SUNYLA, Librarians, and Misguided IT “Out There”
The energetic Jenica and I gave a presentation on “System Administration for Librarians” yesterday at SUNYLA 2008. While the small, warm group seemed to receive the core message well, it was obvious that not everyone “out there” in IT shares our ideals: Namely that information must be free, people need empowerment, and that acting like a dominating overlord may make your [wo]manhood feel better, but it is counterproductive. So begins an open letter to Information Technology Professionals:
Dear College & University Information Technology Professionals,
As a monoculture, “academic” IT and “business” IT are the same. It’s our job to keep the business – the business of academia – running. It’s our job to maintain our diverse systems. It’s our job to secure the infrastructure from threats internal and external, and mitigate the risks to that infrastructure.
But we have some fundamental differences that require us to eschew the hard-edged business-only mentality, and embrace our academic environment. Yes, it’s our job to keep the business running. It’s also our job to usher and enable forward change. Far and wide, for years, I’ve consulted in environments where the entrenched IT “won’t” or “can’t” do certain things – Fairly simple things. The reasons always vary, but the point is the same: Status quo is the goal, and until someone from “above” mandates a new service, it’s not going to be considered. In too many environments, IT creates a wall to protect itself from horizontal influence. That wall must come down.
Your power users- students, faculty, and staff who have technological aptitude and interest- need a mechanism to explore. Whether its shared space on a virtual server, or an old laptop loaded up with server software, there are services that they want to play with – and you should let them.
How many of you have “development computers” in order to test things in a sandbox, without breaking production systems? How many of you installed a blog or a wiki on an “unofficial” system for quasi-professional use? These things are valuable to your power users as well.
Of course you have concerns: What about patching? Security? Exposure? Liability? Responsibility? Me too. My current hat is that of Information Security Officer: a lofty title with a loftier implication that I am “responsible” for Information Security. There are no greater concerns to me, than the protection of information assets and the systems that house them. What your power users need isn’t a production server that the Internet can poke and prod, to be storing Social Security Numbers and Credit Card Numbers: They need a sandbox that they can install various pieces of software on – blogs, wikis, knowledgebases, information management products, etc. – so they can explore, find things that work and things that don’t, look at doing existing things differently and new things entirely, so that at some point, maybe they can make an educated proposal for new production services.
Some of you may quake at the idea of a mere user proposing new services that you may have to support- Especially educated proposals that have real, undeniable information that you can’t just wave off and say “they don’t realize the support implications of this”. Why again, exactly, shouldn’t your job be outsourced to India? Oh, right, it’s because of all the value you provide.
You have the spare hardware. You can jail their sandbox off into inaccessible nether-regions of the network. You can trivially mitigate the risks to the infrastructure. You just have bring down the wall that prevents the horizontal acquisition of new technologies.
Sincerely,
Matthew Keller
Information Security Officer & Network Administrator
The State University of New York at Potsdam
