I have spent 12 years of my career in IT management. Every one of those years has been spent in the financial sector working at a bank or a credit union.
In banking, depending on the size of the institution you work for, the FDIC or NCUA set very strict guidelines around what can and cannot be done from an IT perspective. In fact, at the largest credit union I have worked for, we were audited no fewer than 5 times a year. The auditors look at everything and leave no stone unturned. Everything is scrutinized on a very detailed level, including servers, networks, user accounts and policies & procedures. The good of this, from a security standpoint, is that you run a very tight shop. Audits can be a pain, but they force you to make sure that you follow policy and that your security is top notch. Over the years I have come to appreciate this.
Now lets shift gears to this whole Clinton email scandal. I seriously have a hard time believing that the IT department for the executive branch of our government is held to a lesser standard than the financial industry. There is no possible way that the network team for the white house did not know that Clinton was using her own email server for government business. It is next to impossible for any competent network admin/engineer to not discover that an employee is bypassing corporate email policy if they are keeping a close eye on things.
This then leads to other questions, like who else is using a “home brew” email server in the white house? Why is this practice allowed at all? I doubt you will find many corporations, if any, that allow employees to use their own email server at home for corporate business. Why does our white house?
I understand that Clinton is the real culprit at the center of all of this, but she should not have been allowed to do what she did in the first place. It’s not Clinton that scares me with this story, it’s the white house’s IT department.