Security Corner

Jan 15 2013   1:14AM GMT

Renegade executives can wreck security

Ken Harthun Ken Harthun Profile: Ken Harthun

There is probably nothing more frustrating to an IT professional than having the security of his network compromised by a renegade executive who refuses to consult IT before ordering the installation of untested applications. Case in point: A recent help desk ticket read, “[Executive] told me to install Dropbox on my system, but I need administrative rights on my machine to do it.” WHAT? Where did that come from? No one mentioned this to IT, particularly the exec in question. Dropbox is blocked on our networks.

The weirdest part about this whole thing is that we have SharePoint 2010 and we are running Live@Edu (soon to migrate to Office 365) that has 25GB of storage. Why would anyone want to use an insecure service that provides only 2GB of storage in the free version? I asked that question. Answer: Preference. Huh?

Needless to say, I responded rather strongly:

The real issue here is that IT was not consulted before someone decided to start using an application that had not been vetted for both security and performance. There could be a workable process (pre-egress encryption using a proven encryption algorithm) formulated, but this should be driven by IT, i.e., those of us who know and understand the potential risks and benefits.
The Net Admins are responsible for the reliability, performance and security of our networks and the data flowing on them. I take this responsibility seriously and I’m sure my fellow Net Admins and assistants do as well. To ask me to put my network and data – and thereby my job – at risk because of some preference is just not acceptable to me.

What is your opinion? Hit the comments and let me know.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • TomLiotta
    My opinion: "'Preference' is for home usage, not for individuals within the business." The last time I was asked to do something similar, I agreed to do what was requested though I would first need a memo directing me to do it. The memo came, so it was done.-- Tom
    125,585 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: