Do you know what’s sitting on your network?
Probably not, according to storage and security experts.
Any IT manager who thinks his network is holding nothing but customer records, financials
and billing information is really out of touch, say industry watchers. In actuality, the
average network just may be holding more emails from sweethearts, more recipes from Mom,
more copies of the last Star Wars movie and more clips of the latest J-Lo single than any
records supporting your business.
That means it’s probably way past time for a little spring cleaning.
Corporate data storage is being wasted and misused, says Nick Carr, a technology consultant
and author of the article ‘IT Doesn’t Matter’, which recent appeared in the Harvard Business
Review. Companies’ data storage is being wasted on stockpiling employees’ personal emails,
information about their latest e-Bay buys, MP3s and movie clips. He claims that typically 70
percent of storage capacity on any given Windows network is being misused.
Carr says this misused storage space is just one way companies are wasting money.
Keith Rhodes, chief technologist at the U.S. General Accounting Office, says employees are
wasting corporate storage space without giving it a second thought, leaving companies open
to not only running low on disk space but vulnerable to worms and viruses, as well.
”When we go in and test systems, we find there’s an awful lot of garbage, says Rhodes,
whose job is to test the network security at 24 different government agencies and
departments. ”People are starting to forget that the tool they’re using at work belongs to
the company, and they’re looking at it as their own personal space… People don’t seem to
make a distinction between work and personal, so it’s all disheveled and disorganized.”
Rhodes notes that disk space isn’t very expensive these days, but it doesn’t grow by itself.
Employees are needlessly putting a load on their corporate networks.
”People are looking to download the Matrix, and then you get some big Windows Media files,
and then a four-minute music video,” adds Rhodes. ”How many of these things are you going
to have, before there’s a problem?”
And forget about having to buy and install extra storage space so the people in the billing
department can save copies of their favorite email jokes and pictures of their family
vacation. The bigger problem could be a lawsuit or criminal liability.
Robert Gray, research vice president of storage systems at analyst firm IDC, says employees
hiding away MP3 files or copies of their resume is one thing. Hiding pornography or other
files that could lead to a sexual harassment charge or even a criminal complaint is
something all together more serious.
”When you get into all this stuff about harassment and pornography, they bring up a lot of
legal issues,” says Gray. ”Employees in the U.S. don’t comprehend that all the material on
that computer is basically the property of the employer. They don’t have the legal rights
they think they do.”
Having pornography on the network could add to the creation of a sexually charged workplace,
which could not only make employees uncomfortable but could lead to a sexual harassment
charge.
A similar, but more serous threat, is having child pornography on the network. And security
experts say it’s far more common than most IT managers would ever imagine. Many in the
security industry say child pornography — explicit images and text dealing with underage
children — is hidden on virtually ever large corporate network.
And having that on a corporate network causes a litany of legal issues — from creating a
hostile work environment to criminal liability for not only the person who put it on the
network, but for the company, as well.
Security and law enforcement experts have differing opinions on whether or not a company is
held liable for illegal content sitting on its network. Some say if company executives don’t
know it’s there, they’re not responsible for it. Others disagree. Most say IT managers need
to go looking for it. And all of them agree that once it’s found, it needs to be reported to
police.
Charles Kolodgy, a research manager with IDC, says IT administrators need to check their
systems for illegal content regularly — to both have control over their networks and to
eliminate and report illegal activity. Kolodgy notes that a lot of administrators check for
and wipe out MP3 files when they’re doing backups. They also should be checking for any
anomalies, such as the passing of data files outside the network, that would hint that
something is going on that shouldn’t be.
All the analysts agree that the best way to head the problem off is to create a policy that
restricts corporate Internet usage for anything but strictly business purposes. Users should
have no expectations of privacy when using company equipment and services.
Analysts further warn that IT administrators need to not only create the policy, but they
need to make sure that every employee knows about it and agrees to it. They suggest giving
workers periodic reminders and having a pop-up window that appears when a computer is booted
up. The window will show the corporate policy and by clicking on it, employees acknowledge
it and agree to it.