http://www.darkreading.com/document.asp?doc_id=140698 By Terry Sweeney Dark Reading December 5, 2007 SAN FRANCISCO -- By his own account, Tory Skyers lives on the edge -- the storage edge. He defines that place as the point in the enterprise network where any kind of mobile device contributes content to the SAN. This device menu runs the gamut from iPod, to Zune, PSP, Treo, Blackberry, Psion, laptop or desktop computer, USB flash drive, and external hard drive, to name a few. He uses two incentives to get unthinking users to follow policy or stop doing dumb things. "Fear and money are great motivators," he told an audience here at the Storage Decisions conference this morning. "What is that data worth to you on your laptop, on your iPhone -- in monetary terms? What if you didn't have your contacts list saved?" said Skyers, senior systems engineer for Prudential Fox & Roach Realtors. That typically gets users thinking. He cited a recent example of an executive who wanted to store his iTunes directory on the company server. "I showed him that it would cost $670 per user for every 14 days of storage for that iTunes volume," Skyers said. Factor in five other users at more than $1,300 a month and suddenly it gives users a more concrete incentive to set an example and enforce such acceptable use policies within their workgroups, he added. IT should not be immune from enforcement, Skyers said. Consequently, when he wants to take a gander at jpegs of loved ones or work on a personal document, he plugs in the 8-Gbyte USB drive he keeps on his keychain and none of it gets backed up to company servers. Skyers encouraged storage pros to do some social networking of their own. Reach out to the marketing department to help come up with catchy ways to get people to be smarter about what they save and how they use the Internet. If the legal department hasn't already thought it through, remind them that the Bank of America got fined millions of dollars daily for its inability to produce emails. Ask human resources to get involved to give the policy some teeth, whether it's a reprimand or something more draconian. "They enjoy that," Skyers said, to appreciative nods from the audience. He also encouraged more intra-departmental discussion within IT. "How many times have you heard, 'I'm a security guy, I don't wanna look at your hard drive'?" he asked. Those are conversations that businesses of all sizes need to have to make sure artificial fiefdoms don't compromise the company. IT can also step in and create sanctioned alternatives like memberships to P2P file-sharing services that operate legally. And they can get more proactive by deploying desktop management programs like Desktop Authority and Powerfuse, which limit user's ability to store outside permitted folders, and restrict executables like Google Search, Skyers said. Other controls, like SurfControl Mobile Filter, limit access to certain Websites and protocols when the user is outside the network or VPN, and prevents downloading unauthorized data content. __________________________________________________________________ Visit InfoSec News http://www.infosecnews.org/
This archive was generated by hypermail 2.1.3 : Thu Dec 06 2007 - 02:12:52 PST