Why you should say no to some new technologies

New tools will eventually find their way onto networks. But it's best to prepare first.

Ask security professionals about new threats in the information technology security landscape today, and chances are they’ll talk about new tools, technologies, and paradigms such as cloud computing and social networking. Although it's true that those tools can bring security concerns into the enterprise along with their benefits, it is important to remember that they are often simply new vectors for delivering existing exploits.

Coming up with the technology to plug new holes opened in the security perimeter by such tools usually is pretty easy once the holes have been identified. But the security technology does little good if the new tools are not brought into the enterprise’s policy environment.

The best-secured tools remain vulnerable if appropriate security policies are not enforced. Sometimes, the appropriate policy is to say “no,” although that has to be said with the understanding that eventually the new tools will make their way into the enterprise and more realistic policies will need to be readied for them.

Related stories:

With social media, even innocuous comments can add up to a data breach

It’s time to burst the cloud’s hype bubble

Tools that were once new, such as e-mail, laptop PCs, handheld devices and wireless access, have a history of creeping into the enterprise first as toys and gadgets, then as conveniences and finally as essential productivity tools.

It seems quaint that only a few years ago, some organizations banned wireless networking or remote access. But until those tools could be secured and policies could be put in place to regulate their use, such bans made sense.

Agencies are now struggling with challenges posed by cloud computing, virtual machines and social networking. The efficiencies, economies and flexibility of those tools are compelling, but so are the security risks they can present. There is little doubt that engineers and developers will deal with these threats. Meanwhile, agency officials must be working to ensure that when those tools come into the enterprise, they are covered by existing policies and any new policies that are necessary and that they do not come into the enterprise until they are covered.

Saying no to a new tool does not make you a Luddite, so long as that decision is reversed when appropriate.

New paradigms such as cloud computing are in many ways easier to deal with than tools such as social networking. Moving computing resources to the cloud requires a decision by the enterprise to implement and should be done with planning. That should provide ample opportunity for agencies to develop the appropriate policies and ensure that those policies are pushed, along with resources, into the cloud when the time comes.

Using social networking sites and tools might be trickier. They have become common business tools so quickly that administrators are struggling to keep up with their adoption. As security concerns become more visible, the companies operating the sites are improving their policies and technologies to ensure security and privacy. However, appropriate policies for their use also will be required, no matter how secure the sites themselves become.

Until those policies are in place and can be enforced, administrators should not be shy about saying “no” to their use. They should then use the time gained to develop policies that will enable them to say, “Yes, but….”

About the Author

William Jackson is a Maryland-based freelance writer.


  • Records management: Look beyond the NARA mandates

    Records management is about to get harder

    New collaboration technologies ramped up in the wake of the pandemic have introduced some new challenges.

  • puzzled employee (fizkes/

    Phish Scale: Weighing the threat from email scammers

    The National Institute of Standards and Technology’s Phish Scale quantifies characteristics of phishing emails that are likely to trick users.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.