Is security really a big drag on innovation?
Have you ever held back innovation because of information security concerns? Apparently more than a few technology executives are repeatedly gun shy.
According to an IDC-RSA study to be released Wednesday security fears stifle business innovation at 80 percent of companies. This security vs. innovation theme was sounded by RSA president Art Coviello in April at the RSA conference. Coviello, who advocates a thinking defense system, returned to that theme and noted that security is hampering daily business.
I don't doubt the business disconnect between security folks that want to lock everything down and innovation, but the linkage may not be as tight as IDC and RSA are portraying. I could be wrong, but I have a hard time envisioning a chief security officer telling some marketing chief or operating guru that some technology can't be deployed over data protection. Why do I make that leap? Companies seem to be doing a really crappy job at protecting our data today. If businesses were really locking things down there would be fewer data breaches.
What's really going on? I think security and business folks surveyed by RSA and IDC are indicating that they want to ditch a few compliance shackles in the name of innovation. And naturally, everyone says security is a top priority. No one will ever pooh-pooh security in a survey. You'd get fired if you actually admitted that security was the No. 7 spending priority.
Nevertheless, the IDC-RSA findings, which are based on 200 respondents, are interesting. To wit:
44 percent of security leaders are being measured on their innovation contributions.
21 percent of respondents said security efforts are aligned with the business. But 61 percent consider themselves compliance jockeys.
87 percent of business types said that creating an innovative environment was extremely important or important. 78 percent of security/IT types had the same answer. A little more than 14 percent of the security/IT managers were neutral on innovation with about 7 percent saying it wasn't important.
54.4 percent of business types, known as line of business or LOB below, see joint ventures as their biggest priorities. Here's the rest of the breakdown:
45.7 percent of respondents say the info security team reports to the CIO, but 37.6 percent actually think that's the right reporting structure. Here's the breakdown:
