IT lockdown: Help me work like it's 1999
April 13, 2015 3:24 PM
I work for government. Well the new IT director has changed a lot of policy and Dropbox and Evernote are no longer allowed. Unfortunately these are my top two productivity tools which I have been allowed to use for about 5-6 years now. Barring any special dispensation I need to learn how to best work like it was the "old days."
I still have dropbox and evernote on my home desktop (Win7), laptop (Win7), and my ipad. I do not foresee dropping my usage of these tools just because my work desktop is now off limits. Of course, my problem is that I do a lot of work from home on files I work with at work. The only option I've been given so far is to purchase a work only laptop to work on work stuff, but of course, there's no money for this anyway.
Does anyone have any creative ideas to make this less painless? IT folks and network admins, what might you consider/offer a user who is wedded to these services and wants to continue in some way? I fully understand that policy is policy, but jeez, the thought of thumb driving stuff back and forth is leaving me a bit depressed.
I still have dropbox and evernote on my home desktop (Win7), laptop (Win7), and my ipad. I do not foresee dropping my usage of these tools just because my work desktop is now off limits. Of course, my problem is that I do a lot of work from home on files I work with at work. The only option I've been given so far is to purchase a work only laptop to work on work stuff, but of course, there's no money for this anyway.
Does anyone have any creative ideas to make this less painless? IT folks and network admins, what might you consider/offer a user who is wedded to these services and wants to continue in some way? I fully understand that policy is policy, but jeez, the thought of thumb driving stuff back and forth is leaving me a bit depressed.
my problem is that I do a lot of work from home on files I work with at work.
Don't do the work. If you're asked why you're not as productive, point to the policy. That's not meant to sound flippant. Don't take your work home until there are systems in place that allow you to do so securely and conform to policy.
If it were a *nix shop I was running, and third-party sharing services were off-limits, then I'd be looking at something like OwnCloud, but that's probably a non-starter because there are multiple levels of regulation and stipulation and certification in government before that shit passes muster. File-share through VPN, perhaps? I wouldn't even contemplate thumb-driving, which is awful from a security / confidentiality / hardware hygiene perspective, and if your IT director suggests it, laugh.
But I return to the beginning: the IT director has established a policy that makes third-party file-sharing services verboten. It's not your job to come up with workarounds and kludges to allow remote file access outside of work hours, so don't do it.
posted by holgate at 3:48 PM on April 13, 2015
Don't do the work. If you're asked why you're not as productive, point to the policy. That's not meant to sound flippant. Don't take your work home until there are systems in place that allow you to do so securely and conform to policy.
If it were a *nix shop I was running, and third-party sharing services were off-limits, then I'd be looking at something like OwnCloud, but that's probably a non-starter because there are multiple levels of regulation and stipulation and certification in government before that shit passes muster. File-share through VPN, perhaps? I wouldn't even contemplate thumb-driving, which is awful from a security / confidentiality / hardware hygiene perspective, and if your IT director suggests it, laugh.
But I return to the beginning: the IT director has established a policy that makes third-party file-sharing services verboten. It's not your job to come up with workarounds and kludges to allow remote file access outside of work hours, so don't do it.
posted by holgate at 3:48 PM on April 13, 2015
What Holgate says. There are lots of ways to make this sort of thing work, but the ins and outs really depend on the policy goals. If they aren't comfortable with Dropbox, an unecrypted thumb drive is a much worse solution - and an encrypted one is better, but still not that great.
posted by Pogo_Fuzzybutt at 3:54 PM on April 13, 2015
posted by Pogo_Fuzzybutt at 3:54 PM on April 13, 2015
If you have to do work from home, your employer should provide you with equipment to do it. Not only should you have a "work only" laptop, but it should be provided by and maintained by your IT staff.
If you don't have such a laptop, don't do the work.
I'm in IT, and have run networks for everything from a military contractor to a brokerage to a porn site. In virtually every environment I've been in, transferring any non-public files to a non-work machine was absolutely a fireable offense (including thumb-driving). I see this as a reasonable policy -- but it comes with the requirement of providing appropriate company owned/secured hardware for remote users.
posted by toxic at 3:56 PM on April 13, 2015
If you don't have such a laptop, don't do the work.
