- Nokia's new N97 vs. the iPhone
- Talk-powered cell phones?
- FBI: Copper thieves jeopardize U.S. infrastructure
- 10 Microsoft research projects
- Smartphone smackdown: Storm vs. iPhone
As CIO at Bunker Hill Community College, Bret Moeller embraces students experimenting with technology as part of their education, but he'd prefer if their independent studies didn't involve hacking into the college's network.
Slideshow: End users behaving badly
"There are some students who discover at school that their whole point in life is to hack into the college's network to either glean information they have no right to access or to simply kill the network to prove they can do it," says Moeller, who works to manage and secure the Boston-area college's network.
"We can detect scanning on our network and we try to lock things down as much as possible or not allow software on workstations, but sometimes there can be a hole in our protections. We can't control the end users to the same degree one can in a corporate environment, but we still have to do as much as possible to secure the environment from end users," he says.
Yet, Moeller may have more in common than he realizes with corporate network and security managers.
Recent research from the Ponemon Institute revealed that a majority of users disobey company security standards -- and they do so knowingly. (See related slideshow: End users behaving badly.) In addition, survey data just released by RSA shows that trusted insiders "create data exposures of extraordinary scope" through their everyday behaviors.
"End users are smarter than ever. The advent of the PC at home and not just work anymore, as well as the ability to look up and verify what the IT people are saying to you, is a different world," says Steve Moore, technology leader at Mary Kay Cosmetics in Dallas.
In addition, users can easily find detailed accounts of how to sidestep corporate policies, available from countless Internet sites and even laid out clearly in publications such as The Wall Street Journal.
With compliance regulations a constant factor, IT executives are caught between a rock and a hard place.
"We're constantly trying to balance the need for expanded access to information and the requirements to protect information from unauthorized and inappropriate use," says James Kritcher, vice president of IT at White Electronic Designs in Phoenix. "We now have an expanding number of accounts, passwords and other mechanisms to manage access to various resources. The resulting overhead and complexity increases the likelihood that inappropriate access may be granted."
Rss FeedRss Feed
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 The Leader in Network Knowledge© 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask prospective vendors to get the right endpoint solution.
Download the white paper.
Applications: taking back control
Employees installing unauthorized applications is a growing threat to business security and productivity. Cost-effectively reduce this threat by integrating control into your malware protection.
Learn more today.
Comments (5)
laissez faire It's amazingBy Anonymous on December 12, 2007, 2:32 amlaissez faire It's amazing how quickly your message gets lost when you make horrendous spelling mistakes.
Reply | Read entire comment
As a dba for a majorBy Jim on December 11, 2007, 2:00 pmAs a dba for a major company, I feel that it is the bunker mentiality of corporate information security that encourages and fosters the laz-a-faire attitude of end...
Reply | Read entire comment
It's bothBy renman on December 11, 2007, 10:49 amIt's both, of course -- IT and end users -- and it's also upper management and corporate culture. The biggest problem with the infamous WSJ article and at many sites...
Reply | Read entire comment
Education, education, educationBy dkell on December 11, 2007, 4:52 amComputer users are the least predictable and controlled security vulnerability. In the majority of cases, a lack of education and an understanding of basic security...
Reply | Read entire comment
End-users: The problem or a symptom of bigger issuesBy Denise Dubie on December 10, 2007, 4:28 pmWhen end users fail to follow pre-set corporate security policies, some might say its their fault. But many network and security managers say well-designed policies,...
Reply | Read entire comment
View all comments