Are You a Demanding User?

Friday, November 12, 2010

Christopher Burgess


Do you work for an enterprise or a small-to-medium-size business?

If so, odds are you have an information technology department supporting you. If you work for yourself, you may leverage the knowledge of others in cobbling together an information technology infrastructure to support your daily work.

I work for a conglomerate and rely on an IT department to support my online needs. Regardless of the bailiwick in which you find yourself, we have commonality, as we collectively see technological advances occurring and wish to participate. Not eventually, but today; yesterday would have been even better.

When we raise our heads and look into our infrastructure, at times we are thwarted due to the lack of similar technology being availed or an information technology implementation policy standing between us and the new capability. The reality is, we aren't alone.

I recently reviewed part two of the Cisco Connected World Report and confirmed my thoughts on how easily a disconnect in understanding of security and processes can occur between users and those who are responsible for creating and maintaining our infrastructure.

The report highlights how the majority of users believe they should be able to connect to their employer freely from any device -- personal or company owned. The report highlights how 41 percent of the global respondents feel they need to use specialized (and not necessarily approved) applications to get their job done.

So it begs the question: Do you follow your IT department's policies? A full 20 percent of the respondents said they break IT policy because they believe that the company and IT department aren't going to enforce the policies being broken. What's wrong with that picture?

To begin with, it's somewhat sophomoric to break rules simply because you think them to be feckless and unenforceable. Similarly, poorly written or articulated policies are confusing to all, but I wouldn't advocate tossing aside the intent of adherence. Rather, I would advocate as a demanding user that I understand the "why" behind the policy that is sitting between me and what I want or need to achieve.

For example, one could collaborate across the globe using any number of proprietary or freely available applications to post, edit, and evolve content, but what if the content falls under governmental regulation that requires a specific minimal security regime? Do you as an individual take the time to validate the host environment, or are you just trying to get by and hope no one is looking?

It would be tragic to torpedo your company below the figurative waterline, due to a lack of understanding surrounding IT policies and infrastructure.

I've mentioned the consumerization of IT in prior pieces, and it's true that on occasion we can access more robust capabilities external to our company than within. But there may be good reason why this seemingly "excellent" external capability isn't yet available within your infrastructure.

I advocate that it's incumbent upon us, as demanding users, to become educated as to "why" policies exist. If it does sit between you and the success of the business, open the dialogue with the IT department to adjust the policy to enable business success.

Similarly, social media/social networks have been in existence for a good number of years, but only recently have they filtered into the workforce. The reality is that social media is here to stay. How individuals and companies embrace the new memes of collaboration, information sharing and communication will be a harbinger of how successful companies will be during this period of business transformation.

The report highlights how 64 percent of employees feel their IT departments' social media policies are too restrictive, and they should be allowed to access social network platforms. While approximately 18 percent of respondents noted that they aren't permitted to use personal devices such as and iPad, Zune, or iPhone at work.

In sum, it is absolutely reasonable to be a demanding user. Keep in mind that IT policies exist to keep the company's information assets safe. Throttle the enthusiasm to embrace the latest and greatest, and don't hesitate to engage IT when the policy stands between you and business success. Demanding users are not an endangered species; we are here for the long haul.

Christopher Burgess is a senior security advisor to the chief security officer of Cisco.

Cross-posted from Huffington Post

Possibly Related Articles:
Cisco Policy Remote Access Information Technology
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.

Most Liked