Whole Network Most Recent TOP10 CIO Outsourcing SaaS Security

 

A tale of two cables

Filed in archive Security by Scott Wilson on September 13, 2007

19163583.jpg
Chris Anderson has come up with an interesting, and some might say more practical, solution to some of the issues he originally identified in his controversial "Who Needs a CIO?" article earlier this year (for my response to that particular statement, look here.)

As you may recall, the original article was mostly a rant about how chief information officers and other IT managers were preventing the widespread corporate adoption of various Web 2.0 tools, and how they and their dastardly checks and controls on technology utilization should be overthrown, bypassed, or otherwise set aside in favor of a "fat, dumb pipe to the Internet." Which would surely take care of all those pesky corporate functions, like, say, generating paychecks with all your confidential personal information, right?

But instead of simply proposing the fat dumb pipe as the solution to the issue-and it's a real issue, no question-Anderson has modified his stance and now has an intriguing new idea for getting users what they want as well as keeping the corporate cookies safe: dual networks.

It seems like a pretty straightforward fix on the face of it. Simple, perhaps even inspired-the obvious solution sitting in front of everyone's nose. But the reality, at least if you are execution guy rather than an idea guy, is more fraught and complex.

For starters, it would be too confusing for most corporate end-users; if Anderson has a fault in his logic process when it comes to all this, it's that he chronically over-estimates the level of skill and interest present in the average corporate knowledge-worker. Yes, there are those who are technically adept and those are the ones driving these sorts of initiatives, but in my experience they are concentrated in corporations which are in the technology industry, and outside of that, are relatively rare and scattered. Designing your corporate information system around the exception, rather than the rule, probably isn't good practice.

Next, even should you manage to succesfully train staff how to swap back and forth between networks, you still face the obstacle of somehow ensuring that they make appropriate use of each, and don't contaminate either. If you have a nice secure network for your financial transactions, that's swell, but if your accountant is using his blown Hotmail account to send confidential documents back and forth to himself, it doesn't do much good. Similarly, if he picks up a virus out on that wide open Internet, what happens when he plugs back in to the local "secure" network?

Finally, how many people actually want to switch back and forth constantly during their work day? Before multiple monitor support became easy to use, multiple computers were one solution to increasing personal productivity. Apart from the cost concerns, however, the drawback to such solutions is simply that they are inconvenient-it's a pain to transition back and forth across the seams. A lot of people just won't-so they'll continue to be frustrated that their "secure" system won't do what they want, or they will be using their "open" system with sensitive information that shouldn't be there in the first place.

And none of this really addresses the core concern that I hear from CEOs and the like, which is that they want users working, not unaccountably goofing off in Second Life all day. To be clear, I don't share that view-if you can't trust your staff, get new staff-but it is a major concern among many executives today; one of the first things we hear in most discussions about security and productivity, in fact.

While I applaud Anderson and like-minded executives for recognizing the importance of protecting core function through such a system, I don't think it's necessary. I think that a reasonable amount of freedom can be gained even in a secure corporate network. Similar dual network systems were pretty common back in the day when I was working with dot coms and their development staff experimentation threatened to bring down production environments. But there have been sufficient advances in network and firewall technology that you can run all this stuff safely on the same cable now, and I have no doubt this is true for Web 2.0 as well. After all, it is Web 2.0... we're talking about some well-written HTTP proxy rules and a good security group structure, really. Anderson's proposed solution is really evidence of a failure to negotiate a working balance between in the yin and yang of usability and security. Throwing ones hands up and going to either, or both, extreme is no ultimate solution, nor is it a step towards one.

Advertisement


Permalink: A tale of two cables
Tags: dualnetwork  security  CIO  IT  department  long  tail  2007  tale+cables 

Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/91549



Related Entries:

The Long Tail Brings Us Hak.5 - 18 December 2005

SMS Long Tail - 30 January 2006

How the 'Long Tail' changes shooting. - 13 August 2006

The long Tail: Auch im B2B-Marketing relevant? - 25 Juli 2007

Advertisement


Advertisement


CW ToolbarInstall
RSSrss   | See all blog subscribe options
Googlegoogle   |   What is RSS?
Yahoo!yahoo
AddthisAddThis Feed Button
BloglinesBloglines
Newsletter
Advertisement - Book yours here.

Use our search feature to look for other interesting posts

Just this blog Whole network
 
  • Online MBA Degrees
  • Would you like to have a new interactive marketing channel for your company? Learn more about Sponsored Blogs with Creative Weblogging. See how we helped companies like Weblin and cellity reach their goals.
  • Would you like to reach millions of blog readers every day? See you banner on hundreds of blogs with TierOneAds? Stay in control measuring conversion in real time. Register now.
  • Would you like to make more money blogging? Use TierOneAds a new platform that allows you as a blogger to set your prices per impression. Register now.
  • Do you have a blog with more than 50k page views from the US? Let us market your blog and earn great fix payments and bonuses.
  • Would you like to see your text link here? Let us know!
Advertisement
Book yours here.



  • Testimonials

  • 'I don't really think you should keep testimonials from the last guy here, do you?'
  • Other blogs in the same channel in the Creative Weblogging Network

Advertisement -
Book yours here..






Advertisement - Book yours here..
 
Tagcloud: CIO Data Storage Enterprise Hardware Enterprise Software Events General Help Desk And Support Integration Software Management Market Perturbations Networking Offshoring Outsourcing SaaS Security SOA Sponsored Posts The Cloud The Vision Thing Virtualization