This post is in response to a buddy of mine's, Martin McKeay over at the "Network Security Blog". He has a post entitled "Is Twitter a risk?". Well, of course Twitter is a risk. Of course Email is a risk, of course "X" is a risk! Everything is a risk, but you have to get to a point where you have to do the balancing act between what is allowed and what isn't allowed. If you won't want to allow Twitter in the work place, then there are many ways to ban things like that (websense, proxies, etc). I don't want to pick on Twitter, because I am on Twitter. But any "Service" is going to pose a risk.
Heck, SSH at my house poses a greater risk than anything I can post on Twitter. You know how much data one person who knew what to do could offload from your corporation to their house via SSH? The possibilities are endless.
At some point you prevent your employees from doing bad things, at some point you prevent your employees from doing things to your networks, and other people's networks. But at some point you have to invest a certain amount of trust in users. And I know people are going to disagree with me and say "never trust your users!". Which, is mostly a good philosophy, but it's a delicate balancing act. Where do you draw the line?
Subscribe in a reader