Employees Will Find Ways to Route Around Corporate Firewalls

Published: April 30, 2009Posted in: business, law, recommendations, technologyTags: , ,

Joe working within the constricts of work's se...Image by lloydi via Flickr

Study: Employees Will Find Ways to Route Around Corporate Firewalls — ReadWriteWeb:

The study also found that users will go to great lengths to route around cor­po­rate net­works and often use tools like Gbridge, encrypted tun­nel­ing appli­ca­tions, and var­i­ous pri­vate and pub­lic proxy ser­vices to cir­cum­vent secu­rity pro­to­cols, cor­po­rate fire­walls and fil­ter­ing mech­a­nisms. Companies are spend­ing a lot of money on fire­walls and fil­ter­ing prod­ucts, but in the end, users will always find a way around these.

For those advis­ing cor­po­rate clients, this is a very impor­tant notion to keep in mind in terms of risk man­age­ment: tech­ni­cal mea­sures go only so far with­out buy-​​in from users and employ­ees, and poten­tial secu­rity threats (which sounds more cloak-​​and-​​dagger that it often is in real­ity) can be much more eas­ily be intro­duced (usu­ally unin­ten­tion­ally) by those within your net­work than by those on the outside.

To solve the human side of the equa­tion, train­ing and edu­ca­tion are crit­i­cal. On the tech­ni­cal side, “hard­en­ing” inward-​​facing servers is crit­i­cal. Do not rely on fire­walls alone for protection.

I sus­pect that ban­ning appli­ca­tions or ser­vices (such as social media, or even P2P) may be the wrong approach (although from a legal per­spec­tive attempt­ing to do so may be impor­tant to reduce lia­bil­ity.) Training and edu­ca­tion on how to use such tools effec­tively, securely, and legally may be more effec­tive in the long term, and hav­ing users and employ­ees work­ing with your plans (instead of rout­ing around your fire­wall in any way pos­si­ble) is far more likely to pro­vide real security.

My final thought: inte­grate your legal team, your tech­ni­cal team, plus mar­ket­ing and busi­ness oper­a­tions together to achieve the best secu­rity pos­si­ble (and to gain other ben­e­fits, too!). And don’t for­get to bring in the users, cus­tomers, and clients as well, as they are crit­i­cal stake­hold­ers in any com­plete secu­rity scheme.

Related arti­cles by Zemanta

Reblog this post [with Zemanta]

Related articles