In the latest of our posts looking at results of our recent CIO Research project we’re focusing the debate of security versus convenience. Many still consider the two to be mutually exclusive, but does this necessarily need to be the case?
I blogged on this topic back in March, following a similar article by Per Thorsheim on his Security Nirvana blog. But what do the world’s CIOs think about this topic?
As adoption of new technologies becomes more widespread, you might be assume that CIOs may be willing to forego some level of security in order to ensure their IT assets are more usable for end users. However, we found that 85 percent of respondents said they would not accept any increased security risk as part of an initiative to enable greater mobility or increase virtualization. For the majority then, protecting their business infrastructure ranks above making their systems convenient and simple to use.
Overall, more than two thirds of respondents from across the globe put strong security and authentication above convenience and usability in their list of priorities. Yet once again, there were huge differences between the responses given by CIOs in different nations.
In Germany, 78 percent believed security was a greater priority than convenience, whereas in the Nordic region, views were more evenly split: 53:47 in favor of security. Whether the Scandinavians’ views will prove to be an anomaly or incredible foresight will be played out over the next few years, but I’ll certainly be watching with interest.
Patrick Lambert wrote a detailed article last week on Tech Republic, saying that “most security experts will tell you that convenience and security are usually at odds” and as our research suggests, it certainly appears to be a commonly-held view in the business world. As a security professional myself, it’s incredibly reassuring to see CIOs are not prepared to compromise on security. But the fact that two thirds believe it is a greater priority than usability shows there are still some hurdles to be crossed before the two are considered equally essential parts of the security process.
I firmly believe that neither can exist without the other, and until CIOs understand this, they may struggle to encourage end users to make the best use of the technology available to them. If they can overcome this barrier, the gateway to success beckons.
