How great it is these days to support the users remote, and with the tools we have today - much more successful. Desktop support can shadow users and see their desktop, see the errors, help troubleshoot. Cool technology.
The email I got last week was asking more around the policy regarding remote desktop support. Directly around this shadow technology. The question was around desktop support should or should not announce to the user when they are going to shadow a user. Regardless if it is Citrix or the desktop, should there be a dialogue box at all times asking the user to accept the shadow session.
I have gotten this question a few times, and with different angles, but it does come down to appropriate use of this technology. It is not a clear line between "monitoring" and "support" so we have to make the line very clear.
If you as an organization is going to radomly monitor users, you must have a policy that clearly sets the expectaion around monitoring internet usage, desktop usage, and that it may include real time shadow capabilities. This is a slippery slop in my opinion and really builds distrust. Reviewing logs to see web usage is one things, silent shadow of desktops is another.
I would like to see a dialogue box come up to announce that support is looking at the desktop and give the user the ability to accept or deny the session. I think that is the appropriate use of the technology for support of the user. It builds professionalism, trust, and a positive experience.
So, I would make sure your policy for support staff clearly states the expectation, but make sure the technology is configured to enforce your policy. I would also communicate to your users the expectation and professional approach you are going to take as a IT team to support them. I have some real issues when IT staff start to extend their professional boundry (like reading emails, unannounced shadow sessions, history files, etc) - just because you can do it does not mean you should do it. Professionalism needs to be in IT at all times, and respect of others. You are data stewards, you don't own the data, nor the systems. The business is the owner.
Keep it positive!
Scott Arnett
scott.arnett@charter.net
About Me
- Scott Arnett
- Scott Arnett is an Information Technology & Security Professional Executive with over 30 years experience in IT. Scott has worked in various industries such as health care, insurance, manufacturing, broadcast, printing, and consulting and in enterprises ranging in size from $50M to $20B in revenue. Scott’s experience encompasses the following areas of specialization: Leadership, Strategy, Architecture, Business Partnership & Acumen, Process Management, Infrastructure and Security. With his broad understanding of technology and his ability to communicate successfully with both Executives and Technical Specialists, Scott has been consistently recognized as someone who not only can "Connect the Dots", but who can also create a workable solution. Scott is equally comfortable playing technical, project management/leadership and organizational leadership roles through experience gained throughout his career. Scott has previously acted in the role of CIO, CTO, and VP of IT, successfully built 9 data centers across the country, and is expert in understanding ITIL, PCI Compliance, SOX, HIPAA, FERPA, FRCP and COBIT.
No comments:
Post a Comment