[LINK] Security vendors advocating workplace net bans
Thu, 21 Mar 2002 09:02:00 +1000 (EST)
On 20 Mar, Chirgwin, Richard wrote:
> The workplace Internet is a far more complex creature than is given out by
> this story. I certainly hope the local press don't suck this sort of stuff
> down without giving it some critical thought.
Unfortunately, critical thought (or more usefully analysis) appears all
too frequently to be in short supply in most places.
Attempting to solve issues that are fundamentally social using a purely
technical solution is as sensible as pissing into the wind.
Having worked with companies on 3 continents, I am no longer surprised
when people advocate technological solutions to social issues (and
almost every complex issue is a social issue - purely technical problems
* Site security is a social issue far more than a technical issue.
Unless an organisation's security policy has at minimum the grudging
understanding of staff, they WILL bypass it - and about 80% of all
security compromises are from internal sources, Nimda, Code Red, Lion
et al not withstanding (something this article does hint at).
Whilst it is certainly possible to have a mail server screen for
certain types of attachment, IT savvy staff that want to bypass this
will find ways to do so - and that solution will spread to all
other stadd faster than a bushifire in a hot north wind.
Unless staff are involved and 'own' the solution, the 'gradual
adjustment' mentioned in the article will camoflage significant
non-compliance. Apart from the loss of personal utility (like cutting
off personal local calls), if staff are not consulted, it is quite
probable that a legitimate business activity will be interrupted by
simply implementing such a policy.
Imposing solutions by fiat rarely works (or at least rarely works the
way it was intended).
Robert Hart email@example.com
Strategic IT & open source consulting +61 (0)438 385 533
Brisbane, Australia http://www.interweft.com.au