Too much security can be overbearing: Microsoft
James Bannan08 August 2007, 12:03 PM
TECH.ED |Don't overdo security: that's the message from a Microsoft security strategist, who says endless security measures can actually get in the way of getting work done.
 Steve Riley |
TECH.ED | When does too much security become, well, too much? According to Steve Riley, senior security strategist at Microsoft, it becomes too much when the cost of mitigating the risk outweighs the cost of that which you are trying to protect.
Steve's approach to security spans all horizons, not just information technology. He elaborated on this theory in an afternoon session today at Microsoft Tech.Ed entitled "Making the Tradeoff: Be Secure or Get Work Done".
The cost of securing an asset is not simply the absolute cost of purchasing an enterprise firewall or business-wide malware software, according to Riley. It's measured against the current cost of leaving things as they are - if a couple of machines go down every week because of security vulnerabilities, that is a cost which can be measured and taken into consideration. However, if the cost is actually less than the cost of removing the problem, bizarre as it may sound, it might not actually be worth it.
Steve applied this same train of logic to other, more worldly scenarios. Child kidnapping for example - apparently American parents are paranoid about kidnapping, and so forbid their children to talk to strangers. The result, according to Steve, is a generation which can't ask for help when the only source of help is a stranger, and a general and unacceptable reduction in human interaction which is the basis of any civilised society.
He prefers to tell his own kids that "...most adults are kind and honest and will help yo