As the IT administrator, you probably don't want to be tasked with setting the policy for what's allowed in the workplace. Unfortunately, in many cases the IT administrator has to make the decision as to how to interpret a vague or non-existent HR policy on what's permittable on the corporate network.
There's some obvious categories that should be blocked from the corporate network. Prevent malware, spyware and viruses, and implement tools and protection to that end. Next obvious is probably pornography, for all sorts of reasons, a sexual harassment lawsuit being the most convincing. After those two categories, everything else is probably more of a gray area if no one in your HR organization has already defined a policy.
The URL database vendors for proxies have made it easy to get specific websites categorized into these different buckets, and the proxy makes it relatively simple to setup policy to block the unwanted categories. That leaves the categories that are sort of in between. Is it acceptable to go shopping on company time? For the administrative assistant that's probably a yes, if he or she is going to the office supply store's website to order items for the office. But do other employees really need to be browsing Ebay during working hours?
How about a sports website? Perhaps if you work for ESPN or Sports Illustrated, that makes sense, but the typical office worker probably doesn't need access to those sites. And there's the hard call for the IT administrator. Should they be the arbiter in deciding what's allowed?
With some proxies, the IT administrator doesn't need to make that decision. Anything the IT administrator decides is in a gray area, can be put into a policy that displays a warning page when that type of site is visited. For example, if an employee visits Ebay, a guidance page that displays verbiage stating the site is a "shopping" site can be displayed, and warn the user that it may not be within the parameters of their job to visit such a site, that their visit will be logged, and if they want or need to, they can visit the site by clicking through the warning page. The benefit of this "guidance" page is that it leaves the decision about whether an employee can visit a page to the employee and not to the IT administrator.
If you're an IT administrator lucky enough to have policy set by the HR department that is clear, a good proxy, can also let you configure the policy to do whatever has been decided in the policy. Perhaps it's not okay to visit sporting sites during the day from 8 to 5, but outside of that time, there's no restriction on those sites. Perhaps the executives on management row don't have any restrictions on where they can browse, but everyone else does. These should be policies that your proxy lets you set. The proxy should be a tool in the IT administrator's arsenal, and one that helps keep the administrator out of the HR policy setting process.
Welcome to the Proxy Update, your source of news and information on Proxies and their role in network security.
Thursday, May 1, 2008
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment