A Thought on FUD

Fear, Uncertainty and Doubt

Why, when there are so many fundamentally sound reasons for a company to do good security, do the security professionals seem to always fall back to trying to motivate through FUD? Why aren’t you guys out there talking about improving IT efficiency, delighting your business users, enabling corporate strategy, reducing operating overhead and so much more?

Here’s a great example for you.

Security and IT are busy fighting iOS, BYOD and mobility. Especially iOS … something about enterprise IT not liking iOS, I suppose. And the fight is led by people using a ton of FUD.

All those things that security people claim they have wanted for years are built in to iOS and the hardware. These devices have always on hardware encryption, geolocation, local and remote device wiping, call home, application sandboxing and much more. They are, straight out of the box, more secure than just about any laptop straight out of the box.

Instead of embracing these devices, though, we spend all of our efforts fighting against them because they are BYOD, or mobile, or consumer IT or something. Instead of preferring that our employees access their email and sharepoint sites with a device that they want to keep handy so they can play Angry Birds, we talk about the dangers if these devices are lost or stolen. Instead of helping enable employee efficiency, we want to insist on corporate Blackberries and Dell laptops.

Security guys, if you keep this up, you will be ignored and made irrelevant. Stop the FUD, start focusing on great security aligned with your business.


About Eric Cowperthwaite

Nearly 30 year security professional, 11 years in the US Army, and another 18 in the civilian world. Worked for EDS for 9 years, then for Providence Health & Services as their CSO for 7 years. Now I work for CORE Security as their VP, Advanced Security & Strategy. This blog is not just about security, either physical or information. You can expect to read about cigars, my life, things I think are funny and much more. And I will rail about the FUD that so many security practitioners toss around on a regular basis. Plus, once in a great while, I might actually share a thought or two about security. Did I mention that I will probably blog about cigars? Just to be clear, nothing that I write here represents the position or opinion of my employer. Nothing I write here is proprietary or confidential to my employer. Everything I write here is my personal opinion.
This entry was posted in Apple, BYOD, FUD, Mobility, Security, Technology. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s