IT security, still a dirty word

Despite the increasing value of data, personal and commercial, the monetary penalties for failing to keep personal data safe, and the potential brand damage from any data breach, IT security remains a dirty word in many UK companies.

Like insurance, many UK businesses still see IT security as a grudge purchase. Business executives struggle with the idea of paying for something they may never need.

“There is a lot of talk about data security and the need for it, but few organisations that are making the right commitments,” says Stewart James, partner at legal firm DLA Piper.

When it comes to new IT projects, he says, the specs are increasingly mentioning security, but when it comes down to it, relatively little attention is given to this area.  Commercial concerns tend to take precedence.

Companies that are most successful in ensuring that security technologies are not only implemented, but also used effectively, are those where security is part of the organisational culture, says James.

“Everyone recognises the value of protecting commercial and personal data, but these tend to be companies where data is the core of the business rather than some physical product such as a vehicle telematics and other web-based services,” he says.

Culture is the key, says James. This is borne out by the fact that public sector companies and organisations tend to be better at information security and generally take it more seriously, as do businesses and organisations in the financial sector, where confidentiality and security have real meaning. 

“Local government is probably not much better than private sector organisations at information security, but the closer public sector organisations are to the military, the better applied security technologies and practices become,” he says.

In these organisations, information security is enforced. This enforcement is an accepted part of the military culture. In the private sector, however, this culture of enforcement is missing.

Although it will be a long time coming, James says it is from the public and banking sector that the best information security practices, such as demanding greater security and assurances from all suppliers, are likely to grow out into the wider business community.

In the longer term, James believes we may see a dynamic change in the way business is done. We may get to the point where commercial enterprises accept that any products and services they introduce will be copied and that competitive advantage comes from being the first mover.

Imagine a world where commercial enterprises  survive by selling products and services to people before they realise they want them and then keep on innovating to keep ahead of competitors that will inevitably copy them.

In the mean time, hopefully businesses will begin to understand the real value of data and move from paying lip service to security or simply throwing money and technology at the problem to making security part of their organisational culture to protect all commercial and personal data.

Enhanced by Zemanta

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

The UK’s Answer to Privileged Identity Management SAMS (Secure Access Management System) is one of the many software products created and maintained by global company Data Track Technology. One of the first UK companies to create a privileged identity management solution. SAMS is now saving millions of pounds around the world by acting as the gatekeeper for anonymous but privileged identities used by network administrators to maintain their systems. These identities provide elevated permissions to install and run software, access files and change configurations on just about every network appliance, web service, database or business application in an organization but are mostly unaudited. To become compliant with standards like ISO/IEC 27001, PCI-DSS, Sarbanes-Oxley and HIPPA, organisations need SAMS to expose when unauthorised activity takes place. SAMS will manage the level of access made available, following the principle of least privilege. Many users acquire privileges over time that are never rescinded and while they are just trying to ‘get the job done’ can expose vulnerabilities in network security. User access can be activated or deactivated centrally and even set to last for a finite period of time. Finally, SAMS has reporting capabilities so the organisation can monitor and review activity on their network and prove compliance to auditors. SAMS is the ideal solution to prevent individuals with a destructive agenda from harming your business and also helps owners to manage their network infrastructure. As an innovator in managing communications, speak to a Data Track representative today. Simply ask sales information about SAMS and we'll be happy to help. Tel: +44 (0)1425 270 333 Email:
Almost two-thirds (61%) say the responsibility for protecting information and devices falls on IT or service providers, not individual employees. Why should an employee feel that they are immune from certain rules, which are often put in place to protect sensitive corporate information?