Tuesday, November 13, 2007

Security, Part 2

At my company, we are supposed to put appropriate footers at the bottoms of our documents and emails. For example, "Internal Use Only," "Do Not Duplicate," etc., (I made all of those up). I don't think all of the employees are as thoughtful at doing this as our legal & security groups would like, although I'm sure many people are very conscientious. So I think we may have just assumed that, by keeping our documents only on our intranet, that we are keeping employees safe from themselves, and the company's secrets slightly safer than they might be otherwise.

Now, however, it is very easy for employees to blog on the Internet, or collaborate using a wiki on the Internet. Our email & calendar accounts are accessible from the Internet. But many employees find accessing our applications and documents through our intranet just not compatible with their work (or location, or Internet-enabled device, or ...). So should we move more out onto the Internet?

Sunday, November 11, 2007

Security, Part 1

(note that I'm not in an IT security group or anything, I just started thinking about this)

Several months ago when our group started looking at ning, I wrote up some general guidelines for using these Internet-based apps (vs. our intranet), just to have something.

Currently, after reading the policies & guidelines for our company's external blogs and wikis, I'm thinking that we've just flipped the model. We used to think we had to protect users from themselves, by giving them the safest default. Now that everyone wants to be connected via whatever device or appliance or location or situation they choose, we need to move our data onto the Internet. In addition, as we understand the value of open information (think Wikinomics), we (as a company) want to publish as much of our information, and thoughts, to as wide an audience as possible.

Anyway, I think the model is now something more like, "You, as an employee, have knowledge and ideas that may or may not be appropriate to share with the rest of the world, including our competitors. It is up to you to determine whether or not you should publish this information securely, or on the Internet. If you are unsure, contact blahblahblah for assistance."