I'm in IT, and have run networks for everything from a military contractor to a brokerage to a porn site. In virtually every environment I've been in, transferring any non-public files to a non-work machine was absolutely a fireable offense (including thumb-driving). I see this as a reasonable policy -- but it comes with the requirement of providing appropriate company owned/secured hardware for remote users.
posted by toxic at 3:56 PM on April 13, 2015
Toxic is right.
IT folks and network admins, what might you consider/offer a user who is wedded to these services and wants to continue in some way?
A laptop, that connects to a VPN. A fairly locked down laptop too.
This is a totally normal thing that tons of places do, and if they want to work it this way they should be prepared to hand one out to everyone who realistically needs one.
That they want you to PAY for a work only laptop is fucking absurd. They should either be letting you use your own machine, or providing you with a machine.
posted by emptythought at 4:50 PM on April 13, 2015
IT folks and network admins, what might you consider/offer a user who is wedded to these services and wants to continue in some way?
A laptop, that connects to a VPN. A fairly locked down laptop too.
This is a totally normal thing that tons of places do, and if they want to work it this way they should be prepared to hand one out to everyone who realistically needs one.
That they want you to PAY for a work only laptop is fucking absurd. They should either be letting you use your own machine, or providing you with a machine.
posted by emptythought at 4:50 PM on April 13, 2015
My very not-secret-stuff office supplies VPN-equipped laptops to employees who work remotely/travel/take work home. If they cannot or will not supply you with one, then yeah, don't do the work. Definitely check the language of your position/contract to find out exactly what the rules are for handling files remotely so you don't get fired!
posted by rtha at 5:07 PM on April 13, 2015
posted by rtha at 5:07 PM on April 13, 2015
Thanks for the info. I'm not working on any super secret spy stuff. None of the files if they were to fall into enemy hands or the public would be divulging anything. In fact, public records law mandates by statute that everything on our computers are public records, except for certain private things like social security numbers, etc which is rare to have there. So I might be working on a policy draft at work and then on weekends. Rather benign stuff.
Spoke to one of the directors underlings who said that new director just wants everything hosted in house and nothing in the cloud. Sounds like the concern is also for limiting hackers getting in to the government network as much as idle data getting out.
Of course this is the frustrating thing about government, now I won't be able to work on this stuff effectively at home. Since our department is in a spending freeze I can't get a work surface 3 to alleviate matters. Trust me, government is all about unfunded mandates.
posted by teg4rvn at 5:41 PM on April 13, 2015
Spoke to one of the directors underlings who said that new director just wants everything hosted in house and nothing in the cloud. Sounds like the concern is also for limiting hackers getting in to the government network as much as idle data getting out.
Of course this is the frustrating thing about government, now I won't be able to work on this stuff effectively at home. Since our department is in a spending freeze I can't get a work surface 3 to alleviate matters. Trust me, government is all about unfunded mandates.
posted by teg4rvn at 5:41 PM on April 13, 2015
now I won't be able to work on this stuff effectively at home.
Your IT director has given you back your evenings and weekends. Hooray, IT director.
posted by holgate at 5:44 PM on April 13, 2015
Your IT director has given you back your evenings and weekends. Hooray, IT director.
posted by holgate at 5:44 PM on April 13, 2015
Have you heard of AeroFS? Or Emitcloud? They're both privately hosted Dropbox-esque solutions.
posted by suedehead at 6:10 PM on April 13, 2015
posted by suedehead at 6:10 PM on April 13, 2015
Even aside from "hackers will get your SSN" kind of concerns, data living on employee accounts on consumer services and on employee hardware can be a problem from other perspectives. Like, you took it home and opened it on your home computer, which is infected with malware, then brought it back. (My current employer has twice been re-infected with malware at the office because the company owner's home PC has gotten infected and he's been sending files back to the office. Our controller lost his computer for the whole morning today over it, and it wasn't even him being irresponsible.) Or, it was living on your thumb drive while you worked on it and you got hit by a bus and nobody knows where that went, and now while you're in the hospital they have to re-create the stuff you were working on.
