Weakest link in security strategy

An effective security strategy is more about promoting a new way of thinking rather than a new technology. I’ve found interesting ideas in DMAC blog regarding this issue.
Although more and more security technologies emerge every day, they all have the same flaw, from the security standpoint: “they are vulnerable to end user laziness”.

A security solution is only as strong as its weakest link and unfortunately it’s Bill the dad of 4 who doesn’t give two cents about your password policy… It is evident that we will never be able to escape the impact of our weakest link. The solution is to implement security measures that are easy and acceptable to the end user while still maintaining a satisfactory level of security. We have to implement solutions that allow Bill (our weakest link) to continue his normal habits…
Security and Laziness must combine! We must transform the way we think as security professionals. We must put ourselves in Bill’s shoes… Security professionals and end users must reach a compromise.

Corporate security strategy should enhance information availability and integrity. It must let people continue doing their every day tasks. At the same time, all employees within a company must understand the risks of information and identity theft and provide for secure information environment.

Leave a Reply