Security goes beyond enterprise borders

Experts presenting at an IT security conference last week urge enterprises to do their part to keep the Internet safe.

When people try to prevent their homes from being broken into it, there is only so much they can do alone. A homeowner can buy better locks or install an alarm, but those measures only work to an extent.

Starting a neighborhood watch, on the other hand, may be more effective

Improving information security is similar. A company can only do so much itself to improve its own security, and there comes a point when enterprises and the government will be asked to share resources and information on vulnerabilities and security incidents.

In some cases, truly improving security will require companies to make investments in "internalized externalities," which are things that will help others in addition to themselves.

The situation is analogous to community members deciding they want a park in their neighborhood, said Adam Golodner, associate director for policy at the Institute for Security Technology Studies at Dartmouth College. "So we decide everyone should pay $5, but someone says they will only pay 50 cents. I wouldn't feel very good about it if others are not paying," he said during the recent e-ProtectIT conference at Norwich University, in Northfield, Vermont.

Yet Golodner is not calling for the government to step in and mandate security. Such a move would stifle innovation, which is just what is needed to improve security, he said.

Golodner envisions companies beginning to see security as strategic because it protects them from downstream liability (and hence reduces insurance costs) and gives customers a higher level of confidence.

Large companies need to realize that their businesses depend on the security of the Internet, said Ken Watson, manager of the critical infrastructure assurance group at Cisco Systems Inc. "The health of the Internet is the health of Cisco," he said.

Public confidence is an intangible factor but one that companies need to take seriously. A public compromise of a system that results in data theft can be disastrous to a company's reputation, as well as its bottom line. Companies that are banking on the promises of the Web need to be conscious of the public's perception of its safety. Recent studies have shown 60% of people won't buy over the Internet because of security concerns, said TruSecure Corp.'s William Hugh Murray, who also spoke at e-ProtectIT. "Security is not an enabler but a necessity, if we want to enjoy the promises of IT," he said.

Murray said companies must heed public perception. Nuclear power is an example of a technology that never got the public trust. "Fifteen hundred people die a year just extracting fossil fuels," he said. "Atomic power is magnitudes safer, but it doesn't have the public trust."

Dig deeper on Application Firewall Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close