Employee, Desktop and Network Controls

By Lee Klarich  |  Posted 2010-02-03 Print this article Print

Employee, desktop and network controls

A corporate security policy for the use of Enterprise 2.0 applications needs to include the following three elements:

1. Employee controls

The development of policy guidelines for the use of Enterprise 2.0 applications is often challenging, as many examples are available. But the high tension between risk and reward has polarized the opinions. Enterprise 2.0 guidelines are part of an overall code of conduct and privacy policy, and a few key elements need to be represented.

Given the increasing number of "bad" applications, how will an employee know which applications are allowed and banned? How is the list of unapproved applications updated, and who ensures that employees know about it? What constitutes a policy violation? What are the ramifications of policy violations: firing or a reprimand?

Given that a large number of Enterprise 2.0 applications not only manifest themselves on the enterprise network or devices where they could be controlled, but also on the employees' mobile devices, documented employee policies need to be a key piece to the Enterprise 2.0 control puzzle. However, employee controls will remain largely ineffective as a stand-alone control mechanism for safe enablement of Enterprise 2.0 applications.

2. Desktop controls

Desktop controls can complement the documented employee policies as a rather limited means to safely enable Enterprise 2.0 applications. Laptops connecting remotely, Internet downloads, USB drives and e-mail are all means of installing applications that may or may not be approved. Removing administrative rights completely has proven to be difficult to implement and, in some cases, limits user capabilities. USB drives are now capable of running an application so, in effect, an Enterprise 2.0 application could be accessed after the network admission was granted.

Lee Klarich is Vice President of Product Management at Palo Alto Networks. Lee brings a strong track record in network security product management to Palo Alto Networks. Previously, Lee was director of product management for Juniper Networks where he was responsible for firewall/VPN platforms and software. Lee joined Juniper Networks through the NetScreen Technologies acquisition where he managed the same product line. Prior to NetScreen Technologies, Lee held various positions at Excite@Home and Packard Bell NEC. He can be reached at lklarich@paloaltonetworks.com.

Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel