Security in an information age

This month’s news has highlighted three developments that reflect the changing nature of the security landscape.

The expulsion of Russian spies demonstrates the limitations of cold war tradecraft in a transparent society. The publication of over 90,000 military documents on Wikileaks illustrates the difficulty of safeguarding secrets in a networked world. And the Washington Post exposure of the sprawling size of the homeland security budget illustrates the expense in attempting to keep up with the mushrooming number of sources of intelligence.

These stories show that security and intelligence agencies have failed to transform their philosophy and methods to suit an information-rich, networked society, in which the nature of espionage, war and security are quite different.

We need a new philosophy for safeguarding information assets in an information age. One that appreciates the changing value and nature of knowledge, relationships and transactions in the emerging world. One that minimises secrets and focuses on reducing the business damage from the inevitable leaks. And one that develops richer intelligence systems that are better able to navigate a superabundance of data.    

More than a decade ago, I recall presenting these concepts to a UK government security conference. Everyone nodded their heads in agreement. Yet in the past ten years information security standards and governance systems have barely moved on. We continue to invest in outdated methods. Today’s initiatives in professional development, for example, focus more on yesterday’s needs rather than tomorrow’s world. We need much greater foresight, and, more importantly, a new willingness to change our ways.     

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

As managing and securing digital assets and data become more important to businesses it is critical that the proper programs are implemented to minimize risk. Developing training programs or awareness campaigns across the business can help to ensure that employees are able to make more effective security centric decisions. In addition to training and development programs, software tools can help to monitor and manage devices ensuring that both the device and its data are protected from threats. A properly trained and educated in-house team combined with the right software to help manage assets will allow businesses to breathe a bit easier when it comes to securing their important information.
I think the important thing is to get the Information Security team to continually educate and train across the company. After all the employees have to make security related decisions. If they are better informed then they will make the right decisions (mostly). Too many companies create an Information or IT Security team and believe that is all that is required. The Security team generally has little or no remit to engage with the rest of the organisation until a security incident has occurred. I have come to the conclusion that more time and effort should be allocated to training and raising awareness within the company. Technology can only provide so much protection. This has to be backed up by an informed employee who knows about the current threats and the best practice to avoid them. Embarking on awareness campaigns and training programs might require people with a different skill set to those traditionally employed in security teams!