6 IT rules worth breaking — and how to get away with it

4. External network connection prohibitions

When it comes to critical infrastructure, one commonly held IT rule is never linking production systems directly to external networks. Yet Kristin Demoranville, CEO of AnzenSage, a cybersecurity consultancy focusing primarily on the food industry, disagrees. “While this rule is established with the best intentions to protect sensitive systems from external threats, there are instances where it might be necessary to make exceptions,” she says.

There are times when real-time data sharing becomes imperative, Demoranville states. “For instance, if there’s a need for immediate quality control checks with external labs, or when collaborating with suppliers on a global scale for traceability purposes.” In such cases, direct connectivity can expedite processes, ensuring food products meet safety and quality standards without delay.

While IT rules and protocols are essential, they should serve the mission, not hinder it, Demoranville says. “As we navigate these decisions, we must always prioritize safety, quality, and transparency.”

5. Asset management regulation

Breaking this rule can make sense whenever a technical issue arises in the inventory data being captured, or in situations where end-users are being blocked from accessing enterprise systems, says David Scovetta, security and compliance director at custom forms developer FormAssembly. Asset management regulation may also need to be tossed temporarily aside whenever a new system that doesn’t conform to existing inventory criteria is deployed.

Before breaking this rule, make sure you’re considering the risks, Scovetta cautions. “Addressing these scenarios usually requires cooperation between IT and security leaders, yet it can make sense to break the rule as long as safeguards are in place that can characterize devices by configuration policies, even if you don’t have a firm accounting for the device or its owner.”

6. Any IT rule or policy — in an emergency

Established rules can sometimes be bent or ignored when a crisis situation suddenly emerges. “There are a few scenarios where asking for forgiveness instead of permission makes sense,” says Jesse Stockall, chief architect at Snow Software.

Security incidents, for instance, often require decisions to be made quickly, and if high-level decision-makers are unavailable, determining a response can be critical. Stockall notes, however, that important decisions should still be based on seniority and trust. “Junior employees should not be going rogue,” he warns.

Still, IT is an inherently innovative space, which means that doing things by the book won’t always yield the desired results. Someone with experience and good judgment can probably bend rules as needed, and often these types of employees are given a longer leash.

Still, policies exist for a reason, Stockall says. Rule-breaking should never become a routine IT practice. “Rogue employees invite risk, spoiling workplace flexibility for everyone with egregious behavior,” he explains. “Suggesting there’s an IT policy you can always override is bad practice.”

Stockall believes that IT is moving into an era in which there will be even more rules and policies. “These guardrails will exist for a reason, including an increase in cybersecurity attacks, risks to intellectual property, and the unknowns surrounding generative AI.”