This article is a response to the publication in the Wall Street Journal
Admit it: for many of us, it seems obvious that a gardener is not the right person to call about your leaking dishwasher, an electrician is unlikely helpful when you find yourself in a need of a haircut, and Best Buy store associate’s qualifications are nowhere near to be able to answer any computer-related question that you may have.
Evidently, the notion of common sense is yet to be discovered by The Wall Street Journal. The respected periodical decided that the brightness of the journalism graduate Vauhini Vara, who appears to have been studied at Stanford, is so outstanding that any technology opinion of hers is worth publishing in the WSJ Report.
I am referring to the article titled Ten Things Your IT Department Won’t tell you, where Ms. Vara shares her (quite twisted) thoughts about a dozen of technologies that people can use to circumvent various restrictions imposed on them by their evil IT departments.
The pure brilliance and unmatched technological versatility of Ms. Vara shine throughout the article. I think, there are CIOs who would not hesitate to extend her a job offer. In the article, the reporter not only managed to actually list 9 common IT headaches, but also tried to identify associated security risks (how hard could that be) and provided excellent (from the economics and creative writing student’s point of view) recommendations on how to countermeasure those risks. Let’s take a closer look.
The problem: People use public file-sharing servers to share work-related data, which may lead to data compromise.
Ms. Vara’s opinion: It is OK to use those services as long as they come from reputable companies, funded by well-known venture capitalists, use SSL to transfer data and bear VeriSign security seals on their front pages.
The truth actually is (healthy views are given here in bold italics): it does not matter how reputable the company is. Encryption does not always protect data in transit and “a little lock” in your browser does not encrypt the information that you store on the service providers' sites. Additionaly, “a logo from security company” does not mean that the identity of the site is knows.
Ms. Vara’s take: bring it on the removable drive or use web-based alternatives. Identified risk “IT department likes to keep track of all software” can be easily defeated by “tweaking your antivirus’ settings”.
Now, Ms. Vara, here's an important tip for you: Next time, before publishing ridiculous claims, take time to verify whether they are actually attainable.
This very optimistic approach will not work in the environment where users are not given permissions to “tweak settings” or otherwise alter the operating system (which is the case in all healthy IT departments).
Do not be too excited, though... There's always a catch. Ms. Vara says “do not use public proxy servers, because this way you can get some malware”. Now, I am confused… Whose side are you on, Ms. Vara? Use a proxy, don’t use a proxy... What if the only proxy server that I can access is operated by my employer’s IT department?
The matter of fact is: the people in your IT department are, usually, smarter than you are. You will not be allowed to use public proxies and other relaying services. There are, of course, other ways to sneak out, but it is quite likely that your employer logs all your web activity. Your communication skills will be put to a good use when HR/Legal invite you to explain your browsing adventures.
A tip from Ms. Vara: If you can’t fight the urge to dive into the nastiness of the web while on business trip, go ahead, use company’s laptop, but don’t forget to clean your cache and wipe your cookies when you're done.
The spoiler: Even when you are not connected to company’s network, your company can track everything you do with your laptop (except for, perhaps, the physical abuse). There are over a dozen of vendors whose products offer this functionality. And most of those products cam be configured to be invisible for the average user.
The problem: you are a workaholic and need to search through your work documents in your spare time.
The Solution: Download Google desktop.
Unforeseen complications:
a) The company will not likely let you download and install Google’s crapware, but do not worry. Just ask your IT admin to help you set it up and you’ll kill two birds with one stone: get the software installed and find someone to blame for it if something goes wrong.
b) If you manage to get it installed, you’ll notice that you can only access the index from home, but not the entire document.
It looks like by #6 Ms. Vara ran out of topics to cover. The #6 thing is somewhat redundant and virtually the same as #1. Anyway, the well-respected opinion of Ms. Vara states that it is perfectly fine to use online storage. To stay secure, just use your best judgment: under no circumstances should you upload proprietary information or trade secrets -- this could hurt your company; only copy personal information, customer credit card details, or other junk that your company does not care about.
Again, no data are safe when you have no control over it. Buy yourself a removable storage, for god's sake -- it is dirt cheap now.
This one is just brilliant. If you don’t trust your employer, Ms. Vara suggests you use google mail. Do not worry about Google tracking you – use a (misrepresented) personal tip from Mark Frauenfelder of BoingBoing – just add an “s” to the “http” and you’ll defeat the evil searching machine -- it cannot to track you over encrypted communication channels! To stay even safer “use these tricks only occasionally, instead of as a default”!
Encrypted channels protect information in transit, but your data get decrypted as soon as it hits google's web servers and stay decrypted and vulnerable in any way possible.
According to Vara, it makes you suck at the dinner table when people around you pull out their blackberries, but the only thing you can reach in your pocket is, uh, the keys to your 1985 Toyota Camry (because your ancient cellphone does not even fit in your pocket). Behold the technology! You can create a rule in your MS Outlook so it forwards all spam you receive at work to your mobile email account. Once again, the kosher way is to talk your network admin to do it for you so you can blame the poor guy later.
Ms. Vara's warning that hackers can break into the mobile devices is valid, but she fails to mention a substantially larger threat: the email that travels from your Outlook at work to your mobile device traverses who knows how many 3-rd party networks where it can get intercepted.
To do so “look at the settings area”. Be aware though that there is a huge risk associated with it: “your company probably uses a whole bunch of security technology to keep viruses and spies out”. The following sentences are so rich of pearls and gems, one might think that a spirit-boosting substance was ingested to catalyze writing of this part of the article.
In real life, your company-provided blackberry will be equipped with the company-provided security policy that enforces your settings, and your attempts to change them will not be successful.
It seems that this last one was a real challenge for Ms. Vara. The creative kick was out, but the desire to finish the article was still strong. The "9 things .. " in the title wouldn't sound right. So, the problem #10 materialized itself as (ta-da!) “How to look like you’re working”. The tip from Vara Vauhini, the indisputable expert in this field is: hit Alt-Tab repeatedly. While this item does not need to be commented, there is a question. Ms. Vara's article targets C-level executives. Why would a C*O need to pretend? Who's there to watch?
One will have to agree that Vara is an excellent writer: she managed to publish an article of questionable quality in the WSJ. There are, in fact, reports that some senior executives took this report seriously and demanded immediate answers from heads of their IT department to each of the 10 problems. No, I am not kidding - and it makes a great tip for the new startup companies - if you want a truckload of buffalo manure to be taken seriously by the right people -- just get it published in the WSJ. Talk to Vauhini Vara, she's got connections. Tell her I sent you.