Layer 8

I think that problem is more pervasive than most will admit to. In my short time, I’ve already seen plenty character-destroying and unethical things that go with a slap on the wrist or worse…let alone security infractions. It is far easier and less personal to spend a ton of money and slap in an appliance to stop that stuff than it is for most people to address the problem employee. Technology, especially in security, sometimes ends up being a compensation for poor management.

On the other hand, my mind went back to your post this evening, even an appliance may be small change compared to the cost of acquiring a good replacement employee for someone who incurs minor infractions and the like. It’s just that few people realize that devices don’t install and take care of themselves…they in turn also need typically not-underpaid IT staff eventually.

Anyway, another way to agree with your statements is to wonder why some shops try to stop every little thing they can think of. Just today I had an ongoing discussion with our team on limiting our desktop support staff’s access to our file server. Some wanted to lock their permissions down so they could make new user folders and that’s about it. Me, I wanted to point out that these people are just going to have to be accepted to have this access unless management has some sort of idea in their heads that they are not to be trusted. I eventually won out because doing otherwise became just too complicated for the guys.

Some shops, though, are not like mine with 450 people, no huge regulations to abide by, and only 3 desktop support guys and 4 network analysts like me. How does your org handle IT staff access to fileserver stuff?