Photo Credit: thirdculturejp via Compfight cc
One of the best arguments I ever heard for security came from a consultant at the analyst firm Gartner. Although the individual’s name now escapes me, his message has stuck with me over the years.
He asked a simple question: “Why do we have brakes on cars?”
The obvious answer, of course, is to slow them down. That’s true, of course, but the real benefit of having brakes, he said, is that they allow you to go so much faster, confident in the knowledge that you can stop quickly if you need to.
If your brakes are dodgy, then you have to go slowly; if your brakes are top-notch, then you can really put your foot down.
So how does that apply to information security? Well, as security professionals like to say, good security should be a business enabler, not something that gets in the way of what you want to do. However, proving it is sometimes difficult.
When the rest of the organisation is pushing ahead with new projects and wants them launched overnight, the security team can sometimes be cast as the party-pooper, asking awkward questions and insisting on more safeguards before allowing it to go ahead.
This is where the brake analogy comes in useful. Can you imagine a car manufacturer working on a new model without any consideration being given to the brakes right from the start?
Of course not, the designer knows from the outset that the brakes are an integral part of the car, and the brake specialists are a key part of the team.
In a similar way, the security people need to be in on the project from the start, not just brought in at the last minute to rubberstamp the system.
And it is easy to find good examples of where security is key to success. Take on-line retailing mobile commerce, or mobile banking. They deliver huge economic benefits to their organisations, but require cast-iron security to make them acceptable to customers.
Most important of all, if the security people are brought in from the start, they are in a much better position to bring a positive momentum to a new project. Instead of crying “My god, you can’t launch this, it’s full of holes!”, they can say: “That’s a great idea. Now let’s se how we can make sure it meets all our security requirements.”
In other words, sort the brakes out from the start, and you’ll never have to worry about crashing into a wall.
By Ron Condon