Too much security is making IT professionals work harder than ever.
According to the results of a debate of IT professionals at the City and IT Security Forum in the US, too much security can be onerous for their companies.
One delegate claimed that his company has had to a new department to meet the encryption demands by Visa and MasterCard. He said: “We now have an industry of encryption key management. We have three million transactions a day to encrypt. I have had to create a whole department responsible for encryption key management.”
Another delegate also claimed that banning the use of USB memory sticks would be counter-productive, claiming that it blocks the ability to back up or share information.
Other delegates said that chip and PIN is still ‘inherently insecure', though a banking representative said: “In my experience, compliance people will always take the most negative view but I argue with them. I say: ‘That's your interpretation, but we could interpret it in a different way.' Most of these regulations are not tested in law. Are we wrong to take a lesser approach?”
The top security concerns of IT professionals were also recorded, and are as follows;
1) Knowing what information you have to keep, what would cause damage if it leaked, and what can be deleted
2) Data loss and leaks
3) Getting employees to comply with company security policy
4) Data ownership
5) Whether to ban social networking sites
6) Internal IT-related fraud