Security: the state of being free from danger or threat
The dictionary definition of security above puts me in mind of the phrase first uttered by Inigo Montoya in the film The Princess Bride: “You keep using that word, I do not think it means what you think it means.”
When it comes to IT, I don’t think that dictionary definition is precisely what security means to most companies and organisations. The reason I say that is because it’s arguable whether there ever comes a point where a business or organisation feels free from danger or threat. That’s not really how IT security works.
Consider, for example, the fact that the more pervasive technology becomes, the broader the security risk. Or that the more advanced technology becomes, the more sophisticated the security risk to businesses that deploy it.
The relationship between the greater deployment of technology and a wider range of security threats is almost symbiotic, albeit in a particularly destructive way.
This is partly because the adoption of technology innovations and trends has often outpaced the implementation of the appropriate security measures to ensure the company is fully protected from the consequences of its actions.
It’s also because technology companies tend not to be security businesses. Their impetus is to develop and release products and services. That’s their main remit. If they do their job well, people will buy those products and services.
The problem is that some of those products and services may also make businesses more vulnerable to potential cyberattacks and security breaches.
For many organisations, being confronted with this reality after the fact can be hard to grasp. It can’t be easy to be told that your security spend has to become one of the biggest parts of your IT budget for the foreseeable future.
When people opt to purchase and deploy IT, they don’t anticipate that what they’re effectively doing is committing to spending significantly more money than they expected to secure that IT over the coming years. It’s almost, but not quite, as if they’re buying a security service with IT applications or services included as add-ons.
The resource attached to securing IT is becoming so large that it’s almost as if the innovation and cost required to make IT more secure is becoming equal to that of creating the technology it is meant to secure.
There seems to be no end to the cybersecurity growth opportunity for vendors and channel businesses. It almost feels as if there’s a new report published every week predicting big future increases in spending on cybersecurity.
But that does raise the important point of whether it will ever be possible for companies to achieve “the state of being free from danger or threat”. Personally, I can’t see how. Just as with “national security”, a new threat will always emerge, a new danger will always appear.
The only way to become totally secure is to stop making and releasing new products and services until the security systems are in place to handle all eventualities. But that means security would have to be at the heart of technology innovation – and that would more or less mean the IT industry becoming primarily a security industry selling associated technology products, applications and services.
Subscribers 0
Fans 0
Followers 0
Followers