Who Is Responsible For Security, IT Or The Employee? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Mobile
Commentary
8/22/2007
12:52 PM
Eric Ogren
Eric Ogren
Commentary
50%
50%

Who Is Responsible For Security, IT Or The Employee?

The answer should be obvious. Both IT and the employee bear their own roles for maintaining security. So why is it that 73% of mobile workers admitted that they aren't always aware of security risks and best practices?

The answer should be obvious. Both IT and the employee bear their own roles for maintaining security. So why is it that 73% of mobile workers admitted that they aren't always aware of security risks and best practices?I think the fault is shared. In this study, reported by InformationWeek yesterday, it notes that many employees feel security is IT's job, not theirs. This is a dangerous attitude, both for the employee and the organization for which they work.

Let's take a step back for a second. Remember your first day on the job? Part of your orientation with HR probably included being given an employee handbook of sorts. The handbook spelled out all the behavior expected of you during your tenure with the company. Aside from giving you the bad news that jeans are not considered business casual attire, it also likely included a section regarding IT policies. Many companies expect employees to refrain from using company property (i.e., their PCs) for personal use, such as email and Web surfing. There is probably also language about making sure that sensitive company information is never exposed to outsiders.

Typically you have to sign a document stating you have read the handbook and will adhere to the policies contained therein. But who actually reads the darned thing? If you haven't read the handbook, you may not know that there are security policies that have to be followed with certain corporate data. That doesn't excuse employees from not taking appropriate action, though. Common sense needs to come into play at some point.

On the flip side, there is a lot IT can do to secure enterprise systems. Any good IT center will have this well in hand. There are innumerable solutions IT can use to protect both the hardware and data from being breached. For instance, Mobile Guardian, from Credant, is one such solution that provides end-to-end security and lets IT enforce policies like passwords. IT does need to educate employees, though, on what is acceptable and what is not. Simply installing software on employee laptops and letting them butt their heads against policy controls won't work.

In the end, it has to be a partnership between IT and the employee. Are many security policies annoying? You betcha. But they are in place for a reason.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Slideshows
11 Things IT Professionals Wish They Knew Earlier in Their Careers
Lisa Morgan, Freelance Writer,  4/6/2021
News
Time to Shift Your Job Search Out of Neutral
Jessica Davis, Senior Editor, Enterprise Apps,  3/31/2021
Commentary
Does Identity Hinder Hybrid-Cloud and Multi-Cloud Adoption?
Joao-Pierre S. Ruth, Senior Writer,  4/1/2021
White Papers
Register for InformationWeek Newsletters
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
Video
Current Issue
Successful Strategies for Digital Transformation
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll