Large organisations spend billions every year trying to secure their workplace environments. Would they be better off ditching most of that expenditure?
Security picture from Shutterstock
That idea was raised by Gartner analyst Tom Scholtz during a presentation entitled ‘Kill Off Security Controls To Reduce Risk’ during the Gartner Enterprise Architecture Summit in London, which I’m attending as part of our ongoing World Of Servers coverage.
Scholtz noted that the dictatorial nature of enterprise security was frequently counter-productive. “It often results in contempt,” he said. “It’s not a very sustainable sort of environment.”
To be completely fair to Scholtz, he emphasised repeatedly that this argument formed part of Gartner’s ‘maverick’ strain of research — ideas which are deliberately provocative and which haven’t been formally tested and proofed to the same level as Gartner’s more commercial research. This idea is to stimulate discussion, not to lay down concrete workplace proposals.
It’s also worth noting, as I have in the past, that individuals who believe they can avoid any form of security issue because “I know what to do” are generally on a hiding to identity theft. The odds overwhelmingly suggest that you don’t know how a rootkit works.
With that noted, there is a lot to be said for avoiding security for the sake of bureaucracy, and identifying threats rather than frantically trying to block everything. “I review a lot of policy documents and some of them can be fairly clunky and substantial,” Scholtz said. “We could potentially save a lot of money and boost staff morale.”
“It’s not cost effective to eliminate all the risk,” Scholtz said. “At the moment, we’re impeding the behaviour of the 98 per cent who want to do the right thing because of the 2-3 per cent who want to do bad things, and maybe that’s the wrong way.”
Lifehacker’s World Of Servers sees me travelling to conferences around Australia and around the globe in search of fresh insights into how server and infrastructure deployment is changing in the cloud era. This week, I’m in London for the Gartner Enterprise Architecture Summit, looking at how to plan and deploy your overall enterprise architecture for maximum business value and efficiency.