We are more and more mobile. Even with the cost of fuel and travel, people are on the go and laptops make it possible for us to work more, and in more places. Judi Sohn brings up a very interesting, and frustrating point today on [email protected] about SalesForce.com's IP checking routine.
This clearly shows a total lack of understanding by SalesForce.com's IT Security group on where the market is going, but also shows how much clout IT-Security has over a company's product development. I've heard similar horror stories from banks, online company execs at Yahoo and elsewhere. Basically "security" is the magic word for "let's not make any changes." Unfortunately, change is upon us, and as people work more from home, in coffee shops and from hotels. They pose challenges to the IP Security teams at most companies, and because its easier to say "no" than to go figure out a workable solution, the end user, ala Judy, unfairly suffers.
I can relate to her plight. When I was on my honeymoon in Valencia Spain I made a point of still paying my team members at Comunicano. Unfortunately I made the mistake of using a VPN that made me appear to be logged in from the USA on one session earlier in the day when I used the bill pay service to get around some NAT/Firewall issues that were preventing the use of my RSA key, and didn't use the VPN when I was in my hotel room. The result was devastating. My bank online access was barred and my online accounts were all deleted/suspended by the bank.
What's more I spent over two hours trying to get someone with a lick of authority on the line, missed dinner that had been planned for weeks as no one would explain (or confirm) what I suspected happened. A few days later, thanks to intervention by my banker, I got the director of the division who had signed off on the policy and explained the situation. What was ironic was I had notified the bank I would be out of the USA and told them specifically where I would be and on which days. Unfortunately, that only seemed to apply to my ATM/Credit Card, and it was revealed to me that the online and ATM departments don't talk to one another. Or didn't. Now they do.
Judi's subtle points are well thought out. She's nailed the message that we're in a changing IT consumed world and the practices are not keeping up with the market. That means more marketing driven thinking and less IT driven requirements have to start finding their way into new products and services, otherwise the cost to deploy new technologies, which should save us more, will cost us all more.
Comments