Do company security policies apply to employees personal web sites ?

posted onJuly 9, 2001
by hitbsecnews

Giant Financial Service Firm discovers a digital dilemma. Some of its very best brokers have posted their own Websites to alert, advise, attract, and support clients. This mushrooming of internetworked money-management media rivals GFSF's own branded site. What to do?

Kill them all! Citing SEC compliance concerns and legal uncertainties, GFSF outlaws unauthorized sites and orders them extirpated. Unenlightened digital despotism? Or a very smart move for both branding and regulatory reasons? We'll never know. However, the Net as a medium that disintermediates the enterprise--excuse me, helps employees get closer to their customers--creates painful tradeoffs for self-proclaimed "customer-centric" executives.

The typical top management concern, of course, has long been figuring out how best to block unauthorized access to the firm's networks. Yawn. Round up the usual suspects: firewalls, passwords, encryption In practice, the more serious issue may well be the surreptitious rise of extracurricular sites that spring up unbidden--but for darn good reasons--to serve key customers and suppliers.

A couple of years ago, managers bootlegged budgets to set up unauthorized "intranettes" to help disparate divisions and departments run themselves. Simple economics dictate that the rise of such opportunistic "extranettes" will matter far, far more. Extranettes present the most serious business threat to clean, manageable distinctions between internal and external, them and us. In truth, the real importance of firewalls may well be to keep entrepreneurial employees in, rather than malevolent hackers out.

What should top management do when purchasing agents post special advisories for favored suppliers? Or when a derivatives design shop at a major investment bank decides to set up a simulations extranette for its best institutional clients? Or when a top saleswoman lets her customers participate in a special Web auction for a backlogged product? Who can possibly track this? Who's responsible? Legal? The MIS department? Perhaps employees should be expected to rat on colleagues using extranettes to extend their market reach.

One could argue that confident organizations might want to encourage this sort of initiative. Then again, there's a very thin line between dynamism and chaos. (Schumpeter didn't describe entrepreneurship as "creative destruction" for nothing.) If, say, the top 50 or 60 salespeople at IBM or Deutsche Bank or Johnson & Johnson each had a Net presence--distinct from but complementary to his employer's corporate site--that would unsubtly shift the balance of power and influence in that firm. Who really "owns" the customer relationship in such a situation? The individual or the institution?

A clever and ambitious employee has every incentive to use technology to make himself more indispensable to both his company and his client. The firm, of course, has every incentive to deploy technology that empowers employees and their customers--but not enough so that they become a threat to the business. That's a conflict.

Is it really in an organization's best interest to force everyone to manage key customer/client/supplier relationships through the "official" Website? Perhaps it makes better sense to co-opt the extranettes and make them official. However, that still doesn't address the power problem. An employee or department successfully running a bootleg extranette isn't going to give it up without a fight. You can be sure that valued customers won't appreciate having a service they once enjoyed being eliminated or modified beyond recognition. Who do you think they'll blame when that happens?

As the true tale of GFSF affirms, these concerns can only intensify. Most firms haven't a clue how many extranettes are being used to informally manage customer relationships. The fact remains that developing bootleg extranettes is becoming technically easier. In flush economic times, the reasons are entrepreneurial; in less happy circumstances, the reasons are self-preservational. After all, in the truly customer-centric organization, employees understandably develop dual loyalties.

Yes, dot-coms may be dead or dying as serious competition for established companies, but so what? How intriguing that the most complicated digital challenge to the enterprise's ability to get close to its customer may come from within.

SNP.

Source

Tags

Networking

You May Also Like

Other Articles In This Section

Recent News

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes
Apple announces macOS 15 Sequoia with window tiling, iPhone mirroring, and more
Apple integrates ChatGPT into Siri, iOS, and macOS
British police to scan 480,000 Formula 1 fans’ faces at Silverstone
Hackers steal “significant volume” of data from hundreds of Snowflake customers

Friday, June 7th

7,000 LockBit decryption keys now in the hands of the FBI, offering victims hope
FCC pushes ISPs to fix security flaws in Internet routing
Can a technology called RAG keep AI models from making stuff up?
How to Lead an Army of Digital Sleuths in the Age of AI

Thursday, June 6th

Mystery object waits nearly an hour between radio bursts
Apple refused to pay bug bounty to Russian cybersecurity firm Kaspersky Lab
Ex-Microsoft security expert torches Windows' new 'Recall' feature
The Age of the Drone Police Is Here

Wednesday, June 5th

Ukrainian Systems Hit by Cobalt Strike Via a Malicious Excel File
TikTok Hack Targets ‘High-Profile’ Users via DMs