Should CIOs take employees offline to improve security?
Security

Should CIOs take employees offline to improve security?

"Welcome to your first day at Insecure IT Solutions. Here's your new office. It has three doors and five windows with no locks on any of them. We keep all the sensitive business information in this open filing cabinet in the middle of the room.

"If you want to send a message to anyone in the building, just write it on a postcard, fold it into a paper aeroplane and throw it out of a window: it'll get there eventually. Don't worry about all the strange pipes leading off into the walls and ceiling. We've no idea what they're for but it's probably fine.

"Oh, and you might find random strangers loitering around or sneaking in and looking at your work from time to time. As long as they do it quietly we ignore them. Any questions?"

"Erm... what?"

 

To continue reading...


Please login or register to view your article. If you do not have or do not remember your password, please click on the “Forgotten your password?” link at the bottom.
If you do not yet have a password but are an existing user, please use the “Forgotten your password?

PREVIOUS ARTICLE

«Mission-critical IT systems don’t always need the latest tech

NEXT ARTICLE

News Roundup: Tech CEO’s ditch the White House post-Charlottesville»
Alex Cruickshank

Freelance technology journalist Alex Cruickshank grew up in England and emigrated to New Zealand several years ago, where he runs his own writing business.

Comments

no-images

JOHN KNOWLES on August 29 2017

one way to approach the going offline strategy is to reduce the risk in the key vectors for the most risky parts of a business - restrict inbound email; white list Internet access. Run browsers and other vulnerable software under lowest privilege; Segregate networks so those that really need more open access don't put others at risk. A risk with all or nothing strategies is that they are put in the too hard basket and nothing happens

no-images

Alex Cruickshank on August 30 2017

There's certainly a difficulty barrier to this type of strategy. Network segregation can be an effective option as long as it's done properly, which means no link whatsoever between networks. That in itself can be hard to achieve, though. It's easy to overlook something.

no-images

Philip Quarrier on September 04 2017

Total isolation of the workplace would cut off necessary communication with vendors, customers, employee's family and legitimate personal needs. It's still going to be a combination of balancing restriction and filtering against company's need to communicate. Secure installations have dealt with the problems and solutions for many years.

no-images

Pete Jones on September 06 2017

This is a nice discussion, however, I don't feel it is realistic to think you can take employees offline in this day and age. Having worked on secure infrastructure projects in the past I have seen people go to quite some lengths to do what they think they need to do. Underlying any technology solution there needs to be some significant people effort in order to make it work. Pete

no-images

Alex Cruickshank on September 06 2017

It wouldn't work for all organisations, but it can (and does - see Singapore) work for some. Separate, air-gapped, stand-alone machines for outside communication are used in some cases. Having worked in secure installations in the past, they certainly do block all communication with family, personal comms, etc., right down to locking all mobile phones in metal boxes on arrival at work. They know the risks and don't take any chances.

no-images

JOHN KNOWLES on August 29 2017

one way to approach the going offline strategy is to reduce the risk in the key vectors for the most risky parts of a business - restrict inbound email; white list Internet access. Run browsers and other vulnerable software under lowest privilege; Segregate networks so those that really need more open access don't put others at risk. A risk with all or nothing strategies is that they are put in the too hard basket and nothing happens

no-images

Alex Cruickshank on August 30 2017

There's certainly a difficulty barrier to this type of strategy. Network segregation can be an effective option as long as it's done properly, which means no link whatsoever between networks. That in itself can be hard to achieve, though. It's easy to overlook something.

no-images

Philip Quarrier on September 04 2017

Total isolation of the workplace would cut off necessary communication with vendors, customers, employee's family and legitimate personal needs. It's still going to be a combination of balancing restriction and filtering against company's need to communicate. Secure installations have dealt with the problems and solutions for many years.

no-images

Pete Jones on September 06 2017

This is a nice discussion, however, I don't feel it is realistic to think you can take employees offline in this day and age. Having worked on secure infrastructure projects in the past I have seen people go to quite some lengths to do what they think they need to do. Underlying any technology solution there needs to be some significant people effort in order to make it work. Pete

no-images

Alex Cruickshank on September 06 2017

It wouldn't work for all organisations, but it can (and does - see Singapore) work for some. Separate, air-gapped, stand-alone machines for outside communication are used in some cases. Having worked in secure installations in the past, they certainly do block all communication with family, personal comms, etc., right down to locking all mobile phones in metal boxes on arrival at work. They know the risks and don't take any chances.

Add Your Comment

Most Recent Comments

Our Case Studies

IDG Connect delivers full creative solutions to meet all your demand generatlon needs. These cover the full scope of options, from customized content and lead delivery through to fully integrated campaigns.

images

Our Marketing Research

Our in-house analyst and editorial team create a range of insights for the global marketing community. These look at IT buying preferences, the latest soclal media trends and other zeitgeist topics.

images

Poll

Will Kotlin overtake Java as the most popular Android programming language in 2018?