Security vs. Business Flexibility
by Bruce Schneier
November 30, 2015
This article demonstrates that security is less important than functionality.
“When asked about their preference if they needed to choose between IT security and business flexibility, 71 percent of respondents said that security should be equally or more important than business flexibility.
But show them the money and things change, when the same people were asked if they would take the risk of a potential security threat in order to achieve the biggest deal of their life, 69 percent of respondents say they would take the risk.”
The reactions I’ve read call this a sad commentary on security, but I think it’s a perfectly reasonable result. Security is important, but when there’s an immediate conflicting requirement, security takes a back seat. I don’t think this is a problem of security literacy, or of awareness, or of training. It’s a consequence of our natural proclivity to take risks when the rewards are great.
Given the option, I would choose the security threat, too.
In the IT world, we need to recognize this reality. We need to build security that’s flexible and adaptable, that can respond to and mitigate security breaches, and can maintain security even in the face of business executives who would deliberately bypass security protection measures to achieve the biggest deal of their lives.
Ready to increase your organization’s resilience to security threats? Download “The Cyber Resilient Organization: Learning to Thrive Against Threats,” the latest study from the Ponemon Institute.
View Our Additional Resources
Key Steps to Improving Your Cyber Resilience
Join Larry Ponemon and John Bruce to learn best practices to reduce the impact of cyberattacks, key global findings from recent Ponemon studies, and steps to help enhance Cyber Resilience in their organizations.
Building Resilient Cloud Network Architectures
Companies need to build secure and resilient cloud networks that can survive today’s rising cyber threats to get the full, transformative value of cloud computing,
USA Funds is a nonprofit corporation that helps students prepare for, access, and achieve success in postsecondary education by providing them with financial and other valued services. USA Funds was established in Indianapolis in 1960 to help families finance rising college costs. Since its founding, USA Funds has supported a total of $247 bi...
Internet of Things Security: Ask Bruce, Episode Nine
The Internet of Things (IoT) is ushering in a new age of hyperconnectivity – and new cyber security challenges.