Sir – most organisations do not possess an effective security policy. If they do, it is usually out of date and only changed as and when something goes wrong. Even these reactive changes are often made simply by way of addressing the symptoms rather than the actual causes.

To effectively prevent unauthorised corporate access to the network, the first step is to verify whether a machine should be allowed on to the network. In order to do that, it’s imperative to know exactly which machine is accessing your network, what software it has installed within it and whether or not that same software is up-to-date. Only then can you begin to identify who the user may be – and decide whether access should be permitted or rejected.

The only way to deploy a valuable security policy is by having effective systems and procedures in place for implementing and enforcing it. After all, jobs, finances and company livelihood are at stake here. If your network authentication appliance isn’t programmed, and is subsequently managed in line with your security policies, all you really have at your disposal is an extremely expensive toy.

For end users, the choice is a simple one. Adhere to the corporate security policy, enjoy freedom of access on the network and an enhanced ability to do the job well or suffer restricted access and constant monitoring of activities.

To my mind, it’s a two-way process of trust. Nothing more, nothing less.

Scott Nursten, Managing Director, s2s

Source

SMT