Doing so is as wise as trusting your Pitbull with your two-year-old...Businesses are putting their very existence in the hands of techies unqualified to tread the minefield of legal issues which are now as much a part of information security as technology.
That is the most alarming finding of a LogicaCMG-commissioned survey which found that 71 per cent of companies rely on the IT department to implement security policies.
But before you flame us, it's important to acknowledge this isn't an attack on the already overworked IT department but more a case of highlighting the problems businesses have in understanding the multi-faceted issue of security and the role it plays in the bigger picture of corporate governance.
Would you trust your lawyers with patching your network? Of course you wouldn't, so why are techies being charged with getting their heads around the complex legal and personnel issues associated with security policy-making and the implications of getting this vital process wrong?
In truth the issue is as much the role of HR and legal departments. Granted, security involves procuring technology, integrating, managing and testing it - and those are all jobs for the tech team. But technology in isolation is not a security threat. It only becomes a threat once people start using it... and techies aren't generally 'people' people. Nor should they be.
Educating staff, drafting corporate policy and ensuring governance and compliance issues are met should not be on the 'to do' list of any techie. Such a strategy will fail and when it does it will be the wrong people who take the blame.
Security does not begin and end at the server room door. The sooner that fact is realised and acted upon the sooner companies will be closer to protecting themselves and their businesses.