Posted by: Ken Harthun
Secure Computing, Security, Security best practice, Security management
There is probably nothing more frustrating to an IT professional than having the security of his network compromised by a renegade executive who refuses to consult IT before ordering the installation of untested applications. Case in point: A recent help desk ticket read, “[Executive] told me to install Dropbox on my system, but I need administrative rights on my machine to do it.” WHAT? Where did that come from? No one mentioned this to IT, particularly the exec in question. Dropbox is blocked on our networks.
The weirdest part about this whole thing is that we have SharePoint 2010 and we are running Live@Edu (soon to migrate to Office 365) that has 25GB of storage. Why would anyone want to use an insecure service that provides only 2GB of storage in the free version? I asked that question. Answer: Preference. Huh?
Needless to say, I responded rather strongly:
The real issue here is that IT was not consulted before someone decided to start using an application that had not been vetted for both security and performance. There could be a workable process (pre-egress encryption using a proven encryption algorithm) formulated, but this should be driven by IT, i.e., those of us who know and understand the potential risks and benefits.The Net Admins are responsible for the reliability, performance and security of our networks and the data flowing on them. I take this responsibility seriously and I’m sure my fellow Net Admins and assistants do as well. To ask me to put my network and data – and thereby my job – at risk because of some preference is just not acceptable to me.
What is your opinion? Hit the comments and let me know.