Article Options
Client Computing Best Practices

Security Overload

brucemichelson| October 23, 2011
Post a Comment
0

As part of my daily routine in preparation for interaction with my teammates and customers regarding client computing, I always seek out any latest information regarding security breaches being reported. The bad news is that I typically do not have to look too hard or too far for this information. But first, the disclaimer ....

 

The contents and comments  on this blog are mine and do not represent those of my employer.

 

As consumerization of IT continues to be underway, risk is dramatically increased as the devices become more vulnerable. There comes a point in time, regardless of the reality, where a message no longer resonates. Security messaging may be a part of that situation.

 

From an IT perspective, security will always be a top priority. However, as IT is perceived to becoming more commoditized, the end users and the departments may become "tone deaf" to the messaging.

 

In my research there have always been certain realities we all have to deal with such as :

 

- "risk is not real until to happens, to you"

- "we really cannot protect against everything"

- "let's take a reasonable risk"

 

There are other realities that we can discuss in later blogs, but these three I am hearing quite frequently of late.

 

1. "Risk is not real until it happens, to you"

 

There is something benign about the dialog of risk. If you have not been breached, either your social security number, your medical records, personal information, etc. the discussions about risk seem over reacting, perhaps too alarmist. However, if you have not been breached in today's environment, you are lucky, and luck is not an IT strategy.

 

2. "We really cannot protect against everything"

 

To some enterprises this theme has translated into a strategy of acquiescing and doing the minimum to protect information. It is an acknowledgement that there is a cost associated with security and that until something happens, the business case is not compelling. The parallel here is the life insurance conversation. If you cannot protect against everything, protect against nothing.

 

3. "Take a reasonable risk"

 

This is the latest dialog. In this respect I could not disagree more with this approach. What is reasonable to you , may not be reasonable to me. If you have my data and information, my expectation is that your business would do everything to protect my information, as well as other customers. I understand financial limitations, and I understand realities as well just as you the reader do, however, find another place to make trade offs.

 

It seems the more removed decision makers are from IT, the easier it might be to reduce the IT security expenditure.

 

I would submit that there is not a reasonable risk to take, only again a conscious and unconscious decision.

 

At the end of the day, a business' brand is likely its most important asset. This brand can get tarnished indefinitely for a long period of time if security is not taken seriously. By, seriously my expectations be that on the overall IT budget, security expenditures are never reduced.

 

If a business has weak asset management for hardware and software,non-encrypted mobile devices, non-secured desktops and laptops, and in general struggles with governance and BYOC, then risk may become very real, very quickly.

 

These are my thoughts, what are your?

 

Tags: breach| BYOC| desktop| IT budget| laptop| View All (9)
Labels: asset management| budget| byoc| closed loop lifecycel planning| hardware| risk| security| Software
Labels:
Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the community guidelines.
Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
 
Search
turn on suggestions Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
About the Author

About Channel HP Subscribe

Connect with technologists and business leaders from across HP and around the world. Channel HP brings you blogs about a variety of subjects, written by the people at HP. Please read our community guidelines here and legal information here.

Follow Us