What is the IT department like at big software companies?

Factual Questions
1

My wife works for a firm that got bought out by a multi-national company, with holdings on several continents. The parent company has been desperately trying to manage IT with increasingly strict policies of standardization. My favorite example was the version of Microsoft Office everybody had to use, without being able to customize it: the spell checker default was set to Spanish. (That stayed in place until the subsequent revision.)

I know everybody hates IT policies and I know that standardization is there for a very good reason. That’s not what I want to argue.

My question is how a really big, thousands of employees, software company like Microsoft or Google or Adobe handles IT internally. How much standardization do they have? What areas they focus on? How much leeway do employees have to download software or buy computers? How has this changed as the companies have grown larger and operate in more countries?

2

At a medium size software company (approx. 1000 employees world-wide) we have no standards. Since 90% of us are technical staff there wouldn’t be much chance of enforcing any standards anyway.

3

It can be really silly. I was a programmer. After we got bought by a big multinational, They told me I wasn’t allowed to install my IDE’s on my desktop.

Also I wasn’t allowed to have the three extra desktop boxes that had older versions of the IDE’s installed so I could support legacy systems. No, they wouldn’t work on virtual machines, and also I wasn’t allowed to install VMware.

So I pretty much ignored the IT rules.

Every so often corporate would send out some required training that only worked under IE version X, so I’d have to go around and patch the manager’s boxes so they could do their training.

Eventually they got tired of me breaking these and other rules and fired me. In the last three years they have cut staff by 80% and are nearly out of business. (the business unit that was purchased, not the multinational) Essentially they were serving the same customer base, but with a radially different product, and had no clue about the new business. The IT nonsense was just a proxy for how fucked up the whole thing was.

4

I’ve worked at two software companies in the 1000-2000 person range and one in the 25000+ person range. At the smaller ones you could choose what hardware you wanted as long as it ran Windows. At the bigger ones they’d have a deal with one of the big suppliers so you’d pick from a list from that vendor. At my current company when I started it wall all Dell, now we’re switching to Lenovo for laptops. Some executives get Macbooks since they don’t need anything more complicated than email and document reading/writing.

The software versions for Windows, Office, and other standardized tools are centrally controlled. If a new version of Outlook comes out for example I couldn’t get it myself, I’d have to wait until it was pushed to my machine. And when they are ready to push it I can’t refuse to install it.

Beyond the standard business software I’ve got a lot of freedom to install what I want. Sometimes when downloading something from a freeware site such as Sourceforge I’ll get a popup warning about potential hazards of freeware but so far nothing has been blocked.

The above all applies to what we call the ‘production’ machine. The one supplied and supported by IT. On our test machines (all vmware images these days) we have full administrator control and anything goes.

5

My experience is similar to Kevbo’s. When I was a software engineer our company got bought by one of the Big 3 US Defense Contractors. It’s an unpleasant experience when trained, experienced IT professionals (me and my team) are treated exactly the same as non-technical secretaries. The corporate IT configured our machines and locked them down so that we couldn’t install anything else on them. What the machines had was MS Office and IE and Citrix. Period. So effectively all I could do with it was my timesheets, write documentation or spreadsheets, email and browse the internet - no actual programming. At the time and at this place we didn’t even use IDE’s, but just telnet into mainframes but they wouldn’t let us install any telnet client. When I complained up the chain, the manager two levels above me first said he would try to fix it, but then later said there was nothing he could do about it. At that point I had a mini-nervous breakdown because I couldn’t decide if it was better for me to just quit or fart around on the internet until they fired me for not working. In the end, after MONTHS, one of our local guys gave me the admin password for my laptop and left the room and conveniently forgot to ever change it.

What I wrote hints at this, but I should call it out specifically because it is also a large impact on productivity. Corporate IT makes assumptions about what software all the teams need, and they use this to draft a list of “approved software”. In a corporation as big as the one I suffered through, there are so many different lines of business that they really should just allow anything. For example, that corporation had a defense contracting division, a health care division, a general government contracting division, and lots of smaller business units that they’d acquired over the years that did work in a variety of industries. The only list of approved software that met the needs of all those very different businesses was what I mentioned above: Office, browser and Citrix or other file sharing thing. And that’s okay but they were super strict about not allowing ANYTHING else to be loaded on computers.

6

Anecdote: I recall a researcher at Sun Microsystems who had a Macintosh on his desk! (While some companies are over-regimented, Sun often seemed to have an anarchic atmosphere.)

7

I work for a UK telco - thousands of employees. We’re not a software developer (although we do employer coders).

Our IT is very policy driven. Corporate laptops are supplied with an approved image loaded, and are heavily locked down and monitored. The browser which is included in the standard image is IE 8. (I’ve always assumed that this is because we have a lot of internal web-apps which haven’t yet been tested with anything more recent). We also get Chrome, although as far as I can tell we are prevented from setting it as the default browser.

