Wednesday, March 11, 2009

Security breach: control or trust?

I saw something disturbing today while I was visiting a big enterprise. Many people were using company property for their own needs.

I saw an employee using an enterprise’s pencil. He was using this pencil to draw pictures unrelated to his job. We couldn’t even say that was some napkin architecture. I immediately conclude that pencils can leads to unproductive work time.

Later, I saw another employee take a pencil with him when he went out to lunch. He used it to write potentially confidential information on a napkin and left it on the table. I’m now convinced that pencil can be responsible for confidential information leak.

Worst, I also saw many other things with enterprise’s pencils like, writing gross things with them, gnaw them, steal them and lost them. Have seen all this I thought, maybe we should ban all pencils! Sadly I haven’t got a chance to talk to the CPO (Chief Pencil Officer) of this enterprise.

Have I lost my mind with this entire pencil thing? You would tell me that pros of pencils are greater than cons. You would tell me that we must trust people using them. You would tell me that we must inform people of all the danger related to pencil usage. You would tell me that we must find ways to punish the offenders but for everybody else a pencil is a required piece of equipment to do the job they have to do. You would tell me that pencils are so useful to communicate ideas and people need to be informed. Anyway everybody have at least one pencil at home and they all learn how to use it at school.

That’s exactly what we do with technologies. We restrict access to all kind of messenger systems like Live messenger, Google Talk. We restrict access to software like Excel, Visio. We restrict access to email from internet café and sometimes even from home. Acting like that and adding all those restrictions we are doing worst that if we were preventing the use of pencils. I can’t imagine how many projects would have failed if wasn’t able to access my MSN or my Gmail.

Control or trust? Why not both. Control is not forbid, it’s to know what happened and react in case of problem. Trust is not being blind, it’s to inform and equip. We must inform, equip and trust our users.

Free translation from “0 ou 1 – contrôle ou confiance?

@ 3/11/2009 08:18:00 PM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)