da...@lang.hm wrote: > On Tue, 20 Oct 2009, Richard Chycoski wrote: > >> da...@lang.hm wrote: >>> >>> however, the thought of the corporate IT department _not_ managing >>> desktop/laptop systems for some part of the company sound very >>> short-sighted. >>> >>> yes, they aren't a profit center, and so can't produce cash to put >>> into the IT group. But neither are the Security, QA, HR, Finance >>> groups, and for that matter it's hard to quantify the revenue that >>> your executive management generates. These people all need safe >>> systems to use. In addition, having someone in one group use a >>> system that hs sending everything they do to hackers somewhere can >>> cost you a LOT of money (it usually has little effect, but when it >>> does cost you something it tends to cost a LOT) >>> >>> you really do want to make sure that anti-virus and anti-spyware >>> software is up to data on all systems, and ignoring some systems >>> because they do not generate revenue saves money now, but is likely >>> to cost a lot later. >>> >>> David Lang >>> _______________________________________________ >>> >> Unless you start treating the desktops/laptops/smart phones like >> external appliances. The idea of some of these new methods of >> connecting is that from the service end, you don't care about >> antivirus and other such software on the client - that becomes >> completely the client system's owner's responsibility. You download >> all of the administration of the client to the owner of the client, >> and only worry about channeling very specific, well protected >> resources out your firewall and the client machines simply don't get >> full network access into your facility. Examples of this are >> https-wrapped email servers. Your services don't get impacted if the >> client's machine gets infected with a virus because there is no way >> for the client to propagate that virus directly to others. You would >> be wise to implement virus checking for any file or attachment that >> you accept into the mail service, but the rest is outside of your care. >> >> Now - does this mean that one or more of your >> employees/contractors/parters could be flooded with viruses that they >> need to deal with? Yes, it does. It simply means that you no longer >> need to protect everything in the core from the outside client hosts >> every time that they connect. > > if you don't mind having everything that the employee/contractors/etc > see or have access to being available to hackers go for it. > > but if you do mind, then saying "it doesn't hurt me" isn't really true. > > David Lang I agree, in the bigger picture, it isn't true. It isn't stopping companies from trying it, though, and this is why products like the one mentioned from Microsoft is finding traction with CIOs and CEOs.
The reason that employees aren't fighting back is because then they can go out and get the new whiz-bang, flavour-of-the-month smart phone and don't have to wait a year for their IT department to start supporting it (if ever). There's culpability on both sides of the question. - Richard _______________________________________________ Discuss mailing list Discuss@lopsa.org http://lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
