- Tools & Templates
- Security Jobs
- Data Protection
- Identity & Access
- Business Continuity
- Physical Security
- Security Leadership
To Ban or Not To Ban?
Should the Department of Defense (DoD) ban the personal use of their networks? Federal Computer Week (FCW) recently ran several stories stating that they are seriously considering it. But the ramifications go much further than just the DoD.
The first article by FCW entitled: DOD considers prohibiting personal use of networks stated the facts as presented at the Institute for Defense and Government Advancement’s Network Centric Warfare 2008 conference in Washington. According to that report, Lt. Gen. Charles Croom, director of the Defense Information Systems Agency, said,
“The Defense Department is considering a policy that would banish all traffic not proven to be purely official DOD business from its networks…. Unofficial early estimates, however, are that 70 percent of the traffic on DOD networks today is unofficial and would be banned, said sources close to the department.”
A few days later, another report was issued by FCW entitled: Should DOD ban personal use of its nets?
This report was fairly skeptical of the concept and listed many concerns with the potential plan. "It is nearly always impossible for a policy-maker in any organization to be able to specify exactly what network traffic is "legitimate" and what is not because the work environment is rarely simple enough to submit to high-level heuristics."
TechNews World lays out some legitimate concerns regarding current social networking policies: “To be sure, bandwidth requirements pose a legitimate concern that is not limited to the U.S. military. Large corporations, for instance, have taken to locking employees out of popular streaming video sites at the workplace in order to ensure that their networks can run at full capacity.
Sharing videos, swapping photos and other popular Web 2.0 activities can easily eat up a lot of bandwidth, said Jeff Stibel, CEO of Web.com, which provides military families with tools to create multimedia sites.
Even the New York Post ran an article in January about employees wasting time online at work . The article Net Losses strikes a balanced approach with an emphasis on good, specific policies.
“* Put your policy in writing, says Nancy Flynn of the ePolicy Institute, “and I mean physically in an employee manual or something separate that the employee signs."
* Be specific, says attorney Debra Guzov. It's no good to say employees are allowed a “reasonable amount" of Web time - “to a CEO, that might be 20 minutes on lunch break; for an employee, it might be four hours."
* TELL WORKERS if you're monitoring them.
* Don't go overboard, advises Guzov, who doesn't recommend a complete ban on personal surfing. “People are working increasingly long hours, and sometimes it's the only way they can get personal business taken care of."
Not a lot of answers out there, but many, many questions.
I doubt that the DoD wants my opinion, but here it is anyway (from a former DoD employee). Be very careful about a total ban for all employees on personal use. My prediction: if the DoD goes that way, someone will rescind the ban within 2 years – probably sooner when a new administration arrives.
Thanks to cloud computing, your business data is everywhere and being accessed by everyone. Making the wrong decision to protect your data can result in high costs, increased risk and executive exposure. View this live webinar on cloud security and the evolving data center, and learn why a data-centric approach to security is the best bet for today's virtual environment.