Thoughts of change in the way IT and security will operate –

In many corners of the corporate HQ, in fact, there are plenty of execs who, from time to time, would probably take pleasure in watching IT fail, a la Lehman Brothers. …Why the new normal could kill IT..from my colleague – Michel Godet

I believe that there are 3 root causes for why many organizations worldwide do not take a leadership position in enterprise information protection.

1. Preventing information security events is an admission of weakness. Who wants to spend money on something when the first step is admitting that you’re vulnerable and that your existing security systems, policies and procedures do not meet business requirements?
2. We live in an age of instant gratification. Need music -go to Deezer. Need security – get a UTM from Checkpoint.  Click on a set of canned DLP policies for PCI DSS 1.2 compliance – never mind that you design and manufacture motorcycles.
3. The need to walk on the safe side, not on the wild side. Who wants to spend 6-7 figures on an EIP (enterprise information protection) system that requires data discovery from someone who isn’t your accountant, a complex policy implementation by people who need to learn your business, integration with internal procedures and processes with employees who could care less, and buy in from a CEO who is scrappling for survival with the board during the biggest financial crisis in 80 years?
   
   Especially after the CEO has sworn off Enterprise software for Lent.