Business Users are Not Mature Enough to Handle IT Security

Though consumerization has completely changed the threat landscape within the enterprise, Sharat Airani, chief-IT (Systems & Security), Forbes Marshall, believes that users are not mature enough to handle the nuances of IT security by themselves.

I strongly disagree with the view that average users can take up such an immense responsibility of using their discretion when it comes to data security and protection.

No matter how responsible and well trained the citizens of a country are, one simply cannot hand them weapons and ask them to defend the country. That job requires a certain level of expertise and training and it's better to leave it to the experts.

Segregation of job profiles in an organization exists because not everybody can do everything. Though it's imperative that both business and IT work hand in hand towards more effective data protection practices, but blurring the lines of control could lead to unnecessary confusion.

An average user has limited knowledge about how technology works and how a small mistake could snowball into a larger problem for the enterprise. Even intensive training cannot ensure that users will understand the nuances of technology to be able to take a call themselves.

Security is not just restricted to not leaking passwords or clicking on spurious links. It's a giant monolith with compliance, regulatory policies and other industry rules all interlinked with each other in a tangled web that can perplex even the most skilled IT teams.

Today's IT environment is so complex that even CIOs are finding it hard to wrap their minds around it. I don't think business users are ready to take accountability for something they don't understand. They wouldn't even have the bandwidth to take time out of their routine to keep themselves abreast with technology changes.

I strongly recommend that the combination of a defensible, hostile and fertile network coupled with proper measuring and monitoring mechanisms--and creating user awareness--will help CIOs prepare the best defense for any attack.

Tags consumer electronicssecurity

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Risk Management Solutions

Create and deliver online assessments to identify business risks and track their mitigation and resolution.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.