| Sadly in large companies with IT departments that have accountability and as such have internal costing to another department. Well in those sitauation it is often common for one department head to go behind official channels and outsource for a cheaper price. This sadly bypasses alot of security and other standards the company has. It's not new, and will happen again and again. One example would be bank that had a website defaced around 12 or so years ago in protest to petrol prices. Turned out that the server was located in a server room with a dog running around in it and would be best described as a spare bedroom almost. The marketing department manager had organised that gem of a disaster. Was lucky as forensics upon that server indicated it had been hacked at least half a dozen times previously. So the defacement hacker had done that bank a realy big favour. So your company can have the best and most excellent security standards in the World that are completely unbeatable. But it only takes one department head to outsource behind your back or for one individual with a BYOD or the like to plugs in and your open to a screwing. Clouds are popular as for some reason people have been sold that there all uber secure in that all your worries are removed. They are not, shifting the storage elsewere not only opens up another access point publicly to potentual get at your data but the over comfortable attitude it installs will be inclined to make the clients not as secure as they should be. If I was a Administrator and I was responsible for the data and liable to getting legaly shafted if there is a breach and the company used clouds and had a BYOD policy then I'd be very much underpaid and with that googling for some form of disclaimer you got every user to sign and every manager to sign. Just so I could sleep at night. Remember this, when it comes to IT most users are like children and with that they will find a way to break it if one exists and failing that they will find a way. Block everything website wise and add as an exception, as there realy isn't many websites that companies need you to access. If you want to access any other site then BYOD and network, just don't go driving on the internet in the name of your company. I often wonder if I was to set up a free porn site and then check what companies have employee's browsing it and then have a name and shame of the companies. But I feel that would be cruel upon poor employees with a porn addiction and with that I just can't do it as it would just get alot of people sacked and no company would take any heat from it. |