Am I being given accurate info by our head of IT?

[PAHarris]

I hope you'll forgive a question from a non techie, but I wonder if anyone can tell me if I'm being misled by my IT Manager.

He has stated that we must stop using Mikogo, as these kinds of desktop sharing programmes make it 'easy, for someone with the right tools' to access any files on our entire, company wide network' - even if the user themselves does not have this access.

He goes on to say that even if his event's log shows a connection with Mikogo for, say, 15 minutes, the external person could still have access and be surfing the network without this showing up on the IT Manager's activity logs (or anywhere else for that matter), so we could never know what was accessed and when, once a person is 'in the system' via a desktop sharing facility.

This seems odd when so many companies use Mikogo - or similar - and it would cause us many problems if we had to stop using it; but before I make any decisions I just want to check the information I've been given is accurate.

Many thanks in advance for any help.

Mel

 

[Leeky]

If your head of IT has told you not to use something, citing security risks for the network he/she is responsible for safeguarding then I'd generally accept you're not going to win this debate.

I do not know the full extent of the answer in regards to your query, but I consider it doubtful that you're being misled. The nature of the software certainly has a capacity to reveal (literally) possibly sensitive information in normal usage. From your details it sounds like the guy is concerned about that, as well as the open nature of the connection between the computers -- it could be exploited, giving total access to your network files to an intruder.

The responsibility of a corporate IT network is a huge responsibility, and is only ever as strong as its weakest link. Past history shows that most attacks occur because hackers/criminals take advantage of those ill-informed or totally unaware of the consequences of their actions on a grander scale. In reality the risk might be minimal, but it is "another" means by which the network "could" be compromised, and ideally you want it exposed to as little risk as possible. I'd imagine the person is playing safe.

I'd just comply if it was me, I'd rather the head of IT was my friend than someone I clashed with.

 

[PAHarris]

I should have made clear that I have to decide; he reports into me, so this is not a question of winning or not- he can only make the recommendation.

If senior managers complain to the Board that we got it wrong and we've unecessarily caused them huge problems in preventing its use, - and/or our Heads of IT in our sister organisations do not substantiate his view, then it's my head on the block if he's got it wrong!

Regards

 

[cliffordcooley]

In that case I don't think I would accept his request blindly.

If their is evidence, he should be able to show why he has made his request for the dismissal of the application.

Edit:
Would it be out of the question to pass such a deli-ma to the Senior Management team

 

[DelJo63]

Risk vs Reward!

Evaluate Mikogo for the features / benefits it provides. I don't use it and frankly have not
heard of it. None the less, as described by yourself, sharing is always (imo) a risk
if only for loss of Intellectual Property on your system. Even if properly protected from
external alteration, someone could share some file and your business advantage starts to decline to ZERO.

Most infrastructions I know of are severely restricting access to things like this and
Facebook, Twitter.

With the current state of the Internet, I would elect to err on the safe side - - restrict access.

 

[mailpup]

Don't take this the wrong way but if you don't trust the competence of your IT manager, why is he your IT manager? I'm sure he's not infallible and could make mistakes but will you be questioning his judgement all the time?