Aug 4, 2010

[Internet] Living With The Office Firewall

Flickr: Indrani Soemardjan - Flickr Blocked in UAE
Flickr Blocked in UAE
by Indrani Soemardjan

I've been working in the corporate world for a good 7 years now and ever since I managed to get off the phones as an agent, I've started to come to blows with our IT department. It wasn't necessarily intentional - it's just what naturally happens when one explores the network and tests the limits of the system, only to finally encounter the barriers and safeguards put in place. It's never overly fun - it's just a fact of life in the working world.

Company IT Departments are always at war with the general employee population. Perhaps war is a very negative term, but it does describe things well enough. The employees constantly test and probe the defenses and the IT Department erects new safeguards, pin down violators and redefine policies to better protect the company's networks and data. It's a noble enough effort in what is practically counterinsurgency and whether we like it or not, we're the bad guys and they're the good guys.

And yet why do we constantly villainize them and complain when we run into these barriers? I can't help myself either - my first reaction is to be frustrated and angry about it. Then I learn to accept. Then I resume the assault, looking for new cracks in the defenses. The cycle repeats time and time again.

I find myself blogging about this since I came to work on Monday night to find that Twitter was finally blocked. It had taken them long enough, I suppose. I've been active on Twitter for a good 3-4 years or so (I never really bothered to count) and the whole time it's remained open at the office. Plurk barely survived a few months from the time it became popular. The ports used by popular IM clients are naturally blocked. Social networks like Facebook, Multiply and Friendster are blocked. Web-based email clients like Gmail, Yahoo Mail and even Windows Live Mail are blocked. Even sites like Blogger, YouTube and Flikr are blocked. That's just the way things are.

I understand the reasons behind this, of course. I'm smart enough to understand company security policies. Heck, I've even worked in the Compliance Team for a while and we had to lock these kinds of vulnerabilities down. It doesn't mean I feel good about it of course - I just have to grin and bear it like everyone else. It doesn't make a heck of a lot of a difference that I'm already a manager - the policy applies to everyone more or less equally.

People can rant and rave about the loss of liberties, but we have to acknowledge that the two primary reasons behind blocking all these sites are horribly valid in an office setting. First, most of these sites pose as security risks. Second, they are obviously sites that cause employees to waste time and unnecessarily drain resources, the least of which being bandwidth. All good reasons that we have to accept whether we like it or not. The office is not some internet cafe that we venture to for a significant part of the day and expect to have free access to everything that we want.

It would be pretty cool though.

Google: no to Windows - not safeImage by Las Valley 702 via Flickr
Our current philosophy towards security is centered around locking things down and control. For IT Departments, the users are the greatest security threat and cannot be trusted to police themselves. So instead we clamp down and we erect barriers, blocks at the ISA level and firewalls that continue to confound everyone. Proxy sites go down as soon as they are discovered. New social networks are added to the blacklist as soon as they become popular enough to trigger the notice of the watchdogs. And so on and so on and so on.

If the user is the greatest threat - then why don't we take steps to educate the users better? Why do we handle employees like we handle our pets - we wait for them to do something bad and then we shout "BAD DOG!" and then build a better fence. We assume the users cannot be trusted with ensuring the security of the network, and thus we continually raise fences and define stricter security protocols around the bumbling employee population.

Admittedly, this alternative approach is a significant challenge. It means investing in more time in training and properly educating new employees as they join the company. It means having more diligent network engineers who can spot trouble at a moment's notice and restore the safeguards as soon as possible. It means a more mature outlook as an IT Department and a more robust security policy that actually trusts the users. It's a very tall order - one that is probably not very cost effective, but it is one that factors in a bolder look forward.

The internet is constantly changing and evolving into something new. With every generation, the things that we can accomplish online become more and more creative and give us greater and greater capabilities as individuals and as employees. But if IT Departments continue to go down the path of control and limits, then it ends up turning a blind eye to these potentially cost-saving benefits. As long as we deny these new tools to the users, what will the end result be?

As much as I'm proud to work in a multinational corporation, I'm always disappointed with the fact that I can't maximize the web's potential. I can't utilize Gmail and Google Calendar to the fullest because of the limitations imposed. I can't create novel (and free!) knowledge sharing sites using Google Sites. Heck, the standard browser in the office is still Internet Explorer 6 - a browser that even Microsoft is turning its back on. And I know we're not alone - it's a problem in many companies.

An IT security policy based on strict controls will always be slow to respond to new developments and one that stifles the creativity of the users. It may have worked in the past when all that people could do online was send email and post messages on newsgroups. But with everything out there and how quickly things are changing, can we really afford to stay in the internet dark ages like this?

For now I'm just thankful that I still have a few services left to me. I won't post the names right now - IT might be reading this after all. They'll just have to keep up with the Joneses and catch me.
Enhanced by Zemanta

No comments:

Post a Comment