Even if you've never met one, you know the stereotype: curt, driven, my-way-or-the-highway CEOs who wash down their morning bowl of nails with a glass of Drano.
These "make-it-so" CEOs want their networks not only to work but to work for them without hassle, without passwords and without understanding how and why, even if those demands imperil network security. Quite often, hapless network admins have to leave the rest of the organization on hold while patiently explaining how to turn on a home router or why "password" is not a secure password. n
Security risk: With great power comes great responsibility. Unfortunately, that means CEOs with a god complex can cause great problems.
One harried network manager, who requested anonymity, recalled his disbelief when he was ordered by his chief operating officer to remove password protection on the company's wireless LAN.
"I told our COO this isn't just a bad idea, I don't know why someone would do it," the network manager said. Later, he learned that the CEO was tired of the wait and inconvenience of logging in every time he went from one office to another, particularly since he frequently bought new laptops and so could not save the network password locally.
So the company's wireless network sits open and vulnerable: No encryption, no authentication, nothing. When the network manager complained to the COO, he was told that if the CEO wants it, it happens.
"The answer I was given by my COO was that, when we are hacked, he'll see why he was wrong," the manager said.
But by that point, the costs associated with such a lesson can skyrocket, according to Mark Tauschek, a senior research analyst with Info-Tech Research Group.
"If we break PCI, there's going to be a huge big fine," he said. "If there are regulatory issues, we're going to fall out those guidelines, and we'll have to pay for it."
Difficult CEOs also tend to monopolize the time of IT staff who should be focused on technological issues that are more critical to the business.
"When there's a [CEO] situation, everybody -- or at least two people -- is 100% of the time dedicated to fixing it," the manager said. "So we have two people spending six hours trying to fix one thing."
Any other network fires that pop up in the meantime will just have to burn for a bit.
The drain a CEO can be on your staff can be almost criminal, particularly since most will bypass whatever help desk system is in place.
"The CEO will bypass all of the mechanisms in place to help service other users," Tauschek warned. "That diverts that person from doing what otherwise [he was] doing." And since it's all out of the official help desk channels, the employee might not be credited for the five hours he spent helping the CEO hook up his iPhone Wi-Fi.
"I think this is an extreme security risk," the network manager said. "Before I showed up here, who knows all of the things that he's made happen because of the inconvenience he felt it was to him."
Congestion risk: Fortunately, it's lonely at the top. Under most circumstances, a single CEO can't eat up too much bandwidth, no matter how many YouTube videos he streams concurrently or how often he leaves his Internet radio logged on while not even listening. Besides, few CEOs, particularly of the old-school make-it-so variety, are tech-savvy enough to load up and download bandwidth-hogging BitTorrent files.
The one congestion risk you will have to deal with, however, is making sure the CEO's own personal pipe stays wide open. While he might not have budgeted your department enough this quarter to keep everything ship-shape, his own Internet access, even if seldom used, should be kept at a steady clip to avoid his wrath.
Overall threat level: Low to high, and entirely personality-dependent.
"At other companies [where] I've been, CEOs tend to be very easy to work with," the network manager confided. "Here, I feel like I'm living in a Dr. Seuss world."
Threat resolution: Fortunately, there are some tactics to mitigate, if not eliminate, the headaches caused by a problem CEO.
The first piece of advice this network manager offered could come as a surprise, however.
"My biggest advice would be to understand what they want and why they want it," he said. "What seems obvious to you isn't always obvious to everybody else. It's obvious to him what his intentions are ... but give pushback, and ask, 'Why are you asking us to do this?' "
For example, his CEO is constantly bombarded by new technology that adds up fast: Multiple laptops, a specialized IP phone installed in his house, another phone system in the office -- the list goes on.
"I can imagine that if I have a client or customer or investor, and you have to sit there and log in and it's not working because you have a Caps lock on ... you want to eliminate the password," he said. "But how do we provide that solution to only him and still keep the network integrity for everyone else?"
By catching wind of these problems early, savvy administrators can head off conflicts by providing workarounds before the CEO even notices. It doesn't help to build a few new connections on the way.
"What I ended up doing is talking to his assistant and [saying], 'If he's going to be in town, let me know and we can prepare ahead of time,' " the manager said. "So we developed that relationship with them, so it's become second nature that in addition to setting up lunch and the conference room for a visit, they contact me as well."
Those tips can make life a bit more bearable, but for a truly tyrannical CEO, the only solution might be to start cleaning up the resume -- a tough decision in a down economy.
"It's pretty unusual that an executive is going to be that tyrannical, that if you put it on paper -- these are the risks -- [he says], 'I don't care, just do it anyway,' " Tauschek said. "In the long run, you're going to be held responsible if this tyrannical CEO forces you to do something that compromises the enterprise network or data center. Who's going to be on the hook for that? It's not going to be the CEO. It's going to be the network professional."
So rather than biting the bullet and opening up that gaping security hole, it might be best to pack your desk -- once you have new prospects lined up.
"One piece of advice I was given by a person I respect very highly was: 'It's not your responsibility to fix the CEO's problem.' And he's absolutely correct," the network manager said. "In my opinion, the amount of resources, time, worry, and mental stress that goes into one person is unfounded and unnecessary, and if that isn't the demise of a business, I don't know what will be."