Menu
INSIGHT: Enable the business? Why sometimes security must say ‘NO’

INSIGHT: Enable the business? Why sometimes security must say ‘NO’

"What is the next best option, apart from your current position of 'NO, do NOT do this'?"

Business: Saying NO is not an option. Security must enable the business. What is the next best option, apart from your current position of “NO, do NOT do this”?

Security: There are no good options here; we did the analysis several times, consultants and Gartner GTP analysts confirmed our findings.

Business: Remember that bit about “enabling the digital business”? You cannot say “no” – you must deliver us the next best option to enable us.

Security: Well, you can try doing X or Y, with additional safeguards of Z and U implemented.

Business: OK, that’s better. What are the known consequences of using this approach that you are suggesting?

Security: A huge meteor swarm hits Earth, everybody dies.

Business: Uh, OK. Business has the right to accept the risks, right? Risk accepted.

BOOM. Everybody dies. Then, 5000 years pass by.

An alien spaceship finds the now-defunct Earth, lands, and alien archeologists - in a bout of deeply alien curiosity - decide to figure out “what killed Earth?”

They find a record of the above conversation on a miraculously survived tablet device and an argument starts between the aliens: who killed everybody on Earth, SECURITY or BUSINESS?

So, who do you think did? Essentially, there are two camps of, ahem, aliens arguing:

  1. Security is at fault – they did not communicate the risks well enough, or
  2. Business [government agency] is at fault - they were stupidly negligent and didn’t listen to clear and precise communication, backed up by facts and external experts.

Which one sounds closer to the truth, if there is such a thing here?

Of course, this is not a post about the OPM breach. It is a parable about the fine line we have to tread in our daily jobs. As a security technologist you may be asked to do the impossible.

While I think optimism is a great belief system, sometimes the impossible is not just very difficult; it is actually frigging’ IMPOSSIBLE. And so-called “next best option” is that you all friggin’ die.

For example:

  • An enterprise-grade “APT-ready” SOC at $0 - no good options
  • An in-house run SIEM with no personnel dedicated to it - no good options
  • Patch as fast as possible – with no automation and fragile legacy systems - no good options
  • Processing super-secret data on an employee-owned PC on public wifi - no good options

Conclusion: Sometimes, “NO” is the right answer! Well, that and digging a deep enough bunker or moving to a space station before the meteor swarm hits.

By Anton Chuvakin - Research Analyst, Gartner


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags securityGartner

Featured

Slideshows

Meet the leading female front runners of the Kiwi channel

Meet the leading female front runners of the Kiwi channel

Reseller News honoured the leading female front runners of the New Zealand channel at the 2018 Women in ICT Awards (WIICTA) in Auckland. The awards honoured standout individuals across seven categories, spanning Entrepreneur; Innovation; Rising Star; Shining Star; Community; Technical and Achievement.

Meet the leading female front runners of the Kiwi channel
Meet the top performing customer-centric Microsoft channel partners

Meet the top performing customer-centric Microsoft channel partners

Microsoft honoured leading partners across the channel following a year of customer innovation and market growth in New Zealand. The 2018 Microsoft Partner Awards recognised excellence within the context of the end-user, spanning a host of emerging and established providers.

Meet the top performing customer-centric Microsoft channel partners
Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Show Comments