   I was working on social computing guidelines. I have several examples
   from IBM, Intel, and others. Its interesting but not surprising that
   they take a company-centric approach.

   Equally important is for employees not to use their company resources
   for personal business. Maybe it falls under a privacy policy I have yet
   to find, but there should be wording that protects employees when using
   corporate resources.

   My team and I are building a remote access infrastructure that proves
   as useful for work as for personal time. Here's the thinking:

   If we build an infrastructure for work only it will assume
   employer-owned equipment. However, if we build an infrastructure for
   Bring-Your-Own-Device (BYOD) then we can accommodate both personal and
   professional on the same device. Such a binary system demands either
   modifying every device to allow both personal and professional or build
   a corporate infrastructure to accommodate both.

   Why try to accommodate both?

   In many corporate environments its increasingly hard to keep new
   technologies at bay. I like IT staying ahead of the curve, implementing
   technologies and configurations that account for the broadest audience.

   How does that work?

   If you're company has a BYOD program or one that has personal devices,
   build an infrastructure that encourages connecting to the corporate
   infrastructure.

   Pro Business:
     * Having as many devices that might connect into your network connect
       through that network as often as possible helps mitigate the risk
       of malware introduction.
     * As such, malware and antivirus and software versions can be
       enforced on the devices
     * It encourages users to use the security measures, making them more
       likely to use them in a work environment

   Pro User:
     * Wherever you log in and via whatever device (within IT's
       capabilities) your communications will have the benefit of
       enterprise-level encryption and security
     * If IT implements optimization/acceleration, making use of that over
       the VPN client
     * Access to work resources when needed
     __________________________________________________________________

   My original entry is here: [1]Drafting Social Computing Guidelines. It
   posted Sat, 20 Oct 2012 21:52:12 +0000.
   Filed under: technology, InfoSec,

References

   1. https://www.prjorgensen.com/2012/10/20/drafting-social-computing-guidelines/