Software beyond that which comes as part of the standard build has to be requested from a service catalogue (sometimes there’s a “wooden dollars” charge, other times it is just a formality). If we want to install software that hasn’t been approved for use (and is therefore not in the catalogue) we need a damn good reason - installing non-approved software is a violation of our IT policy. The standard image includes an application which detects and logs unauthorised software installs. It doesn’t block them, and we get an opportunity to enter a justification, which is included in the event logging, but we may well be called to explain why we installed application XYZ against the policy.

We’ve just rolled out Office 365 and OneDrive for Business, which is a huge improvement on emailing files around. Hardware wise, for the field-based staff (of which I am one) it’s high- and medium-end laptops from HP and Lenovo, with a smattering of Surface Pros. Desk-based staff get desktop PCs, but I’m not sure what. We have a Bring Your Own Device policy, but it is not widely adopted, partly because the company doesn’t contribute to the cost of the BYOD device, and partly because it has historically been hard to access business apps from a non-corporate device. (This last point may be improved by the move to corporate OneDrive).

Hope that is of interest.

TCS.

ETA: when I started writing this screed, the only reply was TriPolar’s. Sounds like all big companies are the same… :slight_smile:

8

I’ve worked in the trenches at Microsoft. And the answer, at least for the people actually doing software development, is that there is no standard. I have no idea what it would be like if you were in marketing or legal or whatever, but for testers and developers and PMs you can install whatever OS you want out the library of literally hundreds of flavors of windows. You can install whatever you want. Maybe there’s a list of stuff that would violate corporate policy? You do have to use certain tools that your team uses. You could install any flavor of office you want, literally going back decades. I assume the restrictions on versions you mention are so the support team doesn’t have to deal with 200 varieties of stuff. Well, at Microsoft there is no support team. Or rather, teams are mostly expected to support themselves. If your machine goes wonky you don’t call IT, you fix the problem yourself, or ask the guy at the next desk. Again, it might be very different in other parts of the business, I would have no idea about that. As for getting hardware you can order stuff, if you can convince your lead you need it. And there are literally piles of machines you can scavenge from in the hallways. Every so often they ship the carcasses off to PC Recycle. Some people would have a dozen machines humming away under their desk, and a dozen monitors, mostly these are test labs or as mentioned earlier to support legacy crap. In my experience there is an inverse relationship between the number of machines you have and your seniority. High level guys have one laptop and maybe a docking station. Leads have a laptop and a couple of desktops. Grunts might have a dozen.

9

We’ve got over 480,000 computers here and the overwhelming majority are locked down with no local admin privileges. For “power” users that may need to install apps or configure their PC from time to time, there’s a pretty simple process to request temporary admin access.

There’s a standard enterprise base image of Windows 7 Enterprise, Internet Explorer 11 and MS Office 2010. Users are free to customize colors, themes, spelling dictionaries, etc.

We have access to hundreds of applications through a “shopping” system. If I needed Photoshop, for example, I could go to the shopping site, select Photoshop or Creative Suite for the whole package, and the system kicks out an approval request to my manager. If approved, the system pushes an automatic installer package to my PC.

Finding our own software and installing it is utterly forbidden and blocked by a variety of Windows group policies and network hardware as it might jeapordize our licensing agreements with software publishers and it might bring keyloggers, viruses, etc.

If something breaks, the average user can call the help desk for support. People like me who have unusual setups or weird security applications are generally cast adrift by the help desk - either we manage to fix our own problems or our PCs get re-imaged from scratch. Irritating, but understandable that the help desk doesn’t know how to fix an application that’s being used on only four of those 480,000 PCs.

10

I could answer this question more honestly in the Pit, but I’ll try to restrain myself.
My old company had a very different IT environment than the big company that acquired us. We managed to keep it for a while, but now instead of logging into a UNIX server through a think client I have to go through a standard laptop.
If I want to get a piece of open source software to use for development, I have to create a 50 page application and get it approved by my manager and my VP, then a lawyer, then my manager and VP again and then finally an executive VP, and then theoretically by an architecture committee. This would be fine if I were planning to put it in something to be shipped, but all my stuff is used internally. It is an awful lot to go through for a new Perl package.

They force us to migrate not by turning things off but by making things unusable, in much the same way a landlord wishing to sell apartments out from under tenants arranges for the hot water to go out for six weeks. When they installed a new Firefox on our UNIX server the URL bar displayed in Hebrew. I assume someone told them but it took two months to fix. They also remove tool directories with minimal or no warning and screw up versions of things.
On the bright our standard OS is Win 7, and they said don’t even think about using Win 8, ever, and we might think about Win 10 next year. That part of standarization works for me.

11

Wow! No exaggeration?

Things were much laxer at the companies where I worked in 20th-century Silicon Valley. Unix was the ubiquitous OS and most of us knew of a loophole or backdoor to get root access when we were desperate.

