Security as an enabler of innovation
by Christos K. Dimitriadis - International VP of ISACA - Wednesday, 10 October 2012.
There are management processes that have to be in place to ensure the IT security of an organisation and some of these are being deployed to deal with the risks of BYOD. Employees like to feel they can bring in the devices and connect them to the network. Talking about Google, Douglas Merrill, one of their ex- chief information officers, said “studies show that employees can increase company returns when they have the freedom to innovate by trying new software and new workflows. However, those returns disappear when employees are made to feel that their activities are illicit.”

As an example of how companies can give workers freedom without compromising security, Merrill described his experience at Google. "Google's engineering culture was all about working the way you want to work," he said. Employees could use any operating system and work from any convenient location - the office, home, a coffee shop, or wherever. As a result, it was impractical to rely on traditional security solutions, such as installing antivirus software on each device employees used.

Instead, Merrill said, Google addressed security by building up its infrastructure. For example, the company put antivirus protection on its mail server, which is the main source of viruses that infect the network. They also watched their network traffic patterns for any unusual spikes. Merrill said that enterprises need to find new ways to accommodate employees, while also securing their systems. Trying to change behaviour, like asking employees to stop using instant messaging or Gmail, only stands to stifle innovation.

IT security departments need to be aware of what their employees are up to and what is actually happening on the network.


Critical bug found in Cisco ASA products, attackers are scanning for affected devices

Several Cisco ASA products - appliances, firewalls, switches, routers, and security modules - have been found sporting a flaw that can ultimately lead to remote code execution by attackers.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Feb 12th