[LINK] Security vendors advocating workplace net bans

hartr@interweft.com.au hartr@interweft.com.au
Thu, 21 Mar 2002 09:02:00 +1000 (EST) 

On 20 Mar, Chirgwin, Richard wrote:
> http://story.news.yahoo.com/news?tmpl=story&u=/nm/20020318/wr_nm/tech_intern
> et_security_dc_1&cid=582	

> The workplace Internet is a far more complex creature than is given out by
> this story. I certainly hope the local press don't suck this sort of stuff
> down without giving it some critical thought.

Unfortunately, critical thought (or more usefully analysis) appears all
too frequently to be in short supply in most places.

Attempting to solve issues that are fundamentally social using a purely
technical solution is as sensible as pissing into the wind.

Having worked with companies on 3 continents, I am no longer surprised
when people advocate technological solutions to social issues (and
almost every complex issue is a social issue - purely technical problems
are rare). 

* Site security is a social issue far more than a technical issue.
  Unless an organisation's security policy has at minimum the grudging
  understanding of staff, they WILL bypass it - and about 80% of all
  security compromises are from internal sources, Nimda, Code Red, Lion
  et al not withstanding (something this article does hint at).

  Whilst it is certainly possible to have a mail server screen for
  certain types of attachment, IT savvy staff that want to bypass this
  will find ways to do so - and that solution will spread to all
  other stadd faster than a bushifire in a hot north wind.

  Unless staff are involved and 'own' the solution, the 'gradual
  adjustment' mentioned in the article will camoflage significant
  non-compliance. Apart from the loss of personal utility (like cutting
  off personal local calls), if staff are not consulted, it is quite
  probable that a legitimate business activity will be interrupted by
  simply implementing such a policy.

Imposing solutions by fiat rarely works (or at least rarely works the
way it was intended).

-- 
Robert Hart					 hartr@interweft.com.au
Strategic IT & open source consulting                +61 (0)438 385 533
Brisbane, Australia			    http://www.interweft.com.au