IT managers want to tell end users one thing: We are not the enemy.
"IT has a reputation for being aloof, geeky and non-communicative. I don’'t want to do anything to make that any worse," says Kerry Miller, network engineer at First Victoria National Bank in Victoria, Texas. Miller says he carefully weighs user requests for technology or services so as not to further alienate the community he serves. Sometimes the technology request doesn't address a critical business need, poses a security risk or exceeds the limits of the IT budget, but he is certain to clearly articulate why a request must be denied. "If you just tell them 'no' without a detailed reason, it adds to their suspicions that we really are 'Network Nazis,'" he says.
Miller works against the stereotype of IT professionals not only because he likes to think of himself as more than a cruel dictator governing the end-user community with an iron fist, but also because positive relations with company employees, partners and customers helps IT better do its job of delivering services and protecting corporate assets. Research shows that the perception of IT as the network police drives users to engage in dangerous behavior that puts themselves and corporate assets at risk. And recent surveys reveal that many users work around set corporate policies to more easily do their job or to access personal data via company resources. 

Readers commenting on Network World's recent story detailing some of the more risky user behaviors happening today say that while IT professionals can't stop monitoring actions and reminding end users to comply with corporate policies, the perception of IT among users needs to change going forward and vice versa.

"[The problem] is both, of course, IT and end users. The biggest problem with the infamous [Wall Street Journal] article and at many sites with 'users behaving badly' is the perception that IT is the enemy of productivity, something to be circumvented if you want to get any work done," one reader wrote in an online forum discussing the topic.
IT professionals say the opposite is true. The function of IT is to support the business and those working there, and it is not IT managers' intention to hinder productivity or limit safe, work-oriented behavior. Yet in this era of data breaches and sophisticated security attacks, IT pros say they need to be more vigilant in protecting corporate resources, which include end users.
"Our job is to keep the network up and running as efficiently as possible so that end users can do their work. We are not looking to catch end users, but we are hoping to curb some behaviors that could lead to bigger problems at the company," says Chris Majauckas, computer technology manager for Metrocorp Publications in Boston. "We are a cost center of the company; we don't generate revenue so we want the end users to be able to do their work and generate revenue so we can get a pay check. But more times than not it seems they are working against us."

The first hurdle many IT managers encounter involves disclosure. For instance, users don't always report desktop performance issues they may be having, without realizing it could be a symptom of a larger problem. "We have found machines so loaded with spyware that the end user can barely function. It shuts them down for the day; they suffer and the company suffers, but I am still doing my job," Majauckas says.

Others report that users don't trust IT managers enough to share the exact details of what happened up to the point of a system failure -- which could include information to help IT more quickly solve the problem. For instance, understanding if users were using a Microsoft application or browsing the Internet at the time of a failure could go a long way to discovering the root of a problem. And there are some more obvious signs IT managers spot immediately when answering help desk calls. The sentiment IT managers say is reminiscent of the scene from the movie "Jerry Maguire" in which Tom Cruise's sports agent character begs Cuba Gooding Jr.'s football star to: "Help me help you!"  
"I have had cases when a PC has obviously been dropped, but the user will refuse to say what happened -- even in the face of such physical evidence," says Jim Farmer, manager of systems administration and telecom at Superior Essex Communications in Atlanta. And when dealing with personal applications conflicting with IT-supported software on client machines, Farmer says he cannot get users to be honest.

"I would prefer if they would be more honest in what software they have downloaded because it would help our relationship. I am going to find the software either way, but if they tell me upfront it helps me more quickly restore their system to the normal working environment. We really want to maintain a good rapport with our end-user customers," Farmer says.

IT managers realize users' perception of them as the enemy won't disappear overnight, but many say they are working to establish more trust with those they support with education, communication and respect.

Klara Jelinkova, director of computing systems at Duke University in Durham, N.C., says she takes responsibility for end-user actions that put the network at risk or cause performance to suffer. She says when users act outside the boundaries of IT she realizes it is a failure of the department for not better identifying the needs of the community it supports.

"I see a lot of that as a failure of ours for not anticipating their needs or tailoring services to best address what they need to get done," she says. "We need to communicate how we can enable them to do what they need to do but within the limits of our environment. It's possible I am sure, but end users aren't always aware of that and that means we aren't doing our job as well as we could."

Industry watchers such as the Ponemon Institute advise IT to foster more training and education among end users to explain why policies are in place and what consequences the company could suffer when they aren't followed closely. The main message should be that policies protect the user from identity theft, poor productivity and security attacks such as phishing as much as they protect the company overall.

"Computer users are the least predictable and controlled security vulnerability. In the majority of cases, a lack of education and an understanding of basic security principles and procedures are the main causes of security breaches rather than malicious activity (although the latter can never be ignored)," one online commenter writes. " Security policies are good to have but they are ineffective if they are so complex that employees do not understand them. Policies should be clearly communicated because IT staff forget that the majority of employees are not versed in techie jargon."

On a personal level, refraining from snickers when helping users could also go a long way to building bridges between IT and end users, others say. IT managers may share details of what may seem to be incredulous end-user flubs among themselves, but they should deal with users in an honest and respectful way. Keeping secrets or making fun will only work to hurt IT/end-user relations.

"Communication is the key to a good relationship with the users, not keeping secrets," Miller says. "Some of my techs might disagree, but you have to look at the big picture and see what the long-term effects are of that offhand remark you make to a user."