"Leythos" <void RemoveThis @nowhere.lan> wrote in message
news:MPG.1c4f484de963b227989edb@news-server.columbus.rr.com...
> In article <y9CdnVPoBZr5-HjcRVn-iA RemoveThis @comcast.com>, optikl RemoveThis @newsgroups.net
> says...
> >
> > "Leythos" <void RemoveThis @nowhere.lan> wrote in message
> > news:MPG.1c4f07601b3a0434989ecf@news-server.columbus.rr.com...
> > >
> > > The health-care groups I work with don't permit removable media at any
> > > general desktop computer in their offices. The servers have RW drives,
> > > and so do some of the managers, but the hundreds of workstations
don't,
> > > and the policy forbids USB/Card devices (including PDA's) except for
> > > those with written permission to use them.
> > >
> >
> > I figured there must some exceptions. I would find it extremely
difficult to
> > imagine my being able to transfer technical design data I have sold to
> > customers outside my company without having CDRW privileges as an
option.
> > Email encryption is cumbersome for very large files and usually violates
our
> > IT policy for the attachment size.
>
> That's why you setup FTP access and encode the file with a password. You
> give the clients a directory based on their name, user/password, and
> they can pull the file(s) using FTP. Simple, easy, works like bread and
> Applebutter.
>
> --
> --
> spamfree999 RemoveThis @rrohio.com
> (Remove 999 to reply to me)

This message is not archived

This message is not archived

Folks, I don't think throwing accusations back and forth about which organizations
do what is adding any value here.

I've spent time with customers of all sizes. And, regardless of size, about
50% of them do buy PCs with removable storage and 50% don't.

There are organizations that conduct an analysis of the risks vs. the benefits
and decide that the benefits of removable storage, for their business needs,
outweigh any potential risks they face. There are other organizations that
conduct the same analysis and decide that, for them, the risks outweigh any
business benefits. People are not stupid; they are capable of analyzing their
own risk environments and making good decisions in light of their required
functionality. (As in any binary division of human attitudes and actions,
there's really always a third group: the people who just don't care. In this
instance, though, my experience indicates that's a small number.)

Let those who choose to purchase removable storage be comfortable with their
decisions and remember to manage the risk, whatever it might be, appropriately.
And let those who choose not to purchase removable storage also be comfortable
with their decisions and help their users understand and abide by the restrictions.

Steve Riley
steriley.RemoveThis-AT-microsoft.com



> Greg Hennessy wrote:
>
>> As has been pointed out elsewhere, there is no corporate with
>> anything resembling a sane IT procurement and IT security policy
>> would countenance CDRW on the desktop.
>>
> Please provide an IT industry White Paper or some other professional
> literature to support this seemingly absurd assertion.
>
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
> You can have peace. Or you can have freedom. Don't ever count on
> having both at once. - RAH
>

Folks, I don't think throwing accusations back and forth about which organizations
do what is adding any value here.

I've spent time with customers of all sizes. And, regardless of size, about
50% of them do buy PCs with removable storage and 50% don't.

There are organizations that conduct an analysis of the risks vs. the benefits
and decide that the benefits of removable storage, for their business needs,
outweigh any potential risks they face. There are other organizations that
conduct the same analysis and decide that, for them, the risks outweigh any
business benefits. People are not stupid; they are capable of analyzing their
own risk environments and making good decisions in light of their required
functionality. (As in any binary division of human attitudes and actions,
there's really always a third group: the people who just don't care. In this
instance, though, my experience indicates that's a small number.)

Let those who choose to purchase removable storage be comfortable with their
decisions and remember to manage the risk, whatever it might be, appropriately.
And let those who choose not to purchase removable storage also be comfortable
with their decisions and help their users understand and abide by the restrictions.

Steve Riley
steriley DeleteThis @microsoft.com



> Greg Hennessy wrote:
>
>> As has been pointed out elsewhere, there is no corporate with
>> anything resembling a sane IT procurement and IT security policy
>> would countenance CDRW on the desktop.
>>
> Please provide an IT industry White Paper or some other professional
> literature to support this seemingly absurd assertion.
>
> Help us help you:
> http://dts-l.org/goodpost.htm
> http://www.catb.org/~esr/faqs/smart-questions.html
> You can have peace. Or you can have freedom. Don't ever count on
> having both at once. - RAH
>

Greg Hennessy wrote:

>
> As has been pointed out elsewhere, there is no corporate with anything
> resembling a sane IT procurement and IT security policy would countenance
> CDRW on the desktop.
>
>

Please provide an IT industry White Paper or some other professional
literature to support this seemingly absurd assertion.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

Greg Hennessy wrote:

>
> As has been pointed out elsewhere, there is no corporate with anything
> resembling a sane IT procurement and IT security policy would countenance
> CDRW on the desktop.
>
>

Please provide an IT industry White Paper or some other professional
literature to support this seemingly absurd assertion.


