Feeds

Corporate governance goals impossible - RSA

IT managers tied up in red tape

  • alert
  • submit to reddit

Secure remote control for conventional and virtual desktops

Companies are struggling to cope with tighter corporate governance regimes, which might even work against the goal of achieving improved IT security they are partly designed to promote. The need to comply with requirements such as data protection, Sarbanes-Oxley, Basel II and other corporate governance reforms is tying up IT managers in red tape, according to a banking security expert. "Recent legislation is having a negative impact on risk management," said Michael Colao, director of Information Management at Dresdner Kleinwort Wasserstein.

In some cases, the law has made IT managers legally responsible for adherence to corporate governance rules. Colao says that this may not necessarily be a good thing. "CIOs are now relying on convoluted processes rather than using sound business judgement based on years of experience. A process is easier to defend in court than personal judgement. This means that in many cases unnecessarily cautious decisions are being taken because the CIO is focusing on their own personal liability, rather than what is best for the business," he said.

Different implementations of the European Data Protection Directive in different countries are creating a headache for multinational firms, according to Colao. "This legislation was brought in as part of the EU common market and was supposed to provide clarity and harmony across Europe. Because each country implements legislation in very different ways, the result is a very fragmented and disjointed approach which causes all sorts of problems, particularly for global organisations," he said.

Colao made his comments at the Axis Action Forum, a meeting of IT directors sponsored by RSA Security, in Barcelona this week. RSA Security said differences in European legislation highlighted by Colao were a real problem for its clients.

Tim Pickard, strategic marketing director at RSA Security EMEA, said: “The nature of implementation of EU directives in member states means that it is almost impossible for today’s global CIO to be fully compliant and is therefore likely to be breaking the law in at least one member state.”

Business managers becoming fed up with FUD

In a separate study, more than a third of the 30 delegates to the Axis Action Forum admitted that their Board had never asked for an update on security or implications of security breaches. The finding suggests widespread boardroom indifference to security issues despite the high profile security has been given in the media and by numerous industry initiatives.

Firms only take security seriously in the aftermath of attacks, according to one delegate. Part of the reason could be that business managers are becoming inured to alarmist security pitches. Simon Linsley, head of consultancy and development, Philips said: "For years we have had to go to the Board with messages that create the Fear of God. We can no longer rely on these doom and gloom messages - we have to go to the Board with solutions that add value to the business."

The Axis Action Forum attended by more than 30 CIOs, IT directors and heads of security from a range of medium to large businesses. ®

Related stories

UK corporate governance bill to cost millions
Hackers cost UK.biz billions
IT voices drowned in corporate governance rush
Big.biz struggles against security threats

Secure remote control for conventional and virtual desktops

More from The Register

next story
6 Obvious Reasons Why Facebook Will Ban This Article (Thank God)
Clampdown on clickbait ... and El Reg is OK with this
Kaspersky backpedals on 'done nothing wrong, nothing to fear' blather
Founder (and internet passport fan) now says privacy is precious
TROLL SLAYER Google grabs $1.3 MEEELLION in patent counter-suit
Chocolate Factory hits back at firm for suing customers
Facebook, Google and Instagram 'worse than drugs' says Miley Cyrus
Italian boffins agree with popette's theory that haters are the real wrecking balls
Mozilla's 'Tiles' ads debut in new Firefox nightlies
You can try turning them off and on again
Sit tight, fanbois. Apple's '$400' wearable release slips into early 2015
Sources: time to put in plenty of clock-watching for' iWatch
Facebook to let stalkers unearth buried posts with mobe search
Prepare to HAUNT your pal's back catalogue
Ex-IBM CEO John Akers dies at 79
An era disrupted by the advent of the PC
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.