Security vs. Business Flexibility
This article demonstrates that security is less important than functionality.
When asked about their preference if they needed to choose between IT security and business flexibility, 71 percent of respondents said that security should be equally or more important than business flexibility.
But show them the money and things change, when the same people were asked if they would take the risk of a potential security threat in order to achieve the biggest deal of their life, 69 percent of respondents say they would take the risk.
The reactions I’ve read call this a sad commentary on security, but I think it’s a perfectly reasonable result. Security is important, but when there’s an immediate conflicting requirement, security takes a back seat. I don’t think this is a problem of security literacy, or of awareness, or of training. It’s a consequence of our natural proclivity to take risks when the rewards are great.
Given the option, I would choose the security threat, too.
In the IT world, we need to recognize this reality. We need to build security that’s flexible and adaptable, that can respond to and mitigate security breaches, and can maintain security even in the face of business executives who would deliberately bypass security protection measures to achieve the biggest deal of their lives.
This essay previously appeared on Resilient Systems’s blog.
blake • December 2, 2015 6:42 AM
That may be the common decision in the current business climate, it might even be our psychological disposition as a species, but that doesn’t mean it’s a sustainable strategy in the long term.
If the benefit of the deal is less than the total risk of a possible security breach – including the costs externalised onto the customers who get stalked or have their identities stolen etc – then it’s still a losing strategy.