Employee, Desktop and Network Controls
Employee, desktop and network controls
A corporate security policy for the use of Enterprise 2.0 applications needs to include the following three elements:
1. Employee controls
Given the increasing number of "bad" applications, how will an employee know which applications are allowed and banned? How is the list of unapproved applications updated, and who ensures that employees know about it? What constitutes a policy violation? What are the ramifications of policy violations: firing or a reprimand?
Given that a large number of Enterprise 2.0 applications not only manifest themselves on the enterprise network or devices where they could be controlled, but also on the employees' mobile devices, documented employee policies need to be a key piece to the Enterprise 2.0 control puzzle. However, employee controls will remain largely ineffective as a stand-alone control mechanism for safe enablement of Enterprise 2.0 applications.
2. Desktop controls
Desktop controls can complement the documented employee policies as a rather limited means to safely enable Enterprise 2.0 applications. Laptops connecting remotely, Internet downloads, USB drives and e-mail are all means of installing applications that may or may not be approved. Removing administrative rights completely has proven to be difficult to implement and, in some cases, limits user capabilities. USB drives are now capable of running an application so, in effect, an Enterprise 2.0 application could be accessed after the network admission was granted.