It breaks your workflow, but they might well be able to provide you with another solution that works for them AND you, especially if they've got pressure from your boss or your boss's boss. If they can't, it's not a great idea to make your boss think that you have superhuman IT-bypassing abilities, or it might come back to bite you. This is a problem that IT is supposed to be solving for you, so push for them to be the ones to solve it.
posted by Sequence at 6:17 PM on April 13, 2015
It breaks your workflow, but they might well be able to provide you with another solution that works for them AND you, especially if they've got pressure from your boss or your boss's boss. If they can't, it's not a great idea to make your boss think that you have superhuman IT-bypassing abilities, or it might come back to bite you. This is a problem that IT is supposed to be solving for you, so push for them to be the ones to solve it.
posted by Sequence at 6:17 PM on April 13, 2015
It's really up to your it director to decide how he or she wants these files dealt with.
posted by bleep at 6:18 PM on April 13, 2015
posted by bleep at 6:18 PM on April 13, 2015
Technically, BTSync doesn't store any of your data in the cloud. But the general consensus is right. If IT doesn't want it, then your evenings are now free.
posted by chairface at 7:10 PM on April 13, 2015
posted by chairface at 7:10 PM on April 13, 2015
I'm sure if you asked these would be "against" policy.. but if you don't care and are just trying to work around it...
Dropbox has some alternatives, among them syncthing and others
If you are tech savvy, you could setup an sshd server on your home computer and then scp the documents you want to home. On mac/linux you can even mount ssh folders, if I remember correctly with sshfs, and I'm sure windows would have an equivalent, so you could do all your work on the mounted ssh folder and not have to bother manually syncing.
You could also host your own server and have a client installed on a usb drive that is just an executable that would communicate with your server to sync whatever was necessary. The easiest way to remain undetected is to use port 443 for your server. Also, sometimes IT blocks many ports - but they don't generally block port 443.
Also, there's a very effective program, TeamViewer, but you would need to install it on both your home and work computer. I'm not sure if you have Admin rights for installing things.
There's also google docs, you didn't specify if that was explicitly forbidden, but you could certainly paste the document or even drag and drop it into there.
And, of course, many people email their own documents back and forth because of these types of "security" policies...
As others have mentioned you could work off a thumb drive, so it would contain all your documents and you would carry it back and forth between. You can do a similar thing with most smart phones as well.
posted by uncreative at 7:15 PM on April 13, 2015
Dropbox has some alternatives, among them syncthing and others
If you are tech savvy, you could setup an sshd server on your home computer and then scp the documents you want to home. On mac/linux you can even mount ssh folders, if I remember correctly with sshfs, and I'm sure windows would have an equivalent, so you could do all your work on the mounted ssh folder and not have to bother manually syncing.
You could also host your own server and have a client installed on a usb drive that is just an executable that would communicate with your server to sync whatever was necessary. The easiest way to remain undetected is to use port 443 for your server. Also, sometimes IT blocks many ports - but they don't generally block port 443.
Also, there's a very effective program, TeamViewer, but you would need to install it on both your home and work computer. I'm not sure if you have Admin rights for installing things.
There's also google docs, you didn't specify if that was explicitly forbidden, but you could certainly paste the document or even drag and drop it into there.
And, of course, many people email their own documents back and forth because of these types of "security" policies...
As others have mentioned you could work off a thumb drive, so it would contain all your documents and you would carry it back and forth between. You can do a similar thing with most smart phones as well.
posted by uncreative at 7:15 PM on April 13, 2015
So I might be working on a policy draft at work and then on weekends.
Unpublished policy drafts almost certainly contain information that some people will consider sensitive.
posted by toxic at 9:31 PM on April 13, 2015
Unpublished policy drafts almost certainly contain information that some people will consider sensitive.
posted by toxic at 9:31 PM on April 13, 2015
If the policy says no government data outside of the government network - and that's absolutely what the policy should say - you'd be crazy to try and work around that.
It is trivially easy for your employer to track what you're transferring through email or USB drives, or how many times you're trying to access the multitude of dropbox-like services listed in this thread. If you appeared on our proxy logs as having tried to access a dozen online storage sites, we'd start asking questions.
Ask for a work laptop.
posted by dvrmmr at 10:59 PM on April 13, 2015
It is trivially easy for your employer to track what you're transferring through email or USB drives, or how many times you're trying to access the multitude of dropbox-like services listed in this thread. If you appeared on our proxy logs as having tried to access a dozen online storage sites, we'd start asking questions.
Ask for a work laptop.
posted by dvrmmr at 10:59 PM on April 13, 2015
Your employer officially tells you that you have no business working from home? Count your blessings and enjoy your weekends.
posted by Kwadeng at 11:40 PM on April 13, 2015
posted by Kwadeng at 11:40 PM on April 13, 2015
The only option I've been given so far is to purchase a work only laptop to work on work stuff
Does this mean "purchase with my own, personal money" or "puchase with my department's funds / grant / internal funny money?"
Because if the former, that's ridiculous. If the latter, that's normal.
posted by zippy at 1:50 AM on April 14, 2015
Does this mean "purchase with my own, personal money" or "puchase with my department's funds / grant / internal funny money?"
Because if the former, that's ridiculous. If the latter, that's normal.
posted by zippy at 1:50 AM on April 14, 2015
I deal with bad, locked down systems frequently, and sadly there aren't great solutions. Well, there are - they're the solutions that were banned.
Getting a laptop with VPN access is the usual fix for this. Also, lots of companies are starting to offer (ugh) Citrix portals that let them publish resources from within their networks so you can access them on their computers. This is a long shot, but is there any chance they have a portal like that where you can get to some resources from outside of their network? To work remotely, I’ve occasionally been forced to (get this) log into a Citrix portal, open a Remote Desktop app, then remote desktop to a computer that’s within the network. It’s insanity, but it’s (barely) functional.
Other than that, if they offer web email (like Outlook Web Access) I use that as a poor substitute for syncing. If I want to work on something remotely, I email it to myself. When I’m done working on it from home I email it back. When I save it off, I delete the emails so I don’t go over my storage quota. If I want to work on something from home that I don’t have in email, I just type it up and paste it into an email, then I copy-and-paste from the email it into the document once I’m at work. I get the feeling that they would not be okay with you sending this kind of stuff to your personal email so you can work from home, but if your work email has a webmail interface you can get to from home that can serve as your sync solution.
posted by Tehhund at 4:24 AM on April 14, 2015
Getting a laptop with VPN access is the usual fix for this. Also, lots of companies are starting to offer (ugh) Citrix portals that let them publish resources from within their networks so you can access them on their computers. This is a long shot, but is there any chance they have a portal like that where you can get to some resources from outside of their network? To work remotely, I’ve occasionally been forced to (get this) log into a Citrix portal, open a Remote Desktop app, then remote desktop to a computer that’s within the network. It’s insanity, but it’s (barely) functional.
Other than that, if they offer web email (like Outlook Web Access) I use that as a poor substitute for syncing. If I want to work on something remotely, I email it to myself. When I’m done working on it from home I email it back. When I save it off, I delete the emails so I don’t go over my storage quota. If I want to work on something from home that I don’t have in email, I just type it up and paste it into an email, then I copy-and-paste from the email it into the document once I’m at work. I get the feeling that they would not be okay with you sending this kind of stuff to your personal email so you can work from home, but if your work email has a webmail interface you can get to from home that can serve as your sync solution.
posted by Tehhund at 4:24 AM on April 14, 2015
new director just wants everything hosted in house and nothing in the cloud
Then new director needs to give employees accustomed to being able to work from home, and formerly using cloud services to achieve that, some comparably convenient alternative. Squeak loudly until that happens. Do no work from home until it does.
posted by flabdablet at 4:26 AM on April 14, 2015
Then new director needs to give employees accustomed to being able to work from home, and formerly using cloud services to achieve that, some comparably convenient alternative. Squeak loudly until that happens. Do no work from home until it does.
posted by flabdablet at 4:26 AM on April 14, 2015
My workplace doesn't allow Dropbox to be installed, either, but I can log into it via the web just fine (oversight? Not sure, but I'll use it while I can). So if I really need to transfer something I can always drag it into the web instance. Not as nice as autosyncing, but it's at least workable. My work computer is a laptop, however, which I bring home nightly. I don't need to transfer work files out. I really only use it to open personal files while at work.
As an Evernote replacement, I use OneNote (which you have on your computer if you're using a recent version of MS Office). Also no syncing, but at least I get the everything-in-one-place experience, with different notebooks, tabs, and pages. And you can back "notebooks" up to, say, Dropbox web and open them in a home version of OneNote.
