Leader: Your security is rubbish? Well d'uh...

We want this, and we want that and we want it yesterday... now why isn't it secure?

It appears security at the enterprise level is in a right old mess. Too little strategy and too few clues as to how to get it right are dogging companies as they try to tame the manifold threats which exist.

The Butler Group today accused companies of taking a "scattergun approach" when it comes to throwing a variety of solutions at a plethora of problems while not really having systems in place to work out which are effective and which need more work.

It's likely a number of CEOs will see that report and wonder what the hell is going on in the IT department.

Andy Kellett, senior research analyst at the Butler Group, also blamed the vendors.

"One thing is very clear. No single software or security vendor can deal with all the issues that are being raised under the Security Management banner," he said.

Well, we knew that and we'd be very surprised if any company really believed that to be the case. Most vendors are now pretty open about the fact they don't offer a silver bullet. There are no panaceas out there and surely nobody still claiming to be a panacea salesman.

In the main we imagine the reaction among those charged directly with securing the enterprise to the "scattergun" accusation would be "yeah, tell us about it".

Any bosses or board members who want to look into why their security isn't always up to scratch might do well to cast their minds back to a conversation they had with the IT department the last time they wanted something done yesterday. Whether it's working from home or bringing in new systems or scaling up to meet new demands.

Getting something done quickly is not always conducive to getting something done securely - yet that security is often something the powers that be will turn a blind eye to in the name of immediacy.

It's a brave IT manager who tells his boss 'you're going to have to wait because I can't yet guarantee that will be secure'.

Don't doubt for one minute that there are bosses out there who will find somebody else more comfortable with the words 'yes boss, right away boss'.

They know who they are.

We're all for companies moving at the speed of technology but at every stage they need to make sure they are resourced to address, understand and manage the security problems which will - not might - arise at every stage.

Similarly the IT department needs the support of the higher-ups to secure mobile strategies and every other aspect of enterprise security. If the IT department tell staff they can't bring mobile devices or removable media into the office, the staff will assume they're being spoilsports - saving themselves some work.

If the CEO hands out a diktat along those lines, people may take a little more notice.

"Scattergun" approach is no doubt true but if that's the weapon of choice then it's used because IT departments are similarly under fire.