Snowed from home...if only the network would let me in

This is the view from my home office window this morning, in Hove. Looks like I’m not going to work today…


It’s quiet outside. Southern has cancelled trains to London due to adverse weather conditions. No probs, I’ve got broadband and email. I’ve got a telephone. I can work from home. It’s not that easy. I imagine most of the country has woken up to snow and decided – best not to try getting in today.

This is fine, but I suspect the networks can’t cope. I know my Outlook Web Access is basically hanging. It’s almost like the Exchange servers have also been affected by adverse weather conditions.

The other kick in the teeth is our IT security policy – like many businesses – prevents me from accessing the corporate intranet unless I have a security token and VPN software installed on a company-approved PC.

Well I’m trying to work from home, doing the best I can. It’s not just the weather and Southern Trains preventing me from doing so today. A policy of strong IT security at all cost, is actually preventing me from working. Does that actually make any sense at all?

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

So it's OK if the company gets hacked once in a while as long as you can get to your email?

Seriously, though, there's a difference between a policy of strong IT security, and a poor implementation of this which denies people the tools they need to get their job done.

From a positive perspective, at least you can do some work - better than none at all.

Fortunately my employer is more global - I can always get to the network somewhere, even if the local connection is piled up with people working from home. And I always take my laptop and token home with me, I never know when I might need them.

Andy, my point is that today's snow could be regarded as a denial of service. People can't get to work, but clearly, the business must try to operate as best it can. I was speaking to someone today whose VPN access was cancelled by IT because she hadn't used it. So the day she really needs the VPN, she can't get in. How useful is that? I think IT needs to look at what the business does, the risks (human, act of God or whatever), and provide a security plan that supports the way staff work.

So how does cancelling VPN access for one user increase security? Well, apart from having one less account out there, and one less token lying around to get lost... not much.

The trick - the hard part of my job as a security professional, is to make the right tradeoffs. How do we trade off the increased security from one less VPN user against the chances of a lost days work because she can't login? Everyone has a different answer to that, and yesterdays' answers are a lot different to todays' simply because the snow is skewing our perception of the chances of losing a day off work.

For what it's worth, I'd give everyone a laptop and VPN access and make them take them home routinely in case of such situations. Sizing VPN appropriately so everyone can work from home if needed is also a pretty easy thing to do but can prove pricey for a company where it's all or nothing. We're geographically distributed enough that another 1,000 people hitting our VPN in Europe barely shows as a lump in the statistics.

Ultimately these decisions are more about cost (saving a token and some VPN bandwidth) than about real security.

Cliff our firm does give laptops/VPN access to all. The problem we find is that people don't want to lug the heavy powerpacks home with them, so leave them in the office then caught short.

Solution? Buy a job lot of powerpacks on eBay so everyone has two of them.