Web access policy and dictators

There are a few things that annoy me: impoliteness, petty bureaucracy, Chris Moyles, BT customer “service”, the price of cinema popcorn, the smell of fast food on public transport, drivers who can’t stay in lane when they go round a roundabout (Hey, Mrs Blue Audi driver on the A316. See those white lines on the road? Yes, they indicate a concept known as “lanes”), amongst others.

I also get annoyed by little dictators in IT departments who think it’s within their remit to decide what the Internet usage policies should be within an organisation. Come off your high horse folks. Let the HR and company management team decide what is and what isn’t permitted and acceptable employee behaviour.

The policy at my organisation is simple: anything identified by WebSense as being a potential security threat (i.e. contains malware or malicious content such as hacking tools) is blocked. Everything else is open or closed depending on whether the HR director agreed to allow it, based on a combination of common decency, local laws, and common sense. Requests to open up access to specific sites –  that might have been miscategorised or sit within blocked categories – go to either a security manager if they fall under a security category, or an HR manager for approval. It’s not a perfect process but it beats having the IT manager deciding based on whether or not he thinks an individual should have access.

There is an ever growing grey area as more consumer sites become adopted for business use. These come to me for assessment and there are a set of “good enough” control measures in place based on the risk profile of the work being done. Never say no, put a price on yes!