Andreas Antonopoulos (Yasoo Andreas) writes below that insufficient investment in security can lead to competitive disadvantage. This is absolutely correct but in most cases the fault (if we must assign it) falls directly on the shoulders of those planning for the new toolset/solution. Andreas also states that we must wield the security veto with care. Agreed, 110% when we are even allowed to have a veto, which is few and far between. Most of the time we are limited to saber rattling. When the business and IT leaders fail to include security considerations in their revenue generating and customer service focused solutions, everyone suffers. Security can be a very valuable enabler for the business. If the business and marketing alike would only understand that security can and should be used in their external messaging then maybe they too would understand the value of its inclusion from moment one of the thought process and demand its presence.The security veto should be used, and used to send the business owners and IT leaders back to include security. This should only happen once, maybe twice if they are in fact astute. Inclusion up front needs to be the norm. Vetos should be highly publicized internally for maximum affect. The brunt of the cost should impact management bonuses as security should be tied to their appraisals and MBO’s. When we hit people in their pocketbooks, we usually get results. Results then gives you the rewards you seek. https://www2.csoonline.com/blog_view.html?CID=33007“I had the opportunity to benchmark this observation during my recent security research. Fully two-thirds of the responding companies had decided against using a technology or service because of security concerns. Many were forgoing investments in collaborative tools (instant messaging, wikis and so forth). Our research shows these tools can have a direct impact on top-line performance, when used by sales, for example. Insufficient investment in security can therefore lead to competitive disadvantage. When we wield the security veto, we must consider the cost of a missed opportunity. With sensible, controlled risk comes reward.” –By Andreas M. Antonopoulos, Network World (US) Related content opinion The Sandbox - RSA Conference 2014 - San Francisco By Jeff Bardin Feb 24, 2014 3 mins Technology Industry IT Leadership opinion NY Times Story on Snowden Way Off the Mark Snowden story worthless - Basic IT protocols ignored - By Jeff Bardin Jul 05, 2013 2 mins Data and Information Security Network Security opinion Maskirovka – Tactical, Operational, Strategic Deception "The Op is in Motion" By Jeff Bardin Apr 29, 2013 4 mins Physical Security IT Leadership opinion Is this gun smoking? Certified Unethical Training http://attrition.org/errata/charlatan/ec-council/eccouncil_emails.html By Jeff Bardin Mar 15, 2013 14 mins Social Engineering IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe