do have ways to browse the web within the security and comfort of a better web browser. However, doesn’t this beg the question? Why am I forced to go to such lengths to use software, which is generally accepted as far superior and offers customization through plugins and add-ons?
There seems to be a weird dynamic in government IT. We distrust open source free software. Why? I’m not quite sure. There are multiple reasons I can offer off the top of my head. We might distrust open source software because of its very nature. Anyone can see the source, make changes and upload their own version of the software. For government, this represents a real security threat as often we deal with information that can cause harm to individuals, our organization or the country itself if the information were leaked. A program that is so “open” and does not have a company backing it up represents a security threat for many government organizations.
For whatever reason, the government seems to trust propriety software, where you pay a company a set amount money for licenses and then distribute those licenses to your users for use. I’m not sure if it’s the company behind the product or the notion that we are “paying” money, it must be more secure. Nonetheless, there is large usage of this kind of software.
Alternatively, it could be a cultural thing in a public service that feels you have to pay for everything, software included. Maybe its the “guarantees” put forth by software companies around privacy and security, no risk of “phoning home” so to speak. This distrust of free software is unusual because there are a handful of examples where open source free software was installed on government PCs, for example Firefox and Pidgin in my workplace alone.
Where does this leave us? I would encourage any tech orientated public servants to talk to their colleagues and their IT techs and educate them about the benefits and often times superiority offered in open source free software. Point out useful free software like Firefox, Pidgin, CCleaner, 7Zip and others. If you can’t get your IT people to budge, push to take control of your own IT destiny. Become the hero of your own PC and install software that lets you be more productive and efficient. After all, isn’t that what we’re all public servants for? To serve the public? And if a piece of open source free software is going to make you more productive and efficient and therefore deliver better service to the public, then why are you not doing it already?
Scott McNaughton, thenewbureaucracy.ca
I spoke downtown a year or two ago. Big crowd (about 800, to include press, senate / house staffers, and large sponsors). My subject was Web 2.1. I used the words “open source value creation” in my presentation. I was encouraging the crowd to consider focusing more on value than on IT by leveraging readily available technologies and methods to create “apps” instead of employing big expensive program offices. This was something that we did successfully (developed 73 apps – in about 4 hours each) to share information from data sources all over the world – all for about $100k.
After my speech, I was approached by a big guy with his name and “Microsoft” printed on the badge on his chest. He hovered over me (I’m 6’2″) and said “You didn’t really mean to say ‘open source’ did you?” Within minutes, a Congressman walked up and inadvertently broke up our conversation. I thought our encounter was iconic.
What I hear and see every day are situations where the help desk that sits near me tries to cope with answering questions about an in-house application needed by the agency. It is big and complex (and although could be improved isn’t changing anytime soon and has no commercial equivalent) — the help desk routinely has to inform the users that unless they are using the agency standard browser, they can’t help them. Cross-browser adaptation and quirks are so many it would be nearly impossible to accomodate all the different selections. I understand your argument for one specific browser but your arguments for one may be equally valid for another and then we have browser wars going on constantly. By purchasing a standard and enforcing it, the many, meny tools and people that support ongoing work all over the place have a common ground to start from. Might that tool be free? Sure, but when the browser is bundled with so many other things–it is pretty easy to just go with the flow, isn’t it!
I recall the days where I had a dumb terminal, a PC, a Mac, and a Mac/PC hybrid all in a line in my cube – I needed all of them for aspects of my job. I would have voted for the early Mac and been happy but once it all got paired down… I was left with a PC. In the longrun, much easier to deal with despite Mac advantages at the time (which have been largely removed subsequently).
It may be at a cost but it is a built in cost that comes with so much more (and all by the same folks which means it might, just maybe, work better together longer).
Then there was the all hands meeting at an agency. When the Secretary was asked why the agency couldn’t allow Ffox, she turned it over to her CIO who smoothly said there wasn’t funding to buy extra software. Go figure. I also work with private sector companies, which can’t afford IT help desk. The users are forced to learn about their applications, and the result is more intelligent use of data and processes.
Using a different browser isn’t going to end civilization. This browser tyranny is really short-sighted. How, for example, are the people designing your agency’s web sites going to test them if they’re not allowed to use different browsers? And your mandated browser is Internet Explorer – that’s painful.
