TCS Daily has an article by Instapundit entitled Managing to Look Busy, in which he states…
And given that U.S. economic performance over the past few years, as Internet usage has boomed, has been excellent, it's hard to believe that this websurfing is really threatening productivity. Instead, I suspect, it's threatening management's sense of control.
…in response to a Chicago Tribune article:
Companies are starting to ban Web access, block instant messaging services to squash discreet conversations among chatty co-workers and prohibit employees from watching sporting events on their computers
Some of this crackdown is due to management control concerns about productivity and slacking.
Much of it though is based on Information Security risk assessments. Unfettered access to web pages, IM, and other internet-traversing applications exposes an organization to risk (however valid is that calculation). The easies way to mitigate is to lock down the desktops, have specific/tight firewall rules, and do content filtering.
If you take Donn Parker's advice and do not used a risk-based approach, but instead base the information security program partially on enablement, several options are available to enable IT consumers access to the functionality they want without compromising security.Here are some possibilities I quickly brainstormed on:
- Deploy internal IM systems that have av-screened internet gateways; or in addition to the internal IM system,deploy an IM client like Trillian and av/anti-malware screen the internet IM traffic with an appliance like Fortinet's Fortigate security appliance.
- Setup a few internal cyber-cafe area that would allow IT consumers to run unfettered web application areas during breaks, lunch and after-hours (use traffic shaping to set the traffic level to a maximum)
- Allow IT consumers to connect personal laptops and devices or company provided Net Terminal to a separate vlan/security-zone that can access the internet (with an av/malware screen and traffic shaping to put a cap on total traffic) but that has no access to other corporate vlans/security-zones.
- Have a a less hardcore Acceptable Use Policy for IT consumers. As a trade-off punish transgressors in a big way publicly.
- Do your facilities have bad cell phone access? Work with cellphone companies to add repeaters and antennas onto your facilities
Filed under: Information Security