If you think that absolute security exists you would be absolutely incorrect. Speaking as a security practitioner who has been in the business for as long as there has been a security business, I’ll tell you with a straight face that no technology system exists that is completely secure or one hundred percent impenetrable. The reality is that security is a process of risk identification, mitigation and vigilance. It is incumbent upon both the security professional and the supporting leadership to first identify what must be protected in order of priority. The second phase is to mitigate or otherwise offset the risks by using technological tools and procedural changes that are institutionalized. Finally, there is vigilance to keep ahead of the threats that exist. This involves personal education in any form be it formal or self-guided and the discipline to carry through the charter we pledge to adhere to as security professionals.
It has become common place for security vendors and security professionals alike to claim absolute security. The snake oil sellers will tell you they can keep you safe. However, logic dictates that no solution is perfect or lasts forever. Everything made is fallible. Security is a process; it is an integral part of our business. Just like any business process, security must be updated, tweaked and tuned. The consequences of not adhering to this philosophy are potentially catastrophic. Many organizations and security professionals are running on borrowed time. I’m not prophesying that there is no hope for security. Quite the contrary! What I am suggesting is that a healthy dose of reality be introduced into the mixture. Collectively, we must understand that mitigating risks are more important than mitigating fear with a false sense of security.
Security threats will never go away and the challenge bubble will only get bigger until we either proactively or reactively adapt to it. Our world is globally connected and increasingly interactive through technology. I challenge security and business leadership alike to join together at the same table and leverage each other’s strengths for the collective good. No more myth propagation, no more corner cutting for the sake of expediency or marginal gain, no more discounting the importance of security to business and individuals alike.