Feeds

Corporate governance goals impossible - RSA

IT managers tied up in red tape

  • alert
  • submit to reddit

Build a business case: developing custom apps

Companies are struggling to cope with tighter corporate governance regimes, which might even work against the goal of achieving improved IT security they are partly designed to promote. The need to comply with requirements such as data protection, Sarbanes-Oxley, Basel II and other corporate governance reforms is tying up IT managers in red tape, according to a banking security expert. "Recent legislation is having a negative impact on risk management," said Michael Colao, director of Information Management at Dresdner Kleinwort Wasserstein.

In some cases, the law has made IT managers legally responsible for adherence to corporate governance rules. Colao says that this may not necessarily be a good thing. "CIOs are now relying on convoluted processes rather than using sound business judgement based on years of experience. A process is easier to defend in court than personal judgement. This means that in many cases unnecessarily cautious decisions are being taken because the CIO is focusing on their own personal liability, rather than what is best for the business," he said.

Different implementations of the European Data Protection Directive in different countries are creating a headache for multinational firms, according to Colao. "This legislation was brought in as part of the EU common market and was supposed to provide clarity and harmony across Europe. Because each country implements legislation in very different ways, the result is a very fragmented and disjointed approach which causes all sorts of problems, particularly for global organisations," he said.

Colao made his comments at the Axis Action Forum, a meeting of IT directors sponsored by RSA Security, in Barcelona this week. RSA Security said differences in European legislation highlighted by Colao were a real problem for its clients.

Tim Pickard, strategic marketing director at RSA Security EMEA, said: “The nature of implementation of EU directives in member states means that it is almost impossible for today’s global CIO to be fully compliant and is therefore likely to be breaking the law in at least one member state.”

Business managers becoming fed up with FUD

In a separate study, more than a third of the 30 delegates to the Axis Action Forum admitted that their Board had never asked for an update on security or implications of security breaches. The finding suggests widespread boardroom indifference to security issues despite the high profile security has been given in the media and by numerous industry initiatives.

Firms only take security seriously in the aftermath of attacks, according to one delegate. Part of the reason could be that business managers are becoming inured to alarmist security pitches. Simon Linsley, head of consultancy and development, Philips said: "For years we have had to go to the Board with messages that create the Fear of God. We can no longer rely on these doom and gloom messages - we have to go to the Board with solutions that add value to the business."

The Axis Action Forum attended by more than 30 CIOs, IT directors and heads of security from a range of medium to large businesses. ®

Related stories

UK corporate governance bill to cost millions
Hackers cost UK.biz billions
IT voices drowned in corporate governance rush
Big.biz struggles against security threats

The Essential Guide to IT Transformation

More from The Register

next story
BBC goes offline in MASSIVE COCKUP: Stephen Fry partly muzzled
Auntie tight-lipped as major outage rolls on
iPad? More like iFAD: We reveal why Apple ran off to IBM
But never fear fanbois, you're still lapping up iPhones, Macs
Nadella: Apps must run on ALL WINDOWS – PCs, slabs and mobes
Phone egg, meet desktop chicken - your mother
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
Samsung threatens to cut ties with supplier over child labour allegations
Vows to uphold 'zero tolerance' policy on underage workers
Dude, you're getting a Dell – with BITCOIN: IT giant slurps cryptocash
1. Buy PC with Bitcoin. 2. Mine more coins. 3. Goto step 1
There's NOTHING on TV in Europe – American video DOMINATES
Even France's mega subsidies don't stop US content onslaught
You! Pirate! Stop pirating, or we shall admonish you politely. Repeatedly, if necessary
And we shall go about telling people you smell. No, not really
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.