In the comment section of a previous post, Barry asked what I meant by “Vault of Secrecy”. That’s what I call the lab where I work. Access is extremely limited even to other members of the company. What this should mean is that you have to have clearance to enter it. What it actually means is that you have to knock.
“Guest workers” do not know how to knock with gusto. Doesn’t matter if they’re Indian, Chinese, or East European. they knock apologetically. I get it that they don’t want to be rude, but I can’t hear them if I’m listening to anything and I have to keep an ear open just to hear it which is much more of an inconvenience then a more hardy knock would be.
One of the downsides to working in the Vault of Secrecy is that they are very particular about what we can bring inside. For instance, I couldn’t bring a laptop to work on the bus because I would have nowhere to put it. Not allowed in the lab and I have no workspace outside of the lab. The same problem exists with my Pocket PC. which is similarly banned.
They essentially ban anything that is capable of storing or producing information. Printers, CD burners, thumb drives, and digital cameras are all prohibited from the lab.
The main exception to the above is cell phones. Technically, cell phones are capable of storing information and most (including mine) can take pictures. I could point out the inconsistency of their policies, but I sort of suspect that their answer to the dilemma would be to disallow my cell phone.
Fortunately, and this is actually relatively unusual for an employer, they at least somewhat compensate for the inconvenience of some of these policies by not implementing some relatively easy cost-saving policies that nearly every other employer I’ve ever worked at has. Namely, since we can’t bring in music from home, they let us listen to streaming audio.
Unfortunately, they don’t compensate as well in other areas. Because we can’t bring any in from home and there is a bureaucratic process for procurement that makes you justify even small expenditures. Between eight of us, we have exactly one thumb drive that we pass around and keep track of as if it were the Holy Grail. The drive is a 256MB PNY jump drive. You can get a 1GB on Newegg for $5.49.
The main reason given for the policy is that they’re worried that we take information. I’m not saying that their concern is misplaced because we obviouisly deal with some pretty sensitive stuff. But their policies aren’t particularly effective. I could pretty easily get the sensitive material outside the lab and the building if that was what I wanted to do.
It’s rather difficult to come up with policies that in the end don’t simply rely in large part on the good faith of employees. This represents a potential problem for Mindstorm since so many of the employees are temps shuffling in and out of employment on The Turnstile of contract work.
Hey, at least it beats Soyokaze where there were people constantly coming into the lab and stealing your flash drives
Seriously though… security is always a problem, in every industry. Some of your reports on Soyokaze’s security issues with a contractor were the stuff legends are made of. The Turnstile of Contract Work is a problem, The Chain of Custody is a problem… and leaks happen all the time. In recent memory, Fallout 3 (video game) got leaked weeks before its release date… and of course the 4th edition Dungeons & Dragons books had their entire, pristine, glorious-looking printers’ proofs quietly leaked onto the torrent networks almost a month before the publishing date.
If you want real security, you can do it two ways; either (a) hound everyone as if they are already a criminal or (b) work to make your employees as happy as possible. Either tactic, alas, is eventually due to failure. You’re dealing in human nature, and eventually you’re going to hire someone who sees your security as a challenge and leaks something for the thrill of it, or gets a better offer from your competitors and thinks they can get away with it, or simply “doesn’t see the problem” until after their absentminded actions cause a security issue, like a laptop full of peoples’ social security numbers and addresses getting stolen.
As we in the IT biz like to tell it… your worst security problem is never on the desktop. It’s not in the operating system, it’s not in the data lines going to the outside world. It’s not the fact that you used 48-bit encryption on your passwords instead of 1040601920584572-bit encryption.
The term we use for 90% of our issues is “PICNIC.” It stems from the fact that the biggest security hole is sitting in a chair, in front of the computer. I’ll let you guess at the acronym if you wish
Comment by Webmaster — October 22, 2008 @ 7:07 am
Not much to disagree with there, Web.
Except I’d actually prefer the risk of my drives being stolen if it means that the supply problem has an easy solution. It beats not having the supplies that you need.
Funny you should mention the password, thing. I forgot to go into that in the main post. Mindstorm has the most elaborate password requirements I’ve ever worked with. None of my passwords, even one that was a random string of letters and numbers, were sufficient. I found a way around this by simply adding a pound sign at the very end…
Comment by trumwill — October 22, 2008 @ 8:53 pm
Isn’t there someone who will let you stash your contraband in his office?
Comment by Brandon Berg — October 24, 2008 @ 7:07 pm
Unfortunately, nearly everybody I work with works in a lab.
Comment by trumwill — October 25, 2008 @ 9:41 pm