Regulations harm not help security
By Iain Thomson
,
In a blistering speech at the opening of Gartner's IT Security Summit in London Ian Angell, professor of information systems at the London School of Economics, stated that the effects of government regulations were more harmful than denial of service attacks.
Speaking at his keynote presentation Angell pointed out that the amount of time and money companies were having to spend satisfying regulatory requirements was harming both business and IT security.
"Regulators have invented a morally justified extortion racket," he told delegates
"You can forget of damage denial of service attacks with the huge resources needed to satisfy government regulations. Regulation is much worse than denial of service attacks, it's people who don't know what they are doing are a far bigger problem, and by that I mean politicians."
He predicted that we are entering a new era of regulation, whereby much of the gains from deregulation and liberalism of markets would be lost. Soon companies would be required to hold every piece of data and every physical document in storage forever, and have them accessible on demand by government regulators.
He accused the government of deliberately creating a panic over events such as September 11th and corporate failures to push a regulatory agenda on business with little debate.
Gartner research vice president Jay Heiser agreed that regulation was a problem, but he approached the argument on the basis of the regulator's lack of knowledge of the industry and the time it takes to get good regulations decided on.
"Best practices for compliance emerges over a number of years," he said.
"I used to think five years was a good time but after watching the progress of Sarbanes Oxley I think it takes longer. Audits don't have a deep background in information security but this hasn't slowed them down in telling people what to do."
He gave password aging as one area that proved this, with passwords being retired after a fixed period. This made them harder to remember and as such users were simply writing them down, which was much more insecure.
Sponsored Links
advertisement
Latest Networking Analysis & Insight
Bring you own device: the $600 question
Inside the enterprise: A recent Cisco report claims bring your own device is gaining support from IT departments. But how much are staff willing to invest in personal technology?
- Interop 2012: Q&A, Saar Gillai, CTO, HP Networking
- Is BT the key to broadband Britain?
- Tencent: the biggest web company you’ve never heard of
- The truth about spam
- Have ISPs finally lost the DEA fight?
- Are you ready to launch IPv6 securely?
- Broadband, pricing and small businesses
- Welcome to the stay-at-home Olympics
- Q&A: Cisco on servers, storage and strategy
Latest Networking Reviews
HP t410 All-in-One Thin Client review: First look
- Swyx SwyxExpress X20 review
- Ipswitch WhatsUp Gold Premium 15
- ForeScout Technologies CounterACT 6.3.4
- ThinPrint Printer Dashboard review: First Look
- TITUS Aware for Microsoft Outlook review
- Windows Phone 7 Mango review: First Look
- Dartware InterMapper review
- Kemp Technologies LoadMaster 3600 review
- Sangfor WANACC M5500 review
advertisement
Most popular
- UK regulator shuts down Angry Birds scam
- Apple iPad 3 vs iPad 2 head-to-head review
- IBM bans use of Siri on iPhones
- Chromebooks: What's gone wrong?
- HP plans massive job cuts
- EMC World 2012: Tucci declares Documentum is here to stay
- Dell EqualLogic PS6100XS review
- Macs and Android under malware threat
- RIM loses its head of sales
- Local fibre broadband needs common standards
PlayRegister for IT PRO
You'll get exclusive member benefits including free whitepapers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
