Posted by: Scot Petersen
information security management, Risk management, security tools
Throughout 2011, SearchCIO.com and SearchCIO-Midmarket.com editors have been writing about creating new efficiencies in IT and empowering a new generation of users through mobility. At the same time, however, the malware problem continues to get worse and as a result, is threatening the freedoms employees now take for granted.
Dr. John Halamka, CIO at Beth Israel Deaconess Medical Center in Boston, issued a wake-up call in a recent blog post: “If attacks are escalating and our existing tools to prevent them do not work, what must we do?” he wrote. “Alas, we must limit inbound and outbound traffic to corporate networks.”
BIDMC will start restricting access on a limited basis to see if that reduces the amount of malware in its network. Halamka goes on to say that the next step could be whitelisting, which will enable users to visit only authorized websites and will block personal email accounts.
It’s surprising that Halamka, who is known as a technophile’s technophile — the “Geek Doctor” — has come to this conclusion; but since he has, there’s no doubt that much more conservative IT managers are thinking the same thing. In many workplaces, the outcry against restrictive use policies will make Occupy Wall Street look like a meeting around the water cooler.
I have to admit that, despite many IT managers’ efforts to enforce policies and to educate users on security and malware prevention, the average IT user still is woefully ignorant of the effects of his or her Internet usage. Is it time to take users to the woodshed and teach them a lesson once and for all? Maybe, but such a policy should be exercised carefully and with role-based restrictions, because the productivity drain could cost a company more than a security breach ever would. It also could create anger, frustration and yes, even depression, among users who have become used to open access.
As Halamka writes, “It’s truly tragic that the Internet has become such a swamp, especially at a time that we want to encourage the purchase of consumer devices such as tablets and smartphones.”