Discussions taking place at the RSA 2008 Conference held in San Francisco point out that security concerns are more and more of a drag on business innovations. According to RSA president Art Coviello, quoted by Dark Reading, this results in holding back companies’ creative thinking.
Coviello backed his opinion with statistics from research conducted by IDG and commissioned by RSA:
“More than 80 percent of IT, security, and business executives surveyed admit that their organizations have shied away from business innovation opportunities because of information security concerns,” he told the RSA audience in a keynote address Tuesday morning.”
Security policies place quite a significant pressure on users who are always told one click can lead to disaster and are always faced with cryptic dialogs boxes that aren’t at all helpful.
Worse, in most organizations security is viewed at best as a necessary evil, due to IT’s primary focus on trying to constrain behavior and prevent some desktop mishap, “Although well-intentioned, the inevitable result is that security practitioners are not viewed as enablers but people preventing the business from doing what it needs to do,” said Bill Boni, corporate vice president of information security and protection for Motorola, and one of the IDG survey respondents quoted by the RSA exec.
After identifying the negative effects of security on business innovation, Coviello also came with a solution. The best way to address downsides is a change in security mentality, a switch from saying “no” to potentially harmful actions to showing how they should be safely performed.
“The next time a new idea comes up, don’t start by saying it isn’t secure — start by evaluating exposures, the probability of the exposures being exploited, and the materiality of the consequences. Then put forth a plan to reduce risk in all three areas. Nothing should be done unless it is in the context of risk.”
This situation fully applies to Endpoint Security. There’s been a lot of buzz on how portable storage devices, such as USB sticks, smart phones and iPods can cause the ugliest virus infections, how they enable data theft and how loosing one with sensitive data can endanger the identities of millions. This leads to restrictive measures such as cutting all access to these devices. The negative result is less mobility of employees, less space for them to work and innovate, less effectiveness on their side.
The actual response to ongoing threats is learning how to handle portable storage devices safely, so as to benefit from all their advantages without overlooking their embedded threats.