One of the things that we find often in our consulting projects is that supplier provides – or that the personal machine just doesn’t connect to the network physically – ie there is internet access only.

With so many devices able to hold a lot of data, USB and other data take off devices are another whole area of challenge to be reconciled….

More fun to come!

Justin

Let’s take the assumption that an enterprise security environment is only as strong as it’s weakest link, then you end up with wanting to install a minimum security baseline. This then leads you down the path of SOE, standard security settings, virus software, O/S, security and software updates etc.

This is where the greyness starts – if the employer insists on a MSB, then who pays for the licenses? who monitors compliance with license terms? Who monitors that the MSB is actually in place? What if their machine is out of date and can’t handle the SOE? Who maintains and pays for the internet connection? If it’s the company’s connection does this mean that the user’s kids can’t play on the machine for fear of breaching the company’s acceptable use policy? What happens with P2P if it’s on a work connection?

These issues are all very real and in practice, the simplest solution seems to be not to go there, which is possibly okay in the short term, but in an interconnected world this is not going to be a practical or cost-effective solution in the medium term and hence things will need to move forward.

My guess is that starting with an appropriate agreement which combines employment law and SLA-speak would be the starting point, combined with some thorough risk and technical analysis of what’s possible, and what downside needs to be managed.