What should I do when in a work environment that confuses security with control actually slows down my workflow?

The Workplace Asked on December 17, 2021

So I am working as a temp basically for a banking institution that has me restricted from downloading Git, it creates a Bitbucket repo for me but I am denied access to the repo that was created on my behalf because apparently I cannot create my own repo.

I am starting to get really frustrated that I cannot do the same job I have done for years in many other organizations simply because this banking institution confuses security with total control. I mean it becomes unreasonable when you are blocking me from the tools I need to do my job and then asking myself and my team member how fast can you get this stuff done. Um, well you guys don’t even have a versioning tool that we have permission to upload to and stay organized.

What can I do about this? How do I address this? I am really getting frustrated here.

Another quick example, I have to go fill out a form to request npm only to have that npm and Node that was installed not allow me access to the npm repository, now why in the world would you go ahead and install these things on my machine for me and then disable their ability to pull from npm repo?

Anyway, any words of wisdom out there?

Like do I address this to the temp agency? Do I address the supervisor whom is a permanent employee and I am sure he is totally aware of how his employer works?

4 Answers

Stop trying to force them to do things your way, and instead learn how they do things.

They have numerous regulatory requirements, and potentially large penalties if things go wrong. If a temp comes in and demands that they install a whole bunch of software that they are unfamiliar with, then IT are unlikely to be helpful. That's especially true if you want do do things "in the cloud".

Find out what tools they do support, and learn to use them instead.

Answered by Simon B on December 17, 2021

Banks often prefer hiring large numbers of mediocre technical people (Engineers, data scientists etc) rather than a few excellent ones. They really don't trust their staff to not do silly things so they make it impossible to do risky things. The fact that this kills productivity is often irrelevant to them.

I spent many years at a large bank trying to adopt more modern tech when it comes to data science and I can tell you that it is a hard slog. If you are there for a few months then it is unlikely anything will change.

As a default, I would treat it as a project management issue and make sure blockers to project completion are flagged up in the right way. Network around and ask people at the company how they get things done. For instance, they may have an internal mirror of external repos that have been scanned by security team. The company just didn't tell you about it because they didn't know another part of the company is using it or the technical person that knows has an interest in seeing you fail. e.g. you were brought on because they did badly on the same project.

It's also entirely possible that simply by flagging up the issue to senior stakeholders that an exception will be granted. The security folks clearly don't want to fix this mess and if their mess is seen to block key business objectives its better for them to grant a one off exception rather than block things and be forced to address the wider process.

Answered by plagiarisedwords on December 17, 2021

First and foremost your title is misleading and a bit melodramatic.

You are working in an environment that requires a high level of security and has both legal and compliance requirements that they must meet. This includes controlling both applications and network/internet access; it looks to me as if they are applying an adequate level of security and control considering the environment.

While heightened and stringent security policies often do slow down the process of installing new software and opening network/internet access, the policies and procedures are the standards in most businesses that have these types of requirements.

Most IT/security departments have a process for both requesting software and specific network/internet access that is required to perform a task. But keep in mind following the process is typically only a request that will be reviewed by the person/team responsible for the security and compliance.

Communicate with your onsite manager and clearly state what is needed and why, be through in your requirements such as including specific network ports, protocols, and external access. The manager should be familiar with the internal process and be able to guide you through it.

Don't be surprised if the security/compliance team questions your request, that is part of their job description. So be prepared to justify your need and be willing to accept alternative solutions that they may provide.

If this is delaying your deliverables then by all means you should communicate this clearly to both your on-site manager and the agency manager so that there are no surprises.

Answered by Steve on December 17, 2021

Speak to your supervisor and demonstrate to them what restrictions are in place that are preventing you from doing your work. It could be a case of the IT department not having given you the proper access to do your work.

Of course, you need to make sure that whatever restrictions are in place are actually preventing you from doing your work rather than slowing you down or inconveniencing you. If your case is the latter, I would instead explain to your supervisor how you would be more productive without the restrictions. Keep in mind, that your supervisor may have no control over these policies so you may be forced to continue working as you have been.

Answered by sf02 on December 17, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP