In the whitepaper To Block or Not. Is that the Question?, Palo Alto Networks explores the issue of “Enterprise 2.0” applications such as Facebook, Skype, Twitter and YouTube and how users are now in control of the network. Meanwhile, IT staff is saying “just block it!” and users say “just don’t block it!,” but it’s not that simple. As the whitepaper points out, the real answer lies in your ability to see what’s actually going on on the network and then decide on the best fit for your organization.
An interesting bit from the whitepaper is that 69% of respondents to a McKinsey study say their companies have gained measurable business benefits, including more innovative productsand services, more effective marketing, better access to knowledge, lower cost of doing business and higher revenues because of Enterprise 2.0 software (while IT staffers argue the opposite: that these applications DON’T boost the bottom line). Knowing that most traditional security controls will block their software, developers of Enterprise 2.0 applications look for ways to circumvent the system so that employees and other users can get access anyway (necessity is the mother of invention, right?).
For governance to work, IT should play a big part in the definition of policies, but not be the sole owner of those policies (something I’ve been ranting about for years because policy creation and enforcement is an HR, legal and management issue — not an IT issue). I have a client that’s experiencing this very dilemma with social media right now. Company managers want to provide Facebook access for their employees. However, recent malware outbreaks have compromised several company systems and placed its network at risk. They have policies and antivirus software, but not anti-spyware protection which would have (presumably) blocked the
infections. We’re now working on a plan for moving forward to keep users happy and minimize business risks at the same time.
These new applications are presenting a Catch-22 that’s throwing many small and medium-sized businesses for a loop. There are no good answers right now. If you take anything from this, just know you have to do your homework and understand the risks/benefits. Blocking or no blocking, the angles to this issue are still being worked out — one business at a time. Stayed tuned and, in the meantime, stay vigilant.
“A business associate referred our company to Principle Logic when we were seeking a resource to perform vulnerability /penetration testing for our external and internal networks. We found Kevin Beaver to be professional, well informed, and easy to work with. His testing did not disrupt our networks, and his progress updates were timely.
His final report was very thorough and included security recommendations for our network environment. The executive leadership was so impressed with Kevin’s security expertise, they have extended their agreement to continue to perform periodic testing. We highly recommend Kevin Beaver and Principle Logic as a resource for network security testing.”