One idea: can they give you a VPN dongle or app so you could use your personal laptop to tunnel in? Can they add some kind of software to your personal laptop so you can access remotely, which they would then wipe if you left? My workplace lets workers use their personal mobile phone if they want to, with the proviso that they're willing to have it wiped when they leave.
Anyway, what everyone else has said is what you should pay attention to--don't risk your job over this. Ask the new director him/herself--not an underling--what his suggestions are for your workflow. You can't possibly be the only one to ask, so (s)he probably has some kind of answer.
posted by clone boulevard at 7:48 AM on April 14, 2015
As an Evernote replacement, I use OneNote (which you have on your computer if you're using a recent version of MS Office). Also no syncing, but at least I get the everything-in-one-place experience, with different notebooks, tabs, and pages. And you can back "notebooks" up to, say, Dropbox web and open them in a home version of OneNote.
One idea: can they give you a VPN dongle or app so you could use your personal laptop to tunnel in? Can they add some kind of software to your personal laptop so you can access remotely, which they would then wipe if you left? My workplace lets workers use their personal mobile phone if they want to, with the proviso that they're willing to have it wiped when they leave.
Anyway, what everyone else has said is what you should pay attention to--don't risk your job over this. Ask the new director him/herself--not an underling--what his suggestions are for your workflow. You can't possibly be the only one to ask, so (s)he probably has some kind of answer.
posted by clone boulevard at 7:48 AM on April 14, 2015
The standard solution for this is
1) a work laptop with VPN
2) a Citrix portal that allows you to remote in
3) official, secure webmail
For any of these, you will likely either have a smartcard or a SecureID keyfob. Or both! Very likely, you will soon also have a ban on non-encrypted USB flash drives.
They are moving toward a very standard IT security policy - their info only stays on their equipment. The solution is not to try to find a way to get around it, it's to stop working from home until they get you the equipment you need to do it in accordance with the rules. If you are talking about teleworking as part of your standard schedule, your agency's telework policy likely contains something about this. If you are talking about working extra - nights and weekends - then maybe this is, as others upthread have mentioned - a blessed opportunity to reclaim some work/life balance.
posted by oblique red at 1:07 PM on April 14, 2015
1) a work laptop with VPN
2) a Citrix portal that allows you to remote in
3) official, secure webmail
For any of these, you will likely either have a smartcard or a SecureID keyfob. Or both! Very likely, you will soon also have a ban on non-encrypted USB flash drives.
They are moving toward a very standard IT security policy - their info only stays on their equipment. The solution is not to try to find a way to get around it, it's to stop working from home until they get you the equipment you need to do it in accordance with the rules. If you are talking about teleworking as part of your standard schedule, your agency's telework policy likely contains something about this. If you are talking about working extra - nights and weekends - then maybe this is, as others upthread have mentioned - a blessed opportunity to reclaim some work/life balance.
posted by oblique red at 1:07 PM on April 14, 2015
You might want to suggest/look into Rsync.net for a more DIY cloud storage solution that might pass muster with your department/office's IT/security/risk/compliance managers if they are willing to deal with the hassle of setting it up and supporting it. See e.g. "Dropbox clone with git, ssh, EncFS and rsync.net" and its source, "Set up your own truly secure, encrypted and shared file synchronization, aka Dropbox clone." Otherwise, I agree with oblique red's observations.
posted by snuffleupagus at 2:16 PM on April 14, 2015
posted by snuffleupagus at 2:16 PM on April 14, 2015
Follow up: Spoke to a higher up that I know in IT and he said, yes, it does suck not having these things and there will be some solutions coming and he apologized for not synchronizing solutions with the loss of dropbox. He said we are likely moving to OneDrive for business. In the meantime he will make laptops available for those who need it for VPN access from home. OneNote is available but my understanding is that it would not synchronize with any person devices.
posted by teg4rvn at 3:39 PM on April 14, 2015
posted by teg4rvn at 3:39 PM on April 14, 2015
I work from home via VPN and Remote Desktop. You need a computer, but you don't need a special or dedicated computer.
posted by SemiSalt at 4:01 PM on April 14, 2015
posted by SemiSalt at 4:01 PM on April 14, 2015
« Older Flat out lying about one's salary - that's cool... | Things to do in Rhodes (ideally including dancing) Newer »
This thread is closed to new comments.
posted by sandmanwv at 3:32 PM on April 13, 2015