Just going to throw this one out there today. Yes we all know that having security on our systems is a good thing but is it possible to have too much?
The reason I ask is that I came across a situation recently where a client had so much security on their systems that it impacted on the daily running of their business and actually made them less secure.
Let me explain. The client in question has a server environment with multiple group policies running and no IT support. The office manager was the onsite “help”. These group policies cover everything from which wallpaper you can have on your desktop to how long your passwords must be and how complex. The problem was there were too many of them and they were conflicting which meant that some users could do one thing whilst others couldn’t. The allowed passwords were so complex that the users had to write them down to remember them (security breach waiting to happen) and when they forgot the manager would be called on to reset them which in some cases could be multiple times per week!!
The owner was obsessed with securing their data and systems to the point they had forgotten one major rule – if you tighten your security that much users won’t be able to do anything!!!
I am all for securing data and client systems but I won’t ever secure them to the point of where my clients are unable to use them effectively. If the client can’t use them to run their business efficiently whilst still being secure then I aren’t doing my job right. There has to be a compromise.
So what do you think dear reader? Can you have to much security on your systems?
About the Author
Follow @Comtech247 on Twitter