|
Some Guidelines on Managing Access to the Corporate IT Network Sun CIS Officer Leslie Lambert Shares Her Expertise
Corporate Information Security (CIS) officers currently face the daunting task of making their networks both accessible to those requiring access and inaccessible to those with no business to conduct. Sun CIS Officer Leslie Lambert offers some suggestions on how to find the right balance between access and denial. Lambert says Sun relies on the standard tools such as identity management, access management and role management to control access to the corporation's wide area network. Because Sun is an IT provider to sites that support social networking, for example, access must remain fairly open. Among the biggest threats she has to deal with are the various forms of malware, Lambert reported. To fight this threat, she recommends keeping both corporate and personal computers current in their anti-virus and anti-spyware programs. Lambert says the primary information that CIS officers need to acquire is whom to let in and whom to exclude from their systems. The second, she continues, is having effective mechanisms and processes to put controls in place, which may be such industry frameworks as ISO 27001 or 27002 or other standards of good practice for security. Finally, one needs to back up those processes with a level of automation. "Doing things manually is simply not going to work given the magnitude and speed with which we're required to operate. Identity management and access control products are essential for managing access control services, " she declares. Whether to allow employees access to social networking sites is a question to be answered in terms of corporate culture, Lambert explains. The gains for Sun, historically, have been greater as a result of that access than they would have been with that access denied. What is called for, if the decision is to grant access to social networking sites, she says, is a program of awareness and guidance for employees that fosters appropriate behavior that keeps them from posting corporate secrets, customer data or intellectual property onto social networking sites that anybody can access. "Forbidding access to these tools, I believe, is a no-win battle. There is no way to prevent it other than shutting down the network, turning off the electricity, and removing all computers, " she contends. The policies at Sun involve information on the consequences if a violation occurs (termination, performance management, law enforcement, etc.). It simply does not work to presume that employees won't access these sites because you're not out in front of it with policies and education, she states. The same degree of clarity before the fact applies to allowing outside partners and communities access to a network, Lambert continues. "If a partner is not using the same rigor in security practices, you may want to reevaluate them as a partner. Because if they're taking too much risk on their own behalf, it'll affect you," she notes. At the conclusion of the interview, Lambert offers several guidelines for password management that readers will find useful:
More Information
Sun Guidelines on Public Discourse
[...read more...]
From the latest issue:
|
|
|
|
|
|||||||||||||||||||||||||||||||||||||||||||||
Print Friendly
Email this article
Identity management and access control products are essential for managing access control services. 
Some Guidelines on Managing Access to the Corporate IT Network
Copyright © 1998-2009 System News, Inc.
