Let's rely on the knee-jerk, heads-roll solution

04.09.2006

Data breaches. It's a topic I've written about too many times, especially in this column. Personally, I'm over this topic, but you can't afford to be so nonchalant because your job is on the firing line. A new trend has emerged that will forever shape your career.

In recent weeks up to half a dozen IT professionals have been sacked for failing to secure corporate information.

Now this has really raised the data protection stakes. Analysts are predicting more sackings and harsh disciplinary measures for those who do not secure their enterprise.

I don't have a problem with accountability, it is necessary, especially if negligence contributes to a security breach.

But what isn't fair is scapegoating. In most cases those responsible for breaches are usually following accepted practices within their companies. They don't usually have the authority to introduce change, or more importantly, the resources.

So when problems do occur, there is this mad "do something" mentality that inevitably leads to scapegoating.

It's the good old "knee-jerk, after the fact, heads-roll solution" to a crisis.

AOL LLC's chief technology officer Maureen Govern abruptly resigned last week in the aftermath of a disclosure that the company released data on 650,000 online subscribers. AOL fired two workers in its research division, which was responsible for the release of the data.

Earlier this month two IT managers from Ohio University were sacked for failing to prevent a series of breaches. Another university CIO William Sams chose to resign after a breach.

The departure of these IT professionals follow a similar series of incidents earlier in the year when a number of US government agencies suffered security breaches that led to a flurry of resignations, restructures and hasty departures.

It's becoming par for the course. But little has changed. Another batch of breaches landed on my desk this week involving laptops stolen from vehicles or data misplaced by subcontractors.

So I wasn't too surprised when I read a survey of 853 IT professionals from the Ponemon Institute where more than 60 percent of respondents said they don't believe they can prevent breaches. More than 40 percent said they don't have the resources to fight the problem.

Institute chairman Larry Ponemon said the results reflect a growing frustration among IT managers.

"A general frustration came out that they don't have the tools or the resources to do the job, but these responsibilities have been pushed into their laps. They haven't been given extra help, equipment, software or tools; but somehow they're being held responsible."

We don't blame firemen for fires. But we certainly give them the equipment they need to at least contain these disasters.

Are you skirting on the edge of a disaster? E-mails to sandra_rossi@idg.com.au