Policies, policies, policies

During last week’s Enterprise Security Technology Tour in Framingham, Mass., we had an intriguing discussion about e-mail and Internet policies. Some folks were radical in their beliefs about user e-mail access; others completely benign.

Let’s take the radical viewpoint first. A panelist on our “Role Reversal” Roundtable, which allows audience members to share their views, said he encourages the IT managers he works with to develop strict policies regarding Internet and e-mail usage. In fact, he says that where a lot of companies go wrong is offering everyone Internet and messaging access. He said if organizations took a good, hard look at what each employee does, they would find that some simply don’t need it. That would free up IT to develop better support for those who do.

Another panelist said that her organization, a state agency, has guidelines set out for online access. She said that violations of the policy – such as visiting inappropriate Web sites or passing along chain e-mails – could result in loss of Internet privileges or even termination.

One panelist was vehement that users should be held responsible for viruses they bring onto the network. I threw out the question to the audience to get their response and many agreed, arguing that users should be savvy enough to know the damage that viruses cause.

That turned the discussion to the issue of “extended hour” workers. Many companies let employees access the network from home computers and the IT managers in our audience said this concerns them.

They pointed to two critical issues: liability for having customer data on a non-work computer and management of the applications and updates.

Regulatory issues, they say, in many sectors prohibit corporate data from sitting or being accessed by non-corporate machines. So if an employee of a financial institution were to call up files to work on from home, he or she could be in violation of rules for that sector.

On the flip side, IT managers say they can’t control what they can’t control so having employees use their own equipment is a frightening concept. They don’t know who’s accessing the computer – kids, spouses, etc. – so they can’t keep the machine “clean.” Also, if the machine is on a wireless network, it could be compromised if the right security configurations aren’t in place.

The IT managers concurred that companies who expect, or allow, their employees to have anytime, anywhere work hours must also provide equipment that is managed by the IT department. The costs are negligible, they say, compared to the havoc that could be wreaked by non-approved machines.

Also, they say that corporate policies are critical – and all employees have to stick to these policies, even executives.  Failing to do so sends the wrong message to everyone else and just makes more work for IT.

Another good practice is to publish a list of approved – and necessary applications. That way, if you do have “independent” users, at least they know the correct software to install.

What do you think? Let me know at mailto:sgittlen@nww.com

****

Register now for these upcoming events:

* Enterprise Security Technology Tour

Keynote: Joel Snyder, NW Lab Alliance member and senior partner

at Opus One

Unfortunately, network security has become a costly catch-22. Just when the stakes to your enterprise are highest, you’re flooded with waves of security technology that are hard to evaluate fully, integrate properly, or deploy effectively. The typically “safe” response is to over-spend and over-build simply because you’re overwhelmed not just with what to buy, but how to buy, when to buy, and why to buy. Find out what you need to know at the “Enterprise Security: Failsafe Architecture” event.

https://www.nwfusion.com/events/security/index.html

* Remote Office Networking Technology Tour

Keynote: James Gaskin, NW Lab Alliance member

“Remote office networks are our fastest growing need.” “A crucial competitive edge.” “The future of the enterprise.”  This is the word from corporations. How can network managers meet the business demands of remote and mobile workers and avoid the downside? Balance costs with benefits? Protect data and profits, too? Attend “Remote Office Networking: Central to Success” to find out. It’s where you’ll see solutions that embrace far-flung networks and yet integrate with your architecture.

https://www.nwfusion.com/events/remote/index.html