With all the recent scare stories about the Chinese and others spending untold man hours trying to hack the west (are they scare stories if they are grounded in at least an element of truth), the client I’m currently working for (a large multinational) have recently gone into lockdown mode to prevent themselves becoming victims.
Much of the actions being taken are somewhat sensible; The list of accessible web sites has shrunk (or rather the list of blocked sites has grown), administrator access is being removed from local/desktop machines, USB drives are blocked, only approved software can be installed and used, etc.
All sensible stuff.
Apart from the knee-jerk reaction manner in which it’s being applied is causing serious productivity issues whilst being inconsistent. Let me give you a few examples:
Among the applications being blocked were several tools used by numerous projects to perform development work, for example everything but the latest version of Eclipse, Cygwin, data folders for VM Ware slices, etc.
Then there’s the list of blocked sites, for example Facebook is fine, but MySpace is blocked.
Then there’s the additional issue of locking down the email systems. I’m running Windows Phone, but because they haven’t put it near enough the top of the list for testing (possibly because our user-base is so small) it’s not been certified in time as a secure platform (despite including BitLocker, an AES client, etc.) and so they have introduced the new security, but have to remove my remote access to email, calendars, etc. from the device. Clever.
To be fair, I suppose they are doing me a favour, where in the past I would look at emails and add tasks to my plan outside of work hours, I can no longer do this, so at least I spend less time working for free. Of course the down side is I can no longer refer to my phone to find the details of my next meeting or the phone number of a colleague in an emergency…
I could provide several more examples of how our productivity is being adversely impacted (the on disc encryption has slowed many machines down to a crawl for example, and I can’t view/edit environment variables without an “unlock code” from the helpdesk each time I try), but the issue here isn’t what or why this is being implemented. I can see a need and I agree with most of what is being done, but the implementation has been comically badly done and resulted in hundreds of lost hours.
Essentially the client has done a better job of hacking themselves than most seasoned hackers could have probably hoped for.
God job guys!
No comments:
Post a Comment