You are lucky to be able to do an end run and install your own free software. We aren’t. I have to submit a help ticket and wait ages (OK just weeks or months) to get the smallest thing. No admin rights allowed in my state. It is especially absurd sometimes. I got an ergonomic keyboard and mouse with accessibility features. The help desk dude installed them without installing the software. I had to put in more than one help ticket to get the drivers installed. I had to argue with them that while the keyboard “works” without the driver, it DOESN’T WORK properly without the drivers! I’ve had to wait months for active X controls – needed to use agency approved and installed software. I miss the early days when I had admin rights and could download fonts, drivers and all the little things needed. Funny how we are often blocked from getting work related tools, but downloading porn is rampant 😉
I BELIEVE it is all about fear of loss of control… Have seen too many CIO’s say we can’t trust anything that we can’t control…
Actually heard one CIO at a conference ask how could they know if open source software was written by someone with the correct security clearance since the software was going to be accessing/managing organizational data
When CIO’s or IT Managers cite their security concerns when it comes to open source software or operating systems, I ask why we trust it on frontline combat vehicles deployed in war zones. Somehow it is good enough with the most classified of data in three letter agencies or for war fighters, but not in an office setting where a security breach (however less likely than with proprietary OS/software) .
I think the culture is changing (slowly) and as more “savvy” executives move up and replace others (like the one concerned about the price of Firefox) we will see wider acceptance.
I will try my best to respond to everyone but I am happy to see this discussion starting. As an overall point, I would like to say whether you agree with me or not, we are talking and that is often half the battle in the public sector. These discussions about issues like open source software are not happening.
Nonetheless, I see a wide range of opinions. Where do I stand? I understand that this is an issue of control. On one hand, IT wants to keep a closed, secure and stable system for users. On the other hand, users want flexibility to do their job and in many cases do their job better by having access to different technology. But regardless of which side of the debate you fall under, here is the one fundamental problem that I hope we all can agree on. The software we are provided on our computers IS NOT enough to do our jobs efficiently, effectively or in some cases to a high standard of quality.
A great example would be what I face. I don’t have access to ANY database software. I am often finding myself having to create convoluted and complex Excel spreadsheets to manage data that would be simple within a database.
I have a feeling that many people would be happy if they were provided more software to do their jobs outside of the standard Internet Explorer, Outlook, and MS Office set of tools. For those of us who are techies at heart, the lack of customization or even a “sandbox” environment to play around with software is disheartening.
I’ve asked in the past about why my computers are forced to use a very rigid set of software and I’ve been told security reasons and stability reasons. However, when I mentioned installing my own software, I was told to go ahead but to do so at my own risk. So from what I can see, government is in this bubble outside of the general public where we are using IE and they are using Firefox. Where we are using MS Office and they are using Google Docs.
And just to show I preach what I practice, I’m writing this response on my government PC using Google Chrome. My government firewall doesn’t like govloop so half the page isn’t loaded but I manage.
Scott, welcome to my world. GovLoop is blocked. And there will not be downloading of any software without thousands of yards of Fedtape….and a 3 month lead time and three page double spaced “Justification”. IOW, you get what Uncle Sam gives you. When we got Office 2007 in 2010, we were thrilled. My sister, who works in the private sector was already using Office 2010. We are woefully behind. You get, in our case with NMCI soon to be NGEN, what the “contract” gives you, no more no less. NO thumb drives, or your IA in your dept gets a nasty email from the internet security office, saying “someone has plugged an illegal device into machine number XXXX3334”. I wouldn’t even think of trying to dl Ffox or Chrome. We have IE6, I kid you not. Most every web page someone goes to in our dept and in our sub agency, they get the message, “You should update your browser to IE8”. We are still using XP Windows. Whatever the contract calls for, that is what you get. No downloading anything, no streaming the radio, or Spotify or Pandora. (Not sure how other gov agencies get away with it). We are told, “for security reasons”…..and don’t ask anymore questions, because it will be repeated, ad naseum. We have to call a “ticket” to someone two states away or across the country to fix any PC ailments. If your PC has to go to the hosptial, the contractor will come get it, and you will not know “when” it’s coming back. It could be 2 days, or 2 weeks. (one never knows, and it’s not guaranteed in the contract). Software….another nightmare. Just sit back and wait until it goes through about 20 people (you don’t know, and don’t know your mission), to decide whether or not you need. If you want a database, Access is provided, use it. This is what we are told.
Our I/T department go tired of all the issues and helpdesk tickets on IE, so now we can use any browser we want.
As a contractor using Fed equipment and supporting a federal public agency as a “developer” (I’m not but my team is largely) we get the same standard box everyone else does and a list of programs our local IT is allowed to upload/download for us. I have database programs I don’t use but the rest of the team does. I also have graphics programs and other tools that only I have. We have to periodically provide a list to our COTR and agency IT dept about what we use and why. I have 3 browsers for cross-browser testing for websites. The others all use something other than the standard but since I’m supporting the real Fed users I typically stick to the standard things wherever I can so I can speak to the users with authority. Although I know the other tools would be faster/easier, I would hate to tell a user how easy something is…in a tool they can’t use. With COE (common operating environment) I think a lot of that is really important to keep an even playing field and ensure internal tools work for everyone internally. Externally we look old and out of date to users who are using these better browsers and tools.
