Infosecurity Europe 2010: Understanding vulnerabilties is key to security, says professor

Organisations fail to secure data because they do not understand the threats

Organisations fail to secure data because they do not understand the threats, says John Walker, professor at the school of computing at Nottingham Trent University.

"A common sense measure that most organisations fail to take is to understand what the vulnerabilities could be of new technologies," he told Computer Weekly.

Business talks a lot about security, but in reality, security comes second to commercial considerations, according to Walker.

"Security is still seen by many businesses as a burden instead of an enabler and they do not give it as much consideration as they should," he said.

Business needs to put security higher on the agenda and start listening to informed opinion, said Walker.

"Security professionals need have more say in business processes and be involved in projects from the start, from design through deployment," he said.

This will go a long way to stopping companies from acquiring security technologies that do not protect against the particular threats to the business, said Walker.

"By doing a risk assessment up front, organisations will be able to be more proactive about mitigating threats against new technologies before they are deployed," he said.

The rush to cloud-based computing is particularly worrying, said Walker, and is a classic case of economics being driven by technology.

"Everyone seems to be forgetting that between the cloud provider and the business is the internet, which is not governed and no-one really has control over it," he said.

Walker is to be a panellist in a debate on how to prevent converged threats from sneaking data out the front door at Infosecurity Europe 2010 at Earls Court in London from 27 to 29 April.

Read more on IT risk management