Industry regulations could stifle the business innovation that many experts believe to be the way out of the financial...
crisis, says Art Coviello president of RSA, the security division of EMC.
Organisations may shy away from innovation under the crushing weight of external regulations, he told the opening day of the three-day RSA Europe 2008 security conference in London.
Coviello said security practitioners often find it difficult to drive innovation because they are too busy with security projects focussing on regulatory compliance audits.
"It is no surprise they do not have alignment with the business. They are not working on business problems, they are working on regulatory issues," he said.
Coviello said policy-makers need to take care they do not weaken businesses through regulations that drive companies to spend unnecessarily on perceived, but not genuine security risks.
He cited as an example of misguided or extreme regulations a requirement in some Asian countries for the encryption of live databases.
"Even if this were practical, the objective of protecting the database could have been accomplished through proper authentication and access control," he said.
Coviello said regulation has to be focussed on an intended result and not on a prescriptive list of controls.
For all of us to succeed, we can no longer afford to be linear thinkers, said Coviello. He paid tribute to British computing pioneer Alan Turing.
"We must have the ability for conjecture, to conceive of things as they might be - then and only then can we be masters of risk," he said.