As an example of how companies can give workers freedom without compromising security, Merrill described his experience at Google. "Google's engineering culture was all about working the way you want to work," he said. Employees could use any operating system and work from any convenient location - the office, home, a coffee shop, or wherever. As a result, it was impractical to rely on traditional security solutions, such as installing antivirus software on each device employees used.
Instead, Merrill said, Google addressed security by building up its infrastructure. For example, the company put antivirus protection on its mail server, which is the main source of viruses that infect the network. They also watched their network traffic patterns for any unusual spikes. Merrill said that enterprises need to find new ways to accommodate employees, while also securing their systems. Trying to change behaviour, like asking employees to stop using instant messaging or Gmail, only stands to stifle innovation.
IT security departments need to be aware of what their employees are up to and what is actually happening on the network.