IT Security: Are Your Users Buckling Up?

@NPAPryke

There is no panacea cure when it comes to IT security. Of course, if you’re a CIO or work in corporate IT, you’re probably swearing at the screen right now. It’s a no-brainer. This, we all know.

And yet solutions are still sold to plenty of SMEs – and let’s not forget a few multinationals, too – on the premise that their solution could be a stepping-stone towards that cure.

IT security has been, and most likely always will be, about the balance of risk and control. It’s about proactivity versus reactivity. Most importantly, it’s about the known unknowns, and the unknown-unknowns. For this, there can be no panacea.

It’s a point that’s been raised in every MeetTheBoss IT Security roundtable in recent months. Why? Because it’s part and parcel of understanding IT security in the ‘always-on’ era of smartphones and tablets. But it’s not just about the technology; the thumbs controlling the screens are of equal – if not greater – importance.

Siân John, Security Strategist at Symantec, brought this subject further into the limelight back in our last roundtable for 2012. As part of a wider discussion on security breaches from users, Sian analogised: “Users are like rivers. They’ll find the easy way down the hill. They’ll take the shortcut. Once you put technology into the UX, it stops them doing what they do. I like the analogy Matthew used in the last roundtable, where you make it very easy to get in and out of the general areas.

“You look at the very bad experiences and leave the more ‘normal stuff’ alone. It’s only when you get to the more sensitive things that you have to care about it. I think that’s where we’ve got to go with technology over the next few years.”

Both Sian and Matthew’s points resonate because they step outside the long-held belief that IT security is all about building adamantine systems that lock-down the largest number of external threats, inviting little device flexibility outside of its initial four walls. Today, consumerisation is on its way – and it has to be directed in the right way if IT security is to succeed.

For this to occur – and to borrow another analogy of Sian’s – users need to be protected. “If you look at the car in the last 20 years,” she explained, “it hasn’t changed much. It’s still got four wheels and a shell – it’s just got faster, smoother and has a lot more security baked into it.

“Today, it’s all about safety and protecting the individual inside, but no matter how much you bake into it, people still get killed every year in cars because you can’t defend against someone driving badly, taking the wrong direction or driving into something at speed.”

The point here is that enterprises and their IT bodies need to make technology easier to use in the context of security – not harder by placing more obstacles in front of users. Most drivers forget their cars have airbags and seatbelts – they’ve become second nature; you get in, clip in and drive. Sian’s point underlines the very real need for CIOs and IT Heads to start looking at the arenas of BYOD and enterprise mobility in the same vain.

Leveraging the same analogy, let’s put a different spin on this. If a seatbelt cost $10 to manufacture and place in a car, would the same mechanics using material costing $100 provide the same 900% increase in safety as it does for its price? Certainly not. The same is true for security solutions and mobile devices.

And yet this is exactly the perspective being adopted by, unfortunately, more than a handful of enterprises. Just like the seatbelts, better security doesn’t mean spending more money on the same solutions – it means getting users to a point where they accept the safety measures and buckle up without thinking. Then, and only then, will IT security be able to play ball with the next generation of end points.

As always, click here for a full rundown of topics and to register your interest for a MeetTheBoss Roundtable.

Topics:

Digital-Marketing,

Marketing