The bigger issue wrapped in this - and where things will get sticky for corporate IT as well - is what you do when someone is using personal systems to get around filters, etc. on the official system to do an activity that they shouldn't be doing. The stock trader that gets a kickback from one client for selling a declining stock to other clients, the C level that sends an e-mail to their friends advising them to sell stock, are easy examples I can think of. By encouraging people to use the corporate systems for personal e-mail, you can trap these folks a lot easier because all the evidence you need may be in one place if they aren't careful enough. On the other hand, you are taking on the burden of storing "humerous" MPG files, etc. There is no right answer - only a lot of grey area with positives and negatives all along the way.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/440/34484#34484