VPN Haus spoke with Volodymyr Styran, a security expert, about ways IT professionals can work more closely with HR on issues like provisioning. VPN Haus has long advocated for IT departments to make user provisioning a higher priority and Stryan has some ideas on how this collaboration can be turned into reality.
VPN Haus: Let’s start with basic tampering. How can IT administrators prevent users, especially ones who are tech-savvy themselves, from tampering with settings?
Styran: I’d suggest application of strong organizational policies and thorough logging of user actions. Changes to local policies are usually reflected in [programs like] Eventlog. Collect it centrally in a separate log management facility, review the logs regularly, and follow up the findings via disciplinary action. This may sound a bit aggressive, and is rather reactive than preventive, but in my opinion this is the most effective approach.
VPN Haus: What’s the greatest enforcement challenge?
Stryan: The greatest enforcement challenge is making HR execute disciplinary action. Punishing is not their favorite part of the job, because it affects image…So, when it comes to HR, one has to present and explain every bit of risk and harm introduced by a violation. And all this definitely makes little sense unless strong administrative policies are established beforehand.
VPN Haus: Can you provide 3 – 5 tips on how IT departments could work more closely with HR to foster better communication between the departments?
Stryan: Sure.
– Be friendly, while being firm when needed.
– Make it formal, while maintaining good relationships. Write your policies firm and strict, but socialize with HR in a positive manner.
– Pay more attention to HR’s needs and concerns; this is relevant to relationships with any other non-IT function as well.
– Always explain. [In most cases,] they know next to nothing about [IT]. “We know better” doesn’t work. Although, the more you explain in the beginning, the less explanations they will need later on. This is how trust is developed with time.
Volodymyr Styran is based in Ukraine.
[tweetmeme source=”vpnhaus” only_single=false]