Circumventing Enterprise Security Policies

Interesting article on how employees are circumventing IT Security Department policies.

This of course as we know exposes the company to IT GRC concerns (Governance, Risk & Compliance). A couple hard numbers that jumped out at me.

"80 percent of the enterprises are supporting proxy applications, such as KProxy or CGI proxies, which mask the user's identity and surfing habits from IT monitoring tools."

:...half of the enterprises studied by Palo Alto are supporting Tor or other methods for encrypted "tunneling" through the corporate network. Tunneling enables the user to bypass IT traffic enforcement mechanisms."

A comprehensive security policy starts from the top down with an IT-GRC solution. It then incorporates all the scoring, controls and assessment automation products into a unified view to help expose situations like those identified in this study. Once exposed and the risks understood, the priorities can be set to help quickly resolve these issues.