Can Technology Provide a Complete Security Solution?

Back in 2009, I wrote a couple of blog posts about security – one about whitelisting/blacklisting applications and one about the “cost” of security on productivity (they are both still relevant and worth a read). Recently, I have been working a lot on policies to ensure the security of mobile devices. While doing this, I have discovered an interesting phenomenon: There are some people who believe that it is possible to use technology to provide a complete security solution.

I am certainly not saying that it is impossible to use technology to provide a complete security solution – I am simply saying that it is improbable, difficult, and very costly. Those who believe in a pure technological solution are missing an important piece of the security puzzle: the human factor. This MUST be addressed through published security policies, user training on those policies, enforcement of policy compliance, and required refresher training.

If end users are educated about the risks and consequences of policy non-compliance, I believe that most will work to be compliant. If you couple education with real, random enforcement and consistent consequences (for continued non-compliance), I believe that you can get very close to complete compliance with security polices, and thereby, a complete security solution. Regular reminders about risks and consequences will also help users to stay compliant with security policies.

The bottom line is this: If you implement only technological security solutions and fail to educate users about risks and consequences, you will find yourself with users who are intentionally circumventing the technological solution (either because they don’t understand the risks or because they know that there are no consequences for their actions).

Advertisements

About Tim Smeltzer
I am a husband, father, and technologist. While I am very much interested in almost all technology, my current area of specialty is secure mobile messaging. You will find me blogging from time to time on mobile technology - what I think is cool, what I think is not cool, and how to do things. Please be nice if you leave me comments. I am really trying to help!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: