The Social Security Administration isn't doing enough to follow its own policy preventing unauthorized software from being installed on agency computers, the agency's inspector general says in a new >report. But the agency's policy is unrealistic, and the lack of enforcement -- to a point -- isn't necessarily a bad thing.
The Social Security Administration isn't doing enough to follow its own policy preventing unauthorized software from being installed on agency computers, the agency's inspector general says in a new >report. But the agency's policy is unrealistic, and the lack of enforcement -- to a point -- isn't necessarily a bad thing.The agency's Information Systems Security Handbook states that the only software authorized for use on agency computers is software purchased through agency-sanctioned requisition processes or developed, evaluated and documented in-house. In order to run other software, employees need to get their managers to submit a waiver request (with specific justification for why they need the additional software) to a cybersecurity official within the agency.
The government needs to open up to the idea that its users are consumers and will use the tools that are valuable to them. Consumerization of IT is in full swing, and it's high time for government to embrace it.
I'd argue that in my own work life, I'm more productive because I opt for a browser other than my company's stock browser choice. Certain other applications, like a video editing app, a desktop Twitter client, an unzipping application and an application to send links and other information directly to my smartphone also make it easier for me to get my work done. And yet none of these, so far as I remember, was supplied directly by IT.
Of course, there should be limits, but a blanket policy against installing any personal apps whatsoever doesn't make much sense. Security and the installation of apps counter to the goal of increased productivity are clearly concerns, especially in an agency that holds so much sensitive information and that has such a huge backlog of claims. The National Institute of Standards and Technology, which provides cybersecurity guidance and manages cybersecurity requirements under the Federal Information Security Management Act (the governing law for federal agency cybersecurity) even recommends organizations identify what types of software installations are prohibited. That, too sounds like a good idea.
However, these are justifiable reasons to blacklist certain applications, whether they be, say, LimeWire or World of Warcraft, to educate users on secure use and to conduct real-time monitoring of apps installed on agency machines for anything that violates the precepts of security and productivity. They aren't license to create a limited whitelist that places monumental approval hurdles in the way of productive uses that might coincidentally fall outside that list.
The inspector general raises the specter of unapproved software as a boogeyman, saying that seven of 197 of the agency's "malware incidents" in the past year -- including five keyloggers and two Trojan horses -- were caused by the installation of "non-standard" software. However, this may miss the point. The vast majority of the malware instead came in through a sanctioned piece of software -- the email client.
There are legitimate concerns being expressed here, as it's true that all it takes is one intrusion to create a major security incident. However, this boils down to a bit of overprotection. Sure, block everything, and nothing gets in. On the other hand, there's also the matter that nothing will get done.
The Agile ArchiveWhen it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
2014 Analytics, BI, and Information Management SurveyITís tried for years to simplify data analytics and business intelligence efforts. Have visual analysis tools and Hadoop and NoSQL databases helped? Respondents to our 2014 InformationWeek Analytics, Business Intelligence, and Information Management Survey have a mixed outlook.
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of September 25, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."