Why corporate web browser policies are mad. Like Max

Over the course of my working career thus far I’ve had the great privilege of working with a number of large corporate organisations both here in Australia and in the UK. One thing I’ve found common to most (and always puzzling) is that most seem to force their staff to use IE6 as the organisation’s only ‘approved’ web browser.

It seems a lot of IT departments lock-down their staff’s ability to download and install new software, including web browsers, because it’s considered a security risk. That’s fair enough, but what I could never quite understand was why the love for IE6? It’s now over ten years old, is no longer supported by Microsoft and is much less secure than other, more recent browsers. For IT departments so concerned with security that they’re willing to lock everything down, doesn’t it make sense that they’d want to roll out company-wide upgrades to the latest, most secure version of Internet Explorer each time one is released?

For years I’ve assumed this was simply one of the great mysteries of the corporate world. Someone somewhere clearly knew more than me and I should probably stop worrying about it. I’ve just accepted that working on web products for large corporates just means putting aside new techniques, technologies and advancements that the newer, more developed browsers will accommodate. It essentially means everything we as professional web folk have learnt and developed since 2001 would have to be set aside for smaller, non-corporate clients and startup apps. It’s sad and a little nonsensical as a responsible web developer to be putting products together that have been designed specifically for eleven-year-old near-obsolete technology, but I figure it’s just one of those inexplicable nuances of life in large, corporate organisations.

It’s only after hearing something said at a recent web event that I finally discovered the reason for the proliferation of IE6 within the corporate IT world. After all this time! It’s not security (an argument which never seemed to make sense anyway) nor even grumpy, ‘jobsworth’ IT managers (that one never made sense to me either - surely IT geeks would be first in line for a browser upgrade?). It’s not really even IE6 that’s to blame really.

It seems that in the ten years since IE6 was released and adopted as the browser of choice back in 2001, hundreds and thousands of departments, within millions of corporate organisations have been squirrelling away, commissioning their own bespoke software to tackle all manner of tasks and problems, each unique and many developed to run in a web browser. As more and more of these little systems and apps have been developed, the harder and harder it’s become for the IT departments to upgrade, fearing that if they do - the products upon which so many of their staff are reliant might break. It seems they’ve got themselves at the point now that they’re so far down this path that there’s simply no turning back. If they upgrade to a newer browser it could cost millions (billions?) in re-development to fix everything, yet the longer they leave it they’re tying themselves more and more tightly to IE6. They’re damned if they do and damned if they don’t.

And this is where Mad Max comes in…

As soon as I heard about this situation it reminded me of the last scene in Mad Max. The bit where he cuffs a guys' ankle to a car that’s about to blow up, gives him a saw and says:

The chain in those handcuffs is high-tensile steel. It’d take you ten minutes to hack through it with this. Now, if you’re lucky… you could hack through your ankle in five minutes. Go.

Anyway, back to IE6 and the corporates…

It’s a tricky conundrum with no simple answer, which is why the problem continues to exist, I suppose. But surely it’s time to act. Why not run with a newer browser like Chrome or Firefox for most tasks and instruct staff to use IE6 just for legacy apps?

Then again, what do I know?