Interesting suggestion(s) from From Gartner Blogger Mark McDonald
Lightening the depths of shadow IT
…
Shadow IT is IT activity that occurs outside of IT. Shadow IT is growing in many organizations driven by consumerized technology, mobility, the availability of cloud solutions and quite frankly relatively slow cycle times within captive IT organizations.
How do you control or eliminate shadow IT is a frequent question raised by CIOs and IT professionals.
The question and the desired answer say a lot about IT, much of it not good.
Before we discuss that let me acknowledge that shadow IT based applications and activities represent an off the balance sheet/budget risk for CIOs and IT. It’s a risk because while the business is great at initiating technology projects on their own, their interest and attention to finishing what they started is about the same a three year old who has tired of a new toy. This often leaves IT holding the bag when the business says ‘here operate and integrate this, after all isn’t this your job’.
So how do you look to eliminate shadow IT?
…
First don’t.
…
Restructuring Shadow IT
…
Raise IT Throughput
Henry…interesting…”don’t stop shadow IT”. Really, how can that happen without the detective software on the machine. It will pick up “anything” it doesn’t recognize as the contract standard. We are stuck in pre-century IT and there is absolutely nothing the end user can do about it. I am surprised the OP didn’t get a nasty email from the IA IT dept or a counseling from his supervisor.
I am also surprised that other agencies get to listen to streaming music, use thumb drives and dl any software they please on a government network.
The “cloud”, is light years away for DoD. By the time it filters down to us, other agencies will be on to the next best IT.
The DoD is tribal, Julie. Standardization is one thing that the DoD can not agree upon – as evidenced by the lack of success with the DoD’s Business Enterprise Architecture – the instrument mandated by Congress via the 2005 NDAA to hold these standards.
The Cloud is not light years away. It is real. It is possible. It is less expensive than alternatives. It is deployed in some areas or the DoD, and it is a threat to the “big program office” way of doing business.
MilBook was over 90,000 members strong that last time I checked. If you are a government employee with a CAC card, you can gain access to it – right through your Web browser.
Several of my colleagues developed and deployed apps (73 of them from my own office) on an AKO backbone – secured to the individual data field by CAC card authentication. We were publishing data, mashing data, and displaying data on the senior-most members of the DoD’s computers. Investments data, ironically, of programs that costs thousands of times more and were exponentially less effective. My team was once challenged to obtain DBT certification because given the stunning functionality and usefulness, our apps “must have” cost more than $1 Million (the threshold for the ADA per 10USC2222). In fact, all 73 apps cost less than $100k total and about 4 hours each to develop.
The “filtering down to you” effect is a problem indeed. Many nights I laid awake wondering how we could penetrate the bureaucracy and reach the deck plates. I believe the Web browser is the answer. If sites like milBook (clearly a 100% DoD creation) are not restricted, you can start there. It’s more than a secure DoD social media site. It provides a common secure Web based platform that allows distribution of data sources and apps. We proved it.
I’d like to throw out a discussion question for everyone. Is it possible to balance security and flexibility for your employees? Is there a line in the sand when this does not become possible (i.e. national security)? Do we all agree that restrictive “standard images” can and are hurting productivity and efficiency?
I understand things from an IT perspective having been on the front lines at my previous job. I understand the need to control a standard image to ensure that downtime is minimal and PCs remain secure. However, as a government employee my needs are constantly evolving. We, as an organization, are not agile and the fact that I can’t get software I need when I need it (if at all) means we remain slow to the changes happening around us.
Is it possible to balance security and flexibility for your employees?
No, Security is paramount.
Is there a line in the sand when this does not become possible (i.e. national security)?
see first answer
Do we all agree that restrictive “standard images” can and are hurting productivity and efficiency?
Totally, agree and there isn’t a darn thing you as a government employee can do about it.
My supervisor reminded me of a software update we need to purchase for our “non networked” machines. Now I begin the “process” of filling out forms, emailing them and make sure the version number is correct and the “Justification” is suitable. I should hear something via email in about a month or so if the request to purchase has been “approved”. If I have missed a line, forgot to cross a “t” or dot an “i”, the process will take longer.
I have battled this as why is all this necessary on a “non networked” machine. Well, it is, security reasons. Scott, I got tired of beating my head against the wall.
As Pink Floyd sang….”Welcome to the Machine”.
I work on a unclassified machine. I know this because a a green bar is at the top of my screen letting me know it’s “unclassified”.
Yes it is possible to balance security and flexibility… Security people do it all the time (It is called risk management)
the issue is NOT whether there is a line in the sand when this is possible, but where the line in the sand needs to be drawn. And this line needs to be understood/drawn by ALL stake holders
If the security team is doing their job correctly, “standard images” will have minimal impact on productivity and the standard is a “moving” target based on Return on Investment and Risk Management.
Would offer that with proper training and involvement of ALL that Change Requests can be rapidly improve the productivity of ALL with minimal investment.