Follow Island in the Net on WordPress.com

Corporate Silo

If the blocking of the 1Password browser extension is technical enforcement of a written corporate policy, then the “problem” is the written corporate policy. Even if the 1Password browser extension were allowed you would violate that policy the minute you used it in a way that was not approved.

I think Ton Zijlstra stated is correct, “..the actual silo you’re trying to escape is the company”.

Author: Khürt Williams

A human who works in information security and enjoys photography, Formula 1 and craft ale.

2 thoughts on “Corporate Silo”

  1. Nitin says:

    I agree. The real silo is that absurd policy.

    1. We don’t know that the policy is absurd as we don’t know the why of the policy. Perhaps the company is concerned that employees will use the password manager to store company passwords and the company policy says “don’t do that”.

      In certain environments there are regulatory requirements that preclude the use of such technology. In the environments I often work in, any avenue by which data could be exfiltrated - email, online storage, social media, etc. - is blocked. That includes password managers.

      https://support.1password.com/files/

      The last thing the corporate lawyers wants to admit to anyone is “we could have prevented this but we didn’t”. The job of these policies is to protect the company from whatever risks have been identified. The risk may be you.

      It’s offensive to me when someone with no background, experience or training in cyber-security second guesses the decision made by their security staff. It would be better to ask them why the policy is in place and ask them to explain it.

      https://www.wired.com/2008/03/securitymatters-0320/

Comments are closed.