The Big Security Stall

8:45 am on August 15, 2008 | By Meghan Whelan | In laptop security, risk management, security policy |

The PC Data Security Blog offers the opportunity for professionals to post on topics important to those within the IT Security community. This week, Rob Weber, Product Specialist at Beachhead Solutions, brings us this post.

Has your company or organization secured its laptop and desktop data yet? Maybe they have and now they can rest easy. If they have not secured the data yet, the number of reasons and excuses is mind-boggling. Security isn’t sexy, doesn’t increase the productivity of employees, and can be a drain on those charged with implementing the solution. Nobody wants to own the security solution or take on the work it involves, yet it is a necessary evil. Thus it becomes an internal battle in many organizations between the economic buyer / product champion and the IT staff that must implement the solution. The product champion pushes for their chosen solution and the IT staff puts up barriers to the encroachment of their ‘turf’. Why does IT balk? The following reasons are commonly heard:

- IT had little or no say in the selection of the solution
- IT is not staffed properly to manage the solution
- The solution creates more work for the IT staff since the end user experience has changed
- While acknowledging a solution is needed, it just isn’t seen as high on the list of priorities

Whether these reasons are spoken or implied, the solution is blocked using one or more of the following ploys:

- Utopian product requirements are put in place to block any worthwhile solution
- Other, sexier IT initiatives are elevated ahead of the security solution
- Solution inquiries are simply met with radio silence by IT

What could happen to change this behavior? It hasn’t happened yet, but it will soon . . . a real data loss followed by a real penalty charged to the offending company or organization. As soon as this happens, the world will change. A security solution will be pushed through at many organizations due to fear and anxiety. The fact that the solution is not sexy, not properly staffed, or simply annoying won’t matter anymore. Those will be smaller pain points on the path to fulfilling a company necessity. CEOs will get involved and make it uncomfortable for anyone standing in the way or delaying a solution. Why? It will be embarrassing to be caught with unsecured data, but more importantly, it may prove to be the end of the company or organization if real penalties are applied.

Share/Save/Bookmark

 

No Comments yet »

RSS feed for comments on this post. TrackBack URI

Leave a comment

XHTML: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>