Smart Policy Creation and Enforcement

By Lee Klarich  |  Posted 2010-02-03 Print this article Print

Smart policy creation and enforcement

Enablement is about education, even when the users seem ahead. The role of IT is that of advisor and mentor, showing what applications are best at solving the requirements and how to best use them.

But it's also about raising the awareness of the associated risks. For that, IT professionals need to become super users themselves by adopting Enterprise 2.0 wholeheartedly and without prejudice. Only then can they successfully educate users on all the risks-even those pertaining to social and reputational implications.

For governance to be effective, IT needs to take a major role in the definition of smart policies. But it is critical not to be the sole owner of these policies, as their effectiveness and relevance are inversely proportional to the amount of classic IT thinking. Adoption of Enterprise 2.0 was achieved with lots of non-IT executive sponsorship and support, which means that IT needs to avoid obvious mistakes. Examples of users making mistakes using social media are easy-but ultimately a losing argument because they are inevitable, just as building relationships is less than perfect.

Nor is it appropriate to pursue compliance arguments because no legislation exists per se that governs the use of Enterprise 2.0 applications. Smart policies come down to regulating the use of the right tool for the job in the right way. For example, in a heavily regulated environment such as stock trading, the use of instant messaging (IM) is subject to retention and auditability rules. IT needs to educate the traders on the implications of each of the tools, participate in the definition of the use policy and subsequently implement, monitor and enforce its use. In this example, that policy could prevent the traders from using Facebook chat but enable MSN Messenger.

Lee Klarich is Vice President of Product Management at Palo Alto Networks. Lee brings a strong track record in network security product management to Palo Alto Networks. Previously, Lee was director of product management for Juniper Networks where he was responsible for firewall/VPN platforms and software. Lee joined Juniper Networks through the NetScreen Technologies acquisition where he managed the same product line. Prior to NetScreen Technologies, Lee held various positions at Excite@Home and Packard Bell NEC. He can be reached at

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel