With so many of us frantically learning to juggle our roles as parents, workers and most recently teachers; is it just my wife and I who feel it necessary to monitor the online activity of our teenagers during this lockdown? Sure, there’s rich educational content out there, but it sits amongst social networks, streaming services, gaming consoles and a world of other distractions. I almost miss the days when staring out of the window was a reasonable ‘get out’! In 2020 the preoccupations come thick and fast, so much so that the average parent is duty bound to tighten the technological reigns in the home. And that’s not necessarily an easy sell.

To set the scene, I’m a security evangelist, right through to my DNA. A techie who loves all the convenience and potential that technology has to offer. I truly believe it’s a blessing. When used responsibly and with the right controls, of course!

Like so many, I live in a smart home, with smart devices and smart kids. And whilst having a broad technical background is pretty much a pre-requisite to be a security consultant, it’s a source of constant frustration for my two teenage boys. You see, with our heads and hearts in alignment, my wife and I pretty much control everything they do; from a technological perspective that is.

Does this give them comfort? Are they forever grateful for our love and concern? Er, no, you’d think we were making them study by candlelight.

Yet it isn’t our ‘keeping an eye on them’ that’s the hassle. It’s very similar to the safeguarding we put in place for employees. No, the devil is in the detail of convincing, educating and then convincing again. And in my experience, this isn’t a far cry from the reaction we sometimes see in the workplace. Much like teenagers, employees should never have a free reign over all systems on the network. In both cases the potential for disaster makes me shudder. Controls need to be put in place to keep everyone safe and secure. Not least to ensure we all get our fair share of bandwidth. Then you just need to tell them what you already told them….and repeat….

Most organisations have adopted change control processes. Some do it manually and some with an IT Service Management tool such as ServiceNow, Remedy or similar. These solutions are used to safeguard critical systems and protect good employees from making bad changes. Having seen mishaps from both intentional and unintentional incidents this is Security and Operations putting protection into action.

At home, my kid’s internet access is locked down. Gaming consoles are restricted, screen time is controlled. Much like the security department at work, it’s necessary but doesn’t win any popularity contests. To be honest I thought I had it down to a fine art. We’ve been working like this for a while, but since the Covid-19 lockdown my experience has broadened.

In the last few days one of the topics set by their school required our boys to have access to YouTube. As this is perceived as a distraction (my boys generally watch some character playing games and talking over their game play) my wife and I decided to restrict access to this particular service.

I asked my sons if they could provide me a valid reason why they needed YouTube, how long they needed access for and for what device they needed to access it on.

Their use case was legit.

Then it hit me. Much like a frenzied toilet roll shopper. This is exactly what change management does within organisations!

After I made the change to the filters and granted them access, I boldly announced, “Your request has been authorised and your change window is between 10.00 and 11.00”. The responses I got back were, “yeah okay…. what eva, weirdo!”.

Er, again, thanks!! Anyway, this got me thinking about other similarities.

As I mentioned, I’m a resolute techie. I love gadgets. Especially the latest and greatest ones. I faced divorce a few years ago after 17 years of marriage. Why? My wife found the invoice for the latest and greatest DJI drone I had procured. “You never asked me if you could spend that much” she said. Almost echoing my sons, I responded, “would you have approved?”. “Absolutely NOT!” was the finishing statement. I won’t go into all the details, but you can imagine how the incident went after that….. Whoops.

To be honest, this hasn’t been my only offence. I have a weakness but acknowledging it is the first step to salvation, right? Anyway, unsurprisingly I’ve faced divorce a few times since that initial purchase. On the bright side, I’ve learnt that the garden shed can be made quite amenable.

Within organisations, there are similar processes. To spend money, especially significant amounts, there are investment boards. At home, I call mine WIFE. Employees need to submit a business case to justify why they need the latest and greatest enterprise grade solutions. In the case of my company, Tripwire, it’s to help with their integrity monitoring, compliance and vulnerability management. Historically, I created business cases for such products when working as a Technical Security Manager. Much like my sons, I found that it was more likely to be approved if I could bring to the table ‘the additional value’ these solutions provide. With Tripwire’s offerings it’s easy to do just that. When we get to the table we can help to justify the investment into our award-winning solutions because the use cases are, put simply, legit.

Going back to my scenario about change control. How important is it for employers to ensure no unauthorised changes are going on? What if we didn’t monitor our critical systems for changes made by those who circumvent change control? Tripwire Enterprise will detect changes on systems and integrate with IT Service Management solutions to help validate those requests. Useful, and for the businesses this process can be automated unlike at home.

It’s important to ensure our families are safe. My 15-year-old has attempted to circumvent my home controls a number of times. He discovered if he turned off Wi-Fi on his devices and used mobile network data, he could circumvent the filters I had in place – all great until he ran out of data on his phone plan! He’s also discovered he could change the time-zone on his phone to get around iOS’s Screen Time controls, a weakness that Apple has acknowledged. Each time he breaches these controls, I’m alerted through various tools I have in place, and then I patch accordingly. Now, where have I seen this before???

Stay safe online, at home, and in the outside world.

A big thank you to all the key workers who are running so hard and so diligently to keep us all safe/protected.

For those interested, here’s an additional article discussing some basic measures you can adopt at home to help keep your children safe online.