Good article on explaining the problem, but as a company that provides software to deal with this very problem, we find the move to adopt practices and/or software to prevent this problem is very slow. Organizations just will not deal with this without a mandate or legislation.
Anyone else with thoughts?
|
Does Verizon's Voyager stack up to the iPhone? |
|
|
5 IT skills that won't boost your salary 
[1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
|
|
Work with, not against, users
I'm a high tech worker but am not in IT. My angle on this is from a user's perspective rather than from IT. I have to say first off that I am one of the guilty parties who work around IT measures on a regular basis.
What I find perplexing is how all the IT people I have worked with over the past few years have morphed from a "service" entity to a "policing" entity. As a user, I now view IT as an organization who creates policies which I will conform to when it is convenient or when they make perfect sense, but are to be circumvented if they don't make sense and greatly interfere with what I have to get done each day. I sometimes wonder if IT people, and certainly those who helped create this article, realize that corporate users have a job to do, and continuously making it difficult to get that job done seems to be contrary to why we have IT services in the first place. IT at most companies is not an end unto itself.
Phrases such as "creating policies is not enough; security managers need to ensure insider behavior aligns with corporate security standards" make me feel that a war has started between the users and the IT service elements of many companies.
Should IT not be working "with" the users to improve security rather than dictating/policing policies?
Oh Yeah?
I agree.
That's why for years I have advocated FIRING those people who don't follow company policy. These are the people who feel they too busy or important to worry about the information that is "clearly" a problem for the IT department to handle. This, more than anything else I know of sends a clear signal to everyone in the company about how important the policy is.
I've been in this field a long time and the people I really take care of are those who make the effort to do the right thing. For those who don't have the time or desire to learn, I'll do as much as company policy dictates and let the dominoes fall where they might. That's because these are the same people who will point to IT as the cause of their problem.
I remember trying to work with our human resources office about trying to encrypt data they were sending to a vendor. They refused, even when the option of purchasing software was available. At the same time, they had no problems telling me I had to fix their problems today and I was free to help everyone else after hours.
Yes, I know you're a user. You sound exactly like people I know who complain when they have a problem and decide the best course of action is to complain loudly about IT, hoping your boss won't ask what you did or didn't do.
Don't look for sympathy here....
Continuing the Conversation...
In a Non-Production environment (data cloned from production to a test environment), do you think the data should be scrambled in some fashion? How far should a company take the scrambling? Should it just be credit card #'s, SSN's? How about marital status?
Should IT have access to sensitive data in non-production environments?
Post new comment