Welcome!

Containers Expo Blog Authors: Liz McMillan, Yeshim Deniz, Elizabeth White, Zakia Bouachraoui, Pat Romanski

Related Topics: Containers Expo Blog

Containers Expo Blog: Article

Assuring Compliance with Content Security

Lessons from the trenches

Employees aren't only clever at figuring out new methods for private communication, but also at figuring out more creative ways to do it. Many companies, for example, have figured out that cell phone cameras are a potential security risk and have banned them from the premises. And yet, the combination of instant messaging and low-cost Web cameras is every bit as lethal, but many AUPs have yet to catch up.

Web Browsing - Get Real
Companies have discovered that just as too lenient an AUP can lead to trouble so can a policy that's too rigid - because it can't be enforced. In most situations, for example, it's simply not realistic to ban any correspondence that is not 100% business-related. Human nature being what it is, even crusty security guys can spend a few minutes browsing ESPN.com. Here's the trap: once you have known violations, if you don't prosecute, then the policy becomes null and void, giving you no legal standing to enforce it. The better course is to create a policy that seeks a realistic balance. For example, you might specify that personnel are allowed to use the Internet for personal use (within the bounds of a company's anti-harassment policy) six hours a month, or only during a lunch break, or for 10% of their time. That gives employees the ability to check their bank accounts and eBay bids, and gives your AUP the flexibility it needs to pass muster.

You may find it also makes sense to have different AUPs, depending on the circumstance. To cite one extreme example, one customer, an energy company, had an AUP for the crew on an oilrig that essentially said: "Anything goes." The isolated environment and lengthy stays justify what, in a different setting, would be an irresponsible AUP. But note that when drilling crews return to the mainland, that policy stays back on the rig. While this approach may make logical sense, without automated tools to assist you in enforciong these different AUPs, putting this approach into practice is nearly impossible.

An Ongoing Process
It might sound like a cliché, but compliance turns out to be a process, not a goal. One of the biggest issues facing IT is convincing management to fund additional compliance projects, as well as maintaining the existing ones. When the regulations were first introduced, their visibility in the press, particularly with Sarbanes-Oxley, alerted executive teams to the need for funding. What IT departments are now discovering is that sustainable funding for ongoing compliance is much more difficult to secure. In some companies, the finance department expected that the budget would return to prior levels when in fact, compliance is an ongoing, never ending process. The people in the trenches know that, and the challenge is in communicating that message above.

Compliance regulations are here to stay. They will be tested in the field, refined by the courts, and, no doubt, augmented by further legislation down the line. The biggest lesson learned is one any Boy Scout can relate to: be prepared.

More Stories By Kimber Spradlin

Kimber Spradlin is a senior compliance architect at NetIQ corporation with eight years of experience in the information security field. She is a security subject matter expert currently focusing on understanding the needs of, and communicating with, the regulatory and policy compliance market.

More Stories By Skip Dostine

Skip Dostine is the product marketing manager for NetIQ's Marshal Content Security Solutions. With more than 25 years of international technology experience, Skip's background includes sales, product planning, project management and engineering, as well marketing and operations.

Comments (0)

Share your thoughts on this story.

Add your comment
You must be signed in to add a comment. Sign-in | Register

In accordance with our Comment Policy, we encourage comments that are on topic, relevant and to-the-point. We will remove comments that include profanity, personal attacks, racial slurs, threats of violence, or other inappropriate material that violates our Terms and Conditions, and will block users who make repeated violations. We ask all readers to expect diversity of opinion and to treat one another with dignity and respect.


IoT & Smart Cities Stories
The platform combines the strengths of Singtel's extensive, intelligent network capabilities with Microsoft's cloud expertise to create a unique solution that sets new standards for IoT applications," said Mr Diomedes Kastanis, Head of IoT at Singtel. "Our solution provides speed, transparency and flexibility, paving the way for a more pervasive use of IoT to accelerate enterprises' digitalisation efforts. AI-powered intelligent connectivity over Microsoft Azure will be the fastest connected pat...
There are many examples of disruption in consumer space – Uber disrupting the cab industry, Airbnb disrupting the hospitality industry and so on; but have you wondered who is disrupting support and operations? AISERA helps make businesses and customers successful by offering consumer-like user experience for support and operations. We have built the world’s first AI-driven IT / HR / Cloud / Customer Support and Operations solution.
Codete accelerates their clients growth through technological expertise and experience. Codite team works with organizations to meet the challenges that digitalization presents. Their clients include digital start-ups as well as established enterprises in the IT industry. To stay competitive in a highly innovative IT industry, strong R&D departments and bold spin-off initiatives is a must. Codete Data Science and Software Architects teams help corporate clients to stay up to date with the mod...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...
Druva is the global leader in Cloud Data Protection and Management, delivering the industry's first data management-as-a-service solution that aggregates data from endpoints, servers and cloud applications and leverages the public cloud to offer a single pane of glass to enable data protection, governance and intelligence-dramatically increasing the availability and visibility of business critical information, while reducing the risk, cost and complexity of managing and protecting it. Druva's...
BMC has unmatched experience in IT management, supporting 92 of the Forbes Global 100, and earning recognition as an ITSM Gartner Magic Quadrant Leader for five years running. Our solutions offer speed, agility, and efficiency to tackle business challenges in the areas of service management, automation, operations, and the mainframe.
The Jevons Paradox suggests that when technological advances increase efficiency of a resource, it results in an overall increase in consumption. Writing on the increased use of coal as a result of technological improvements, 19th-century economist William Stanley Jevons found that these improvements led to the development of new ways to utilize coal. In his session at 19th Cloud Expo, Mark Thiele, Chief Strategy Officer for Apcera, compared the Jevons Paradox to modern-day enterprise IT, examin...
With 10 simultaneous tracks, keynotes, general sessions and targeted breakout classes, @CloudEXPO and DXWorldEXPO are two of the most important technology events of the year. Since its launch over eight years ago, @CloudEXPO and DXWorldEXPO have presented a rock star faculty as well as showcased hundreds of sponsors and exhibitors! In this blog post, we provide 7 tips on how, as part of our world-class faculty, you can deliver one of the most popular sessions at our events. But before reading...
DSR is a supplier of project management, consultancy services and IT solutions that increase effectiveness of a company's operations in the production sector. The company combines in-depth knowledge of international companies with expert knowledge utilising IT tools that support manufacturing and distribution processes. DSR ensures optimization and integration of internal processes which is necessary for companies to grow rapidly. The rapid growth is possible thanks, to specialized services an...
At CloudEXPO Silicon Valley, June 24-26, 2019, Digital Transformation (DX) is a major focus with expanded DevOpsSUMMIT and FinTechEXPO programs within the DXWorldEXPO agenda. Successful transformation requires a laser focus on being data-driven and on using all the tools available that enable transformation if they plan to survive over the long term. A total of 88% of Fortune 500 companies from a generation ago are now out of business. Only 12% still survive. Similar percentages are found throug...