The security conundrum
- Reduce text size Decrease text size
- Increase text size Increase text size
- Print article Print
- Jump to comments Comment
- Share this article Share
- Email article to a friend Email
It is time to face up to the facts. IT may be a huge aid to business productivity and efficiency, it can provide differentiation and competitive edge, it can be the basis for new markets and new business models. Technology people love that view; but it is not the reality for large numbers of senior business executives. For them IT is a danger to the business - and if our cover story this month is anything to go by, a danger to their careers.
IT systems fail and for any number of reasons - security flaws, mismanaged planning and acceptance, vendor overselling, bad software. Nevertheless, there is an almost unshakable faith within the ranks of IT that: this time the code will be bombproof, the backup will work flawlessly, the RAID system really does what it says in the brochure. That is a faith that is unhealthy for the business - nor is that kind of thinking ultimately healthy for IT. There is a growing school of thought that IT should be viewed in terms of risk.
To quote at length from one of the most respected authors on organisational change and enterprise systems, Dr M Lynne Markus, professor in information management at Boston's Bentley College: "The business world is beginning to see the value of an integrated approach to identifying and managing business risk: the time is right for the IS field to begin developing an integrated approach to identifying and managing IT-related risk. Not only will such an approach be useful to businesses in their attempts to obtain maximum value from their IT investments, it will also help bring together a large part of IS [thinking] under a common conceptual umbrella. By viewing systems development failure, security breaches and competitive threats as different types of the unitary phenomenon of IT-related risk, it becomes possible to make intelligent, end-to-end trade-off decisions throughout the lifecycles of systems in organisations."
As she highlights, IT is a risky business. But its associated risks can be identified, assessed, monitored and reported on, and that analysis applied to the whole IT portfolio. Only then can the questionably placed faith in technology be supplanted by a faith in IT per se.
Editor: Kenny MacIver
