On Mon, Oct 15, 2012 at 8:44 PM, George Herbert <george.herbert@gmail.com>wrote:
This solution - the "don't care" solution - almost fails the negligence test for certain security regimes including PCI (credit cards) and possibly SOX for retail data locations (and HIPPA for hospitals / medical locations, etc).
Of course, and this is where the situational judgement comes in to play. The low-security environments I was envisioning are those more like my own office, where the only on-site server is basically a homebrew NAS storing music/movies for slow days. We've jumped head first in to the Google Apps system so all files, mail, etc. are there. Payments and any other customer-facing services are on servers hosted in a proper datacenter, never coming close to the office LAN, so our actual risk is basically the same as that of a home user. The boss using his laptop on public WiFi worries me a lot more than someone gaining access to our network. If you take payments on-premise and transmit them over the network, it's obviously another story entirely.