We all have a right to privacy. It’s considered something so fundamental that we rail against anyone that tries to intrude on it. When we find out that an application is gathering information about us to target ads or sell to other interested parties it feels like a huge betrayal of trust. We lambast companies that don’t do everything possible to keep us safe.
However, when we step inside the enterprise it feels like a lot of that protection mechanism is suspended. How often do we hear things like “Your browsing traffic isn’t private” or something about not doing any personal business on the corporate network because it won’t be confidential due to security measures. It’s almost like our personal freedoms end at the door to our offices.
Justin Warren has noticed this as well. He was a recent participant in a discussion panel at Security Field Day and he has some thoughts about the dichotomy between privacy and corporate security measures. In his words:
If they’re so bored and disengaged that they’re browsing gambling sites at work, why is their manager not already aware of this and doing something about it? Why are you, as an IT admin, getting involved in what is a management issue of someone who doesn’t report to you?
Why is surveillance of DNS so vital to securing your IT systems?
Justin has some more thought provoking ideas in his post that you definitely want to read here: Are We the DNS Baddies?