The study also found that users will go to great lengths to route around corporate networks and often use tools like Gbridge, encrypted tunneling applications, and various private and public proxy services to circumvent security protocols, corporate firewalls and filtering mechanisms. Companies are spending a lot of money on firewalls and filtering products, but in the end, users will always find a way around these.
For those advising corporate clients, this is a very important notion to keep in mind in terms of risk management: technical measures go only so far without buy-in from users and employees, and potential security threats (which sounds more cloak-and-dagger that it often is in reality) can be much more easily be introduced (usually unintentionally) by those within your network than by those on the outside.
To solve the human side of the equation, training and education are critical. On the technical side, “hardening” inward-facing servers is critical. Do not rely on firewalls alone for protection.
I suspect that banning applications or services (such as social media, or even P2P) may be the wrong approach (although from a legal perspective attempting to do so may be important to reduce liability.) Training and education on how to use such tools effectively, securely, and legally may be more effective in the long term, and having users and employees working with your plans (instead of routing around your firewall in any way possible) is far more likely to provide real security.
My final thought: integrate your legal team, your technical team, plus marketing and business operations together to achieve the best security possible (and to gain other benefits, too!). And don’t forget to bring in the users, customers, and clients as well, as they are critical stakeholders in any complete security scheme.
- Is Your Goal Growth? Empower your Employees with Social Media. (kylelacy.com)
- Help IT Run a Less-Risky Business (blogs.harvardbusiness.org)