Don't trust security to techies alone, Gartner says
Jay Heiser, a Gartner vice president, said the fundamental problem with a purely technical approach is that IT security professionals have no understanding of business. Speaking at this week's Gartner IT Security Summit in London, Heiser said businesses must now mature and appoint individuals who understand the complexities of business, rather than the simplicities of security.
"It has gone away from being reactive to being proactive and looking to see what might go on," added Vogt, who said policy now tops his list of priorities, while the firewall is at the very bottom.
Adopting this approach has contributed to cutting annual IT spending at Zurich from nearly $2 billion to "closer to $1 billion," Vogt said.
By recognizing risk early, rather than fighting threats reactively, Heiser argues there is also a large return on investment.
Companies that spend excessively on securing the perimeter, for example, may not have realize the greatest risk to their business is posed by the loss of intellectual property from within, as staff ferry portable devices in and out of the company unchecked, Heiser said.
"Stop being so technical and allow the business to become totally integrated with security," said Heiser, arguing that companies that continue to throw money at their IT department are living in "blissful ignorance" as far as the wisdom of their investment is concerned.
The ideal candidate for bridging this gulf, he said, will have communication skills and project management skills--probably with a business school background majoring in risk management.
Heiser added that there is little hope of technically minded individuals making the leap into this new middle ground from within the IT department without them also having a rare understanding of the bigger business picture.
Paul Proctor, a Gartner vice president, added that regulatory pressures have already gone some way to forcing this change as companies realize the IT department, though involved in the process of compliance, is ill-equipped to understand the wider business ramifications.
Will Sturgeon of Silicon.com reported from London.