[thelist] intranet design

Tue Jul 31 08:56:16 CDT 2001

Memo from Martin P Burns of PricewaterhouseCoopers

-------------------- Start of message text --------------------

To take this to the absurd - do your employees access external email and
web on separate machines attached to physically separate networks to your
internal file/web/mailservers? Do they publish information (which
presumably
originated on the internal network) to the external site by retyping it?

Like any security application, it's not a job for the halfbaked, designed
on the
back of a cigarette packet, thrown together system. A sensible system will
do this properly, using roles based security. An ineffective implementation
doesn't invalidate the principle.

And are there really any secrets anyway? Should there be, in an era of
increasing
insistence on stakeholder accountability? Is the information you give out
fundamentally
false, or is it simply a different view on the same facts?

Great Cluetrain quote:
http://www.cluetrain.com/#manifesto
41: Companies make a religion of security, but this is largely a red herring. Most are protecting less against competitors than against their own
market and workforce.

Cheers
Martin

Please respond to thelist at lists.evolt.org

Sent by:  thelist-admin at lists.evolt.org

To:   "thelist at lists.evolt.org" <thelist at lists.evolt.org>
cc:

Subject:  RE: [thelist] intranet design

On 7/30/2001 11:28 AM +0200 Watkins Matthew <matthew at Natuzzi.com> wrote:

> Agreed, I have always wondered about this. I think in the end it is
> really only a semantic difference if at all. For example if you have
> very different target groups and need to communicate in a different
> way to each of them.

Well, I'd say another reason is security. I'd rather separate the
private information my employees see and the public information I give
out by using completely different systems rather than some half-baked
rights validation I cooked up.

--------------------- End of message text --------------------

The principal place of business of PricewaterhouseCoopers and its associate
partnerships is 1 Embankment Place, London WC2N 6NN where lists of the
partners' names are available for inspection. All partners in the associate
partnerships are authorised to conduct business as agents of, and all
contracts for services to clients are with, PricewaterhouseCoopers. The UK
firm of PricewaterhouseCoopers is authorised by the Institute of Chartered
Accountants in England and Wales to carry on investment business.
PricewaterhouseCoopers is a member of the world-wide
PricewaterhouseCoopers organisation.
----------------------------------------------------------------
The information transmitted is intended only for the person or entity to
which it is addressed and may contain confidential and/or privileged
material.  Any review, retransmission, dissemination or other use of, or
taking of any action in reliance upon, this information by persons or
entities other than the intended recipient is prohibited.   If you received
this in error, please contact the sender and delete the material from any
computer.