Hillary Clinton Isn't the Only One To Bypass IT
News that Hillary Clinton operated an e-mail server out of her house in Chappaqua, N.Y. for both personal and official communications while serving as Secretary of State underscores how far people will go for convenience and control -- even if it means bypassing IT to do so.
While maintaining that she didn't break any laws or send any classified messages using her personal e-mail account instead of the official e-mail system the rest of the government uses, Clinton has raised fierce debate over the propriety of her decision to take matters into her own hands. Aside from the legal issues and obvious questions, such as did her use of personal e-mail really go unnoticed for four years and was the system she used as secure as government's network (some argue hers might have been more secure), her actions are far from unique.
In my reporting on this month's Redmond magazine cover story about the forthcoming end of life of Windows Server 2003, IT pros lamented that they discovered many unsanctioned servers in use -- often under employees' desks. For better or worse, many companies have become more tolerant of employees bypassing IT than they were years ago in part due to the bring-your-own-device (BYOD) trend brought on by the advent of smartphones and tablets. I often receive business-related e-mail from high-level people at companies of all sizes from their personal e-mail addresses -- usually a Gmail, Yahoo or Outlook.com address -- and I'm sure you do too.
Many employees in organizations not wanting to wait for IT to provision systems have spun up VMs by setting up an Amazon Web Services or Azure account with a credit card. And it's certainly become common for business users to set up accounts using Salesforce.com and Workday, among other SaaS applications. Many are also setting up Office 365 accounts on their own. Services such as OneDrive, Google Drive, Dropbox and Box have replaced flash drives for copying and storing files. A survey by data protection vendor Vision Solutions found that 52 percent of organizations don't have processes to manage the use of such services, putting at risk the loss of confidential data.
Apparently the U.S. government -- or at least the State Department, which she headed from 2009 to 2013 -- was one of them. Indeed setting up your own Exchange Server (I'm assuming that's what she used since that's what runs the Clinton Foundation's e-mail) is a more brazen move than most take and one that most are unlikely to do, given the cost.
From news accounts we know she's not the only government official to use personal e-mail for routine business communications, though she's the highest level and, for now, the most infamous one to do so. If we're to take Clinton at her word -- and I realize many don't -- she said yesterday she used her own e-mail for convenience. If that's to be translated that she was trying to balance her work and personal life by using one account, I think we can all agree that was a bad idea -- she said as much, though she could have separated them and still used one device, as many of us do.
Given that she was the nation's top diplomat and a potential presidential candidate, the fallout from this is far from certain as this issue continues to create discourse.
In the end, businesses and government agencies of all sizes have to establish policies that address what employees at all levels can and can't do when it comes to using IT. Absent of any clear rules and enforcement of them, you likely have at least one, if not many, people like Hillary Clinton in your organization.
Posted by Jeffrey Schwartz on 03/11/2015 at 1:19 PM