(Though I remember contracting briefly for a company on bankruptcy verge led by an obnoxious and anal-retentive guy obviously experiencing nervous breakdown. When he went to Europe for a week or two, he insisted no one could have the root password while he was gone. I was amused when I noticed
ls -ld /
drwxrwxrwx … )

12

My company - a medium-sized software company - has been trying various methods over the past few years to balance a reasonable amount of security with the reality that programmers need a fair bit of admin access to their local machines in order to do their jobs.

It’s been a pain. They tried out giving us laptops where we had NO admin access, meaning we had to go through IT for every little thing. I think within a month of that they realized they’d need a small army of IT folks to keep up with that. So then they tossed around the idea that we’d remote into VMs from which there would be NO Internet access. After everyone threatened to quit, they backed down to a solution where we have enough admin access to our local computers to install software and do our jobs, but enough that the security guys have warm fuzzies.

It’s a bit of a hassle, but so far, so good. I know some folks have issues with whatever crap they’ve put on our machines to maintain security slowing us down, but to me, it’s a give & take. I don’t want security breaches to bring down the company, so I’ll live with it.

13

Not exaggerating. And they check. My intern loaded an open source data mining program and we got nasty mail about it. And that wasn’t even involved in any design or code generation. He finally ran it on his personal laptop.
My old company had no such issues.
Now, like I said, anything open source that has the slightest possibility of being incorporated into a product could be a gigantic problem. That level of scrutiny makes perfect sense.
Oh, and we had one package which was open source for personal use or educational institutions, and cost money, not much, for businesses. We paid for it - and getting it was much, much easier.

14

My medium-size IT company has stopped using its own email product - which we still (try to) sell to customers - and switched to MS Exchange/Outlook internally. We use virtually none of our own products in-house any more.

15

Thanks, everybody. I thought the answers would be similar to this but it’s interesting to hear the differences from company to company.

16

HW/SW company of ~20k employees.

IT has no hope of enforcing any standards on the tech employees. Not only can we easily work around any limits they try to enforce, but they know it would be absurdly counterproductive. If installing some obscure flavor of Windows required an IT request, nothing would get done. They are able to perform limited enforcement in a few areas, and as long as they aren’t too aggressive we put up with it. But for the most part it’s a free for all, and IT just tries to keep track of licenses and such to keep it legal.

For the non-techies, it’s totally standardized. And pretty out of date, too, but if you just do MS Office all day, maybe it doesn’t matter.

17

I work in a HW/SW company of a slightly smaller size than Dr. Stangelove’s. Pretty much everybody gets a windows laptop. Pretty much every body has administrator privileges on their machine. We get the office suit. There exists a set of about 20 or 30 programs you can request like project etc depending on your duties that need some kind of sign off. I do most of my work on a virtual linux host which I access via my laptop. Big jobs like synthesis or simulations get sent to a vast array of machines maintained by IT. Those machines I don’t have root access to. But We have a group of IT/ tools people who are really good at installing whatever version of opensource tool needed.

The machines in the labs are pretty much maintained on a per project basis by the people on the project. IT has standard windows licenses and images along with the same for linux if the project wants them.

18

I bet that’s a problem. One size does not fit all.

19

I can share what I know as a former cubicle slave at MSFT.

For MS, there is a standard IT build that contains versions of Windows, Office, Defender, group policy, remote access, etc. The IT desk and IT remote help people support this standard build.

Prior to Win10, the policy was 2 IT builds pushed out per year. This is much higher than the industry standard.

Employees can pretty much download any software they want. They should go to the site license website and download stuff like Adobe reader from there rather than from random websites, but I certainly did both and never got called on it. MSFT respects software IP and expects employees to do the same. If employees try to download stuff that doesn’t pass corporate security, it will be blocked. Dodgy or NSFW websites will get you an automated email (and might also be sent to your manager but I’m not sure if that happens or if it has to happen a lot before the manager gets an email).

Net net, it’s pretty standard with the focus on security and outside hack avoidance. Because testing software before release is a really big deal, it is really encouraged that employees dog food software but don’t have to. Some groups get “named and shamed” by releasing the use levels by department. Given that most employees are interested in software, a big chunk are happy and eager to run dog food even though that usually means about once per year your machine crashes and has to be reimaged as part of the testing process. In my experience, it was the A type manager that didn’t really understand the business and couldn’t be bothered to install their own software, were the dinosaurs running the oldest software possible while loudly complaining that “they were way to busy and critical to MSFT to be at risk of dog fooding new product.”

Now with Windows 10, the internal ms folks get the Windows 10 enterprise version pushed out.

There are numerous “dog food” sites that MS full time employees can and do sign up for. Opt in process. Windows, Office, SharePoint are the pretty common ones. these are “beta” versions of pre release software. And then there are the alpha versions that certain groups like the Windows developers join.

So, at any one time, there are multiple versions of alpha users, the dog fooders, and (usually IMHO a bunch of narcissist jerkwads that only run market release software.

20

Dog food?

I’ve administered and occasionally admonished flocks of Web, Unix/Linux and COBOL programmers, but never heard that term.