Jim Routh and Gary McGraw discuss “why twenty-somethings skateboard right past security controls, and what it means for employers.” Basically this gets back to how Gen-Y (and some Gen-X) grew up with the Internet and can multitask and expect such access at work as part of their social culture. The subtle twist is that these multitaskers will often non-maliciously fenaggle access to the very things that are blocked, i.e. they’re “lifestyle hackers.” This puts pressure on policies, and on security teams that look for this behavior and consider it suspicious by default (kinda like why Skype sucks from a security perspective; ever try to analyze strange traffic endpoints when your business uses Skype? It blows!).

I can argue the topic either way, but what I don’t like is a company that uses only the excuse of productivity for such blockages, and makes it feel like the decison is an IT one. Really, productivity is an HR and managerial thing. Making it an IT or even painting productivity as a security issue reflects weak management. Sure, such restriction can be made a security reason, but productivity angles should not be argued in IT.

Oh, and I tend to fall into this lifestyle hacker group somewhat. I won’t go so far as to access FaceBook through a proxy/tunnel or be blatant about it, but I won’t shy away from updating my blog, Twitter, or other not-blocked things given I do actually get my work done. I do prefer to multitask, but I also do remember life before the Internet. I’m, age-wise, on the cusp of all these generational changes (I’m 32 this year).

Found this while catching up on my HiR feed.