On Mon, 22 Mar 1999, Larry Cannell wrote:
I'm not Bennett, but I've got a philosophical stake in the same issues he
does...
> So, from your statements, it appears that you have made some assessment of
> risk and balanced that against the value this application provides. Good for
> you. However, I don't think you are demanding the same level of
> sophistication from your email controls that you seem to be demanding from a
> T.120 proxy.
Perhaps that's because trending, analysis and business need for e-mail is
different than that of a T.120 proxy. Tunneling over SMTP is fairly easy
to detect due to data volumes, T.120 gives significantly more data in a
stream per user, and therefore is significantly easier to tunnel through.
What control you demand are the result of a risk analysis, and for some
protocols that'll be more than others. It's also true that the more
protocols you allow the more risk you inherit, so the cummulative effect
implies a higher risk and more controls may be appropriate to offset that.
> > Until then, I'm glad to have you running NetMeeting in through your
> > corporate firewall; the more people break into your net, the less time
> > they are spending trying to break in to mine.
>
> Obviously I don't feel that same as you regarding the risks involved with
> doing this (and I assume you've read previous posts where I've outlined the
Yet you seem to take issue with everyone who disagrees with your risk
assessment religiously, even while pointing to potential "Anti-Microsoft
sentiment" in others. Strange.
> controls we've taken) so let's just agree to disagree.
>
> However, I tend to take a different perspective. As long as you are not a
> supplier of my company (and affecting my bottom-line) then I'm glad you are
> NOT running NetMeeting between you, your suppliers, and/or customers.
> Because it means that my company gets an advantage over yours by lowering
> our costs and providing quicker time to market.
Or so you think. Just like the Web, there's a lot of potential for
employees to spend a great deal of non-productive time on social issues,
there's an oppertunity for trojans programs tunneling, business
confidential information leaking, and the like. Your business may not
have a great deal of worry about some of those things, and it may not
have enough worry about others. When the ambulance chasing lawyers get
to virtual ambulances we'll see how things fall.
I think if you look at business in a more objective view, time to market
really doesn't win that often from a strategic point of view (at least
historically.) For most industries over the last hundred years it's
been the second to fourth one to market that's won, due to the fact that
the first one out has a culture of risk that means that they miss key
feature or stability issues.
It's pretty easy to show a lower cost if you don't take all factors into
consideration. It's also pretty easy to take an ammount of risk in the
business infrastructure that would cause a loss disproportionate to the
business value.
It's the infrastructure that counts if you take a long-term view. If you're
the business equivalent of a day trader, you make short term profit for
high-risk activities, and that's your choice. Just don't expect
long-term investors to buy into your strategy - we know a lot of people
go broke that way too. Some people still buy bonds.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
