Industry regulations could stifle the business innovation that
many experts believe to be the way out of the financial crisis,
says
Art Coviello president of RSA, the security division of
EMC.
Organisations may shy away from innovation under the crushing
weight of external regulations, he told the opening day of the
three-day
RSA
Europe 2008 security conference in London.
Coviello said security practitioners often find it difficult to
drive innovation because they are too busy with security projects
focussing on regulatory compliance audits.
"It is no surprise they do not have alignment with the business.
They are not working on business problems, they are working on
regulatory issues," he said.
Coviello said policy-makers need to take care they do not weaken
businesses through regulations that drive companies to spend
unnecessarily on perceived, but not genuine security risks.
He cited as an example of misguided or extreme regulations a
requirement in some Asian countries for the encryption of live
databases.
"Even if this were practical, the objective of protecting the
database could have been accomplished through proper authentication
and access control," he said.
Coviello said regulation has to be focussed on an intended
result and not on a prescriptive list of controls.
For all of us to succeed, we can no longer afford to be linear
thinkers, said Coviello. He paid tribute to
British computing pioneer Alan Turing.
"We must have the ability for conjecture, to conceive of things
as they might be - then and only then can we be masters of risk,"
he said.