RSA: Downturn will stifle IT innovation
Increased regulation triggered by the crisis in the banking sector could encourage governments to introduce more regulations that could divert IT resources away from innovation, according to RSA boss Art Coviello. Speaking at the first day of the RSA Security Conference Europe in London, Coviello told the audience of IT professionals that IT innovation was key to lifting struggling economies out of the current financial downturn. But that process could be derailed by an increased legislative burden combined with fear over costly IT mistakes in tough economic conditions.
"Companies may shrink away from productivity gains either through the fear of failure or under the crushing weight of externally-imposed regulations that are probably sure to come," said Coviello. "Today, more than ever, the potential stifling of business advancement is a serious threat, as many experts believe the way out of our current financial crisis is likely to be innovation."
Coviello told the audience that as information security practitioners, they were best placed to protect innovation in their organisations. But they may need to re-think their approaches to IT security as some experts believe current strategies are not effective."Information security should enable innovation and not inhibit it. But conventional wisdom tells us that IT security is largely seen as ineffective and at best extremely inefficient," he said.
The RSA chief said that too often, companies were focusing on protecting their perimeters rather than protecting information, and reactively responding to threats rather than pro-actively building in protection into infrastructure. "These companies find themselves falling behind as the threats increase exponentially," he said.
Another problem is that security has become unaffordable, said Coviello. He cited figures from IDC which put the percentage of IT security spend against the total spend on IT across the board at 1.5 per cent or about €11bn. That figure had risen to 3 per cent by 2006 or €26bn, with a projection that it will grow to 5 per cent by 2009 or €45bn.
"We are spending way too much. The message is that we are paying more and not feeling all that more secure as a result," he said.
He admitted that attacks have become more effective, particularly phishing and pharming, which did not exist in 2001. But he said that too much spending is done reactively and is focused on the wrong things. "Security strategies have been driven by fear, sold on fear, and sustained by fear. Success has not been measured on contribution to business goals, but on the number of viruses stopped or files encrypted," he said.
As more and more regulations have been introduced, focus has shifted from fear driven security to compliance drive security, the RSA boss said. "This is an improvement as standards of care have been introduced but it's still flawed as for any organisational initiative to be effective, and security is no different, it must directly impact the business," he explained.
To be more aligned with the business, IT managers should focus on be accepting of new strategies and think about ways to make them secure rather than rejecting them out of hand because they pose a risk to the organisation. "To do that you need to know and speak the business so that you recognise opportunities to add value," he said.