Though consumerization has completely changed the threat landscape within the enterprise, Sharat Airani, chief-IT (Systems & Security), Forbes Marshall, believes that users are not mature enough to handle the nuances of IT security by themselves.
I strongly disagree with the view that average users can take up such an immense responsibility of using their discretion when it comes to data security and protection.
No matter how responsible and well trained the citizens of a country are, one simply cannot hand them weapons and ask them to defend the country. That job requires a certain level of expertise and training and it's better to leave it to the experts.
Segregation of job profiles in an organization exists because not everybody can do everything. Though it's imperative that both business and IT work hand in hand towards more effective data protection practices, but blurring the lines of control could lead to unnecessary confusion.
An average user has limited knowledge about how technology works and how a small mistake could snowball into a larger problem for the enterprise. Even intensive training cannot ensure that users will understand the nuances of technology to be able to take a call themselves.
Security is not just restricted to not leaking passwords or clicking on spurious links. It's a giant monolith with compliance, regulatory policies and other industry rules all interlinked with each other in a tangled web that can perplex even the most skilled IT teams.
Today's IT environment is so complex that even CIOs are finding it hard to wrap their minds around it. I don't think business users are ready to take accountability for something they don't understand. They wouldn't even have the bandwidth to take time out of their routine to keep themselves abreast with technology changes.
I strongly recommend that the combination of a defensible, hostile and fertile network coupled with proper measuring and monitoring mechanisms--and creating user awareness--will help CIOs prepare the best defense for any attack.