Last Updated on Monday, 28 December 2009 11:36 Thursday, 10 December 2009 14:59

Q: Can I block access to network applications that kill employee productivity in my business? 

A: Well, the short answer is yes, but for how long and is it worth the time and effort?

Most IT and security managers fit into one of two categories when it comes to network and computer security:

1. Lock down absolutely everything, then only unlock things as they are approved by management one at a time.
2. Monitor absolutely everything, then only lock down things as they are recognized as potential problems one at a time. 

Both attitudes work towards the same solution, which is to protect the company as much as possible while penalizing company employees, customers, and partners as little as possible. The number one group starts by stopping everyone from doing anything for their work, then waiting for employee complaints to decide what changes are needed to allow that work. The number two group starts by allowing everyone to do anything for their work, then monitoring IT systems for problems to decide what changes are needed so nothing stops that work.

The original question implies that the questioner is in the number two group since the number one group would never allow these network applications in the first place. You can block activity from those kinds of applications using systems like the NetNinja . The problem with blocking them is that it starts an arms race that you may or may not be able to control or win.

Or the questioner could be in the number one group and they just found out from employee complaints that their controls are incapable of blocking something that is considered a problem. Firewalls typically can't block access to dynamic web applications based on the type of network activity involved, but the NetNinja can. Again, any control can be defeated depending on how much effort you are willing to devote to monitoring the control.

Either group may be pushed to control everything that their employees do on the network, but there are always ways around these kinds of controls. Before you start on that arms race, you should consider whether the source of the problem is under your control or not. A hacker or disgruntled ex-employee is not under your control, but a current employee is. Are your employees or management performing so poorly that it's worth the time to stop everyone from using potentially useful applications and then keep working to do so indefinitely? If so, you may have problems outside of your network and computer systems, namely with your personnel.

The number one group probably thinks they can ignore this question because everything is locked down and people can only do what they want them to. If you fall into the number one group, you should consider the fact that your network systems and controls do not control things they weren't designed to control. New technology often creates ways to get around those systems, especially if you don't monitor them like the number two group. Normally, people in the number one group set up their systems and controls, then ignore them until someone complains enough to change something.

Hackers live for company networks and servers secured by people in the number one group. Why wouldn't they rush after the people in the number two group? Because the number one group does nothing until enough complaints mount, which is far too late, creating a long term haven for hackers, especially those who are good at avoiding notice.

Ideally, your IT and security managers should be fully active in both the number one and number two groups to some extent. Company executives should allow them to do what they need for the objectives of both. Unfortunately, the resources may be more limited in some companies than in others, so you have to evaluate what you can and cannot do, whether you need outside help or not.

The bottom line answer to the question is that you can't solve human resources (HR) problems with IT systems and management. IT systems are tools that help make decisions, not tools that automatically solve all your problems.

Contact us to find out more about how we can help you stay secure while using all your systems effectively.