Is it time to rethink the corporate Internet proxy?

Working as a consultant means I am exposed to lots of different organizations: some good and some bad. But the thing that strikes me as strange is how prevalent, even in the good places, highly restricted corporate Internet proxies are.

I’ve worked in an organization where, no lie, access to Stack Overflow was blocked! Others seem to block anything from the usual suspects of Facebook and Twitter, to unusual categorizations of blocking ‘anything social’ which happens to include this blog, which by the way, is probably more work related than other things you’ll visit on the Internet. Other places I have worked have blocked any HTTPS site (including Internet Banking). One place let you access Wikipedia but coupled with a prominent warning that all Wikipedia viewing would be closely monitored.

But these crazy corporate proxies are forgetting something. In this day and age where smartphones and mobile broadband are ubiquitous, if someone can’t access Twitter on their work supplied desktop, they’ll just use their iPhone! If they can’t download a file, they’ll use their MacBook and transfer it via a USB key. It’s commonplace to see staff with their own laptop on their desk so they can do whatever they want with it (and run whatever they want – bye bye Windows XP).

I once saw a technology company here in Brisbane advertise ‘fast, unfiltered Internet’ in their list of employee perks, alongside free pool tables and Friday drinks. I thought it was odd until I realized it’s actually a competitive differentiator for an employer to offer this.

The same goes for other technology. I’ve worked in numerous organizations that have forced their staff to use Internet Explorer 6, when at home, their staff can actually choose a modern, secure, standards based web browser. I was highly vocal in a previous job when there was a threat from management to uninstall Firefox from rogue staff’s computers because the supplied IE6 was supposedly more ‘secure’ (yes: WTF!).

I’m not advocating inappropriate access to content at work. But creating a nanny state using a highly restricted corporate proxy is not the way to motivate staff or let people be efficient at their job. Let staff do the right thing and don’t block what they should be able to use. Kick their ass only if they do the wrong thing.

In the days before broadband, smartphones and tablets, it used to be that what you could use in the office was technologically advanced. Nowadays, it’s commonly like stepping back in time.

Author: Alister Scott

Alister is an Excellence Wrangler for Automattic.

3 thoughts on “Is it time to rethink the corporate Internet proxy?”

  1. My previous company, a bank, gave us a laptop, wi-fi and unrestricted access to websites. And I was as productive and responsible as ever.


  2. Many companies use a service provider that delivers a block list to the firewall. There you select a few categories of what you want to block. The service provider puts sites into the different categories. It becomes “work” to whitelist a work related social media site once someone has decided to block social media … Supposedly a lot of filtering is driven by fear. Someone may get sued, if someone participates in something bad from their work place. And as FUD has been very powerful for decades now … That’s what you get. It’s a form of do nothing to avoid any risk.


  3. Even worse is when they inject themselves between secure communications. i.e. as a ‘Man in the Middle’, which is the case where I am currently working

    They have a proxy that sends it’s own certificate for the site you are securely communicating with. On most browsers this pops up a warning as the certificate is signed by the companies own Certificate Authority (CA), which is not a trusted CA in most browsers. But in their wisdom they have installed their CA on all their users machines.

    This means if you hit a website where there is an actual Man-in-the-middle attack, it shows up as a valid, secure connection in your browser..

    Oh Joy!!


Comments are closed.