Rogue Admins Allow Games on Company Servers

Tuesday, April 19, 2011

Bill Gerneglia


Article by Mark Henricks

An online survey suggests that a majority of IT workers believe running games on corporate is acceptable behavior.

Only about a third of more than 1,000 respondents to a survey by Network World said it was always wrong to use company resources to play and host games such as World of Warcraft and Call of Duty.

The results, which are not considered statistically reliable because respondents self-selected instead of being chosen randomly, indicated that slightly less than 35 percent of those who answered said they would never use company equipment to host video games for private groups of players.

More than 11 percent said it was okay if they weren’t caught doing it. And 17 percent would condone it if they had permission. The largest group, nearly 40 percent, felt the practice was acceptable if it caused “no harm.”

The Network World survey was presented to readers of a story about rogue admins who used corporate servers to run private group gaming sessions. Four anonymous interviewees in the story all admitted to using corporate resources for such purposes.

One said the practice was common and rarely caused any problem with employers unless the use of resources caused other IT functions, such as email, to run slowly.

Not everyone agrees. One commenter on the story said people who perform similar actions should be fired “in a heartbeat.” Another said it was all right if management condoned the practice. This commenter described such a situation at a previous employer: “The rules were simple, keep it quiet, and don't cause harm to our network, don't use our bandwidth at peak times.”

A sizable number of comments took the line that playing games on corporate systems was either beneficial to the company or caused no significant harm. One agreed with an IT professional quoted in the story, who said that gaming helps IT employees “stay sharp.”

A common theme was that gaming was no different from many other activities that IT employees might engage in, such as reading or watching television while monitoring lengthy jobs.

Surprisingly, one commenter said that a server set up to run a recreational drawing program at a former employer was still running the software, “even though I no longer work there.”

This commenter added: “I'm pretty sure someone at the company must have noticed, and nobody seems to care.” Another comment went so far as to say that if a company’s IT resources were strained by the consumption represented by a game server, “the only person to blame is the Sys Admin in Charge.”

A wide variety of other viewpoints were represented, including those who felt the use of corporate resources to play games was a legitimate employee benefit, and at least one IT leader who said that firing a gamer would be an overreaction.

All told, the survey and its responses paint an insider’s view of rogue system administrators who are generally, if not always, willing to devote company resources to personal enjoyment.

Cross-posted from CIOZone

Possibly Related Articles:
Information Security
Network Security Administration Employees Servers Enterprise Gaming
Post Rating I Like this!
Jimi Thompson This is one that I've been on both sides of. One of my former employers is an ISP and everyone, owner of the company included, would participate in after-hours gaming. I will say that it did help us build a cohesive team in a very short period of time. Through gaming, we learned to handle stressful events together and how to work with each other to achieve goals.

I've also been in places where any unauthorized software, including screensavers, was cause for immediate dismissal.

I think that most management needs to look at their security needs, company culture, the IT department culture and evaluate the resources involved to see if it's beneficial or detrimental. In some cases, the business needs may dictate that gaming is a no-no as most games have some fairly significant security issues. Witness all of the Call of Duty "hacks". In other cases, it may be perfectly acceptable.
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.