Establishing Digital Trust: Don't Sacrifice Security for Convenience
Probably not, according to storage and security experts.
Any IT manager who thinks his network is holding nothing but customer records, financialsand billing information is really out of touch, say industry watchers. In actuality, theaverage network just may be holding more emails from sweethearts, more recipes from Mom,more copies of the last Star Wars movie and more clips of the latest J-Lo single than anyrecords supporting your business.
That means it's probably way past time for a little spring cleaning.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i Corporate data storage is being wasted and misused, says Nick Carr, a technology consultantand author of the article 'IT Doesn't Matter', which recent appeared in the Harvard BusinessReview. Companies' data storage is being wasted on stockpiling employees' personal emails,information about their latest e-Bay buys, MP3s and movie clips. He claims that typically 70percent of storage capacity on any given Windows network is being misused.
Carr says this misused storage space is just one way companies are wasting money.
Keith Rhodes, chief technologist at the U.S. General Accounting Office, says employees arewasting corporate storage space without giving it a second thought, leaving companies opento not only running low on disk space but vulnerable to worms and viruses, as well.
''When we go in and test systems, we find there's an awful lot of garbage, says Rhodes,whose job is to test the network security at 24 different government agencies anddepartments. ''People are starting to forget that the tool they're using at work belongs tothe company, and they're looking at it as their own personal space... People don't seem tomake a distinction between work and personal, so it's all disheveled and disorganized.''
Rhodes notes that disk space isn't very expensive these days, but it doesn't grow by itself.Employees are needlessly putting a load on their corporate networks.
''People are looking to download the Matrix, and then you get some big Windows Media files,and then a four-minute music video,'' adds Rhodes. ''How many of these things are you goingto have, before there's a problem?''
And forget about having to buy and install extra storage space so the people in the billingdepartment can save copies of their favorite email jokes and pictures of their familyvacation. The bigger problem could be a lawsuit or criminal liability.
Robert Gray, research vice president of storage systems at analyst firm IDC, says employeeshiding away MP3 files or copies of their resume is one thing. Hiding pornography or otherfiles that could lead to a sexual harassment charge or even a criminal complaint issomething all together more serious.
''When you get into all this stuff about harassment and pornography, they bring up a lot oflegal issues,'' says Gray. ''Employees in the U.S. don't comprehend that all the material onthat computer is basically the property of the employer. They don't have the legal rightsthey think they do.''
Having pornography on the network could add to the creation of a sexually charged workplace,which could not only make employees uncomfortable but could lead to a sexual harassmentcharge. A similar, but more serous threat, is having child pornography on the network. And securityexperts say it's far more common than most IT managers would ever imagine. Many in thesecurity industry say child pornography -- explicit images and text dealing with underagechildren -- is hidden on virtually ever large corporate network.
And having that on a corporate network causes a litany of legal issues -- from creating ahostile work environment to criminal liability for not only the person who put it on thenetwork, but for the company, as well.
Security and law enforcement experts have differing opinions on whether or not a company isheld liable for illegal content sitting on its network. Some say if company executives don'tknow it's there, they're not responsible for it. Others disagree. Most say IT managers needto go looking for it. And all of them agree that once it's found, it needs to be reported topolice.
Charles Kolodgy, a research manager with IDC, says IT administrators need to check theirsystems for illegal content regularly -- to both have control over their networks and toeliminate and report illegal activity. Kolodgy notes that a lot of administrators check forand wipe out MP3 files when they're doing backups. They also should be checking for anyanomalies, such as the passing of data files outside the network, that would hint thatsomething is going on that shouldn't be.
All the analysts agree that the best way to head the problem off is to create a policy thatrestricts corporate Internet usage for anything but strictly business purposes. Users shouldhave no expectations of privacy when using company equipment and services.
Analysts further warn that IT administrators need to not only create the policy, but theyneed to make sure that every employee knows about it and agrees to it. They suggest givingworkers periodic reminders and having a pop-up window that appears when a computer is bootedup. The window will show the corporate policy and by clicking on it, employees acknowledgeit and agree to it.