- Security TWENTY
- Women in Security
Responding to comments made by Enrique Salem, CEO of fellow IT security vendor Symantec, Avecto says that the profound – and potentially negative – changes to employee attitudes towards corporate security identified in his speech can be countered by the use of transparent and minimally obtrusive security.
According to Paul Kenyon, chief operating officer with the Windows privilege management specialist, Salem’s observations that younger employees are effectively rejecting the status quo of corporate security – which the Symantec CEO typifies as `blowing apart’ existing security practices – are quite valid, but they also signal that a fundamental change is needed in the way security operates in the workplace.
“Enrique’s comments in his keynote at the RSA 2012 San Francisco event this week may be merely an observation on an issue, but it is an issue that IT security professionals need to address by adapting the security technology to make it less visible,” he said.
“Just as consumer security vendors are increasingly making their security applications capable of working constantly in the background – and with minimal involvement on the part of the computer user – so the security industry on the business side also needs to streamline the endpoint security that the employee sees,” he added.
Even though IT security is streamlined and less visible to the employee, the Avecto COO went on to say, this does not mean it is any less effective. If anything, he says, it actually needs to be more effective in today’s multi-vectored threat landscape. The issue that the IT industry faces with the digital generation is similar to the one the motor industry faced in the 1970s and 1980s, when new safety rules started to kick in, mandating most drivers to wear seatbelts and drive cars with automatic airbags fitted, he added.
Just as the motor industry has responded with transparent and unobtrusive safety systems that the stakeholder – the driver – has bought into and now considers to be a normal part of the driving experience, so the IT security industry must develop a similar approach when it comes to security in the workplace, he says. This can be achieved by installing extra layers of security technology, he adds, that are pervasive but unobtrusive as far as the stakeholder – the employee – is concerned, he adds.
Only by using this approach, he argues, can the IT security industry hope to counter the potential problems with younger members of staff – who have grown up in the computer and Internet age – and ensure they maintain the firm’s high levels of security, but, crucially, with stakeholder buy in. Enrique is quite correct in his observations, but – just as people now accept a seatbelt as an integral part of the driving safety experience – so we need to develop security technologies such as privilege management across applications that are unobtrusive but effective, says Kenyon.
“Avecto’s own Privilege Guard solution is a classic example in this regard, since it eliminates the need to assign admin rights to users and allows enterprises to assign these rights to applications, tasks, and scripts – and in the background, meaning that users are unaware of the security system’s existence,” he said.
“Using this approach means that users may be aware of the fact that there is an IT security system operating in the background, but few give it much thought, just as few motorists now give much thought to using their seatbelt – it is an integral part of the security system that they only really become aware of when it has saved their bacon,” he added. For more on Enrique Salem’s RSA 2012 keynote comments: http://bit.ly/xsVlIO.