Software // Information Management
Commentary
11/10/2010
01:09 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Social Security's Productivity-Blocking Policy

The Social Security Administration isn't doing enough to follow its own policy preventing unauthorized software from being installed on agency computers, the agency's inspector general says in a new >report. But the agency's policy is unrealistic, and the lack of enforcement -- to a point -- isn't necessarily a bad thing.

The Social Security Administration isn't doing enough to follow its own policy preventing unauthorized software from being installed on agency computers, the agency's inspector general says in a new >report. But the agency's policy is unrealistic, and the lack of enforcement -- to a point -- isn't necessarily a bad thing.The agency's Information Systems Security Handbook states that the only software authorized for use on agency computers is software purchased through agency-sanctioned requisition processes or developed, evaluated and documented in-house. In order to run other software, employees need to get their managers to submit a waiver request (with specific justification for why they need the additional software) to a cybersecurity official within the agency.

The government needs to open up to the idea that its users are consumers and will use the tools that are valuable to them. Consumerization of IT is in full swing, and it's high time for government to embrace it.

I'd argue that in my own work life, I'm more productive because I opt for a browser other than my company's stock browser choice. Certain other applications, like a video editing app, a desktop Twitter client, an unzipping application and an application to send links and other information directly to my smartphone also make it easier for me to get my work done. And yet none of these, so far as I remember, was supplied directly by IT.

Of course, there should be limits, but a blanket policy against installing any personal apps whatsoever doesn't make much sense. Security and the installation of apps counter to the goal of increased productivity are clearly concerns, especially in an agency that holds so much sensitive information and that has such a huge backlog of claims. The National Institute of Standards and Technology, which provides cybersecurity guidance and manages cybersecurity requirements under the Federal Information Security Management Act (the governing law for federal agency cybersecurity) even recommends organizations identify what types of software installations are prohibited. That, too sounds like a good idea.

However, these are justifiable reasons to blacklist certain applications, whether they be, say, LimeWire or World of Warcraft, to educate users on secure use and to conduct real-time monitoring of apps installed on agency machines for anything that violates the precepts of security and productivity. They aren't license to create a limited whitelist that places monumental approval hurdles in the way of productive uses that might coincidentally fall outside that list.

The inspector general raises the specter of unapproved software as a boogeyman, saying that seven of 197 of the agency's "malware incidents" in the past year -- including five keyloggers and two Trojan horses -- were caused by the installation of "non-standard" software. However, this may miss the point. The vast majority of the malware instead came in through a sanctioned piece of software -- the email client.

There are legitimate concerns being expressed here, as it's true that all it takes is one intrusion to create a major security incident. However, this boils down to a bit of overprotection. Sure, block everything, and nothing gets in. On the other hand, there's also the matter that nothing will get done.

Comment  | 
Print  | 
More Insights
The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.