--

Bruce Chambers

Help us help you:
http://dts-l.org/goodpost.htm
http://www.catb.org/~esr/faqs/smart-questions.html

You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

On Wed, 12 Jan 2005 11:59:00 -0600, "optikl" <optikl DeleteThis @newsgroups.net> wrote:

>
>
>I figured there must some exceptions. I would find it extremely difficult to
>imagine my being able to transfer technical design data I have sold to
>customers outside my company without having CDRW privileges as an option.

That's what extranet and EDI connections are for.

>Email encryption is cumbersome for very large files and usually violates our
>IT policy for the attachment size.

Email encryption is not cumbersome if some T&E is spent implementing TLS
properly and configuring it to be the only option between you and your
customers.

--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone

"Greg Hennessy" <me RemoveThis @privacy.net> wrote in message
news:ct4bu09t666osfn48ch03ogpcr5bqshrmp@4ax.com...
> On Wed, 12 Jan 2005 14:03:31 -0600, "optikl" <optikl RemoveThis @newsgroups.net>
wrote:
>
>
> >"Leythos" <void RemoveThis @nowhere.lan> wrote in message
> >news:MPG.1c4f484de963b227989edb@news-server.columbus.rr.com...
> >> That's why you setup FTP access and encode the file with a password.
You
> >> give the clients a directory based on their name, user/password, and
> >> they can pull the file(s) using FTP. Simple, easy, works like bread and
> >> Applebutter.
> >>
> >That's very interesting. I need to talk with my IT folks about this.
Thanks.
>
> If they are paranoid about that, set up ftp access such only their cidr
> block gets access to the server.
>
Thanks, Greg. And they probably will be a bit paranoid about this. Our
systems and procedures have to satisfy DoD requirements.

On Wed, 12 Jan 2005 14:03:31 -0600, "optikl" <optikl.DeleteThis@newsgroups.net> wrote:


>"Leythos" <void.DeleteThis@nowhere.lan> wrote in message
>news:MPG.1c4f484de963b227989edb@news-server.columbus.rr.com...
>> That's why you setup FTP access and encode the file with a password. You
>> give the clients a directory based on their name, user/password, and
>> they can pull the file(s) using FTP. Simple, easy, works like bread and
>> Applebutter.
>>
>That's very interesting. I need to talk with my IT folks about this. Thanks.

If they are paranoid about that, set up ftp access such only their cidr
block gets access to the server.



greg


--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone

On Wed, 12 Jan 2005 14:03:31 -0600, "optikl" <optikl.DeleteThis@newsgroups.net> wrote:


>"Leythos" <void.DeleteThis@nowhere.lan> wrote in message
>news:MPG.1c4f484de963b227989edb@news-server.columbus.rr.com...
>> That's why you setup FTP access and encode the file with a password. You
>> give the clients a directory based on their name, user/password, and
>> they can pull the file(s) using FTP. Simple, easy, works like bread and
>> Applebutter.
>>
>That's very interesting. I need to talk with my IT folks about this. Thanks.

If they are paranoid about that, set up ftp access such only their cidr
block gets access to the server.



greg


--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone

On Wed, 12 Jan 2005 11:59:00 -0600, "optikl" <optikl.DeleteThis@newsgroups.net> wrote:

>
>
>I figured there must some exceptions. I would find it extremely difficult to
>imagine my being able to transfer technical design data I have sold to
>customers outside my company without having CDRW privileges as an option.

That's what extranet and EDI connections are for.

>Email encryption is cumbersome for very large files and usually violates our
>IT policy for the attachment size.

Email encryption is not cumbersome if some T&E is spent implementing TLS
properly and configuring it to be the only option between you and your
customers.

--
Yeah - straight from the top of my dome
As I rock, rock, rock, rock, rock the microphone

"Greg Hennessy" <me DeleteThis @privacy.net> wrote in message
news:ct4bu09t666osfn48ch03ogpcr5bqshrmp@4ax.com...
> On Wed, 12 Jan 2005 14:03:31 -0600, "optikl" <optikl DeleteThis @newsgroups.net>
wrote:
>
>
> >"Leythos" <void DeleteThis @nowhere.lan> wrote in message
> >news:MPG.1c4f484de963b227989edb@news-server.columbus.rr.com...
> >> That's why you setup FTP access and encode the file with a password.
You
> >> give the clients a directory based on their name, user/password, and
> >> they can pull the file(s) using FTP. Simple, easy, works like bread and
> >> Applebutter.
> >>
> >That's very interesting. I need to talk with my IT folks about this.
Thanks.
>
> If they are paranoid about that, set up ftp access such only their cidr
> block gets access to the server.
>
Thanks, Greg. And they probably will be a bit paranoid about this. Our
systems and procedures have to satisfy DoD requirements.

This message is not archived

This message is not archived