URGENT Lunchtime round table, 11th September 2009 CANCELLED

[Dave Birch] I'm sorry to say that due to an unfortunate accident involving one of our key speakers, Mr. Jean Allix of the European Commission, the lunchtime roundtable for 11th September has been cancelled and will be rescheduled. I am very sorry for this late notice, but we have been trying very hard to find an appropriately qualified substitute from the Commission but this proved impossible at such short notice and a roundtable about the Internal Market without a Commission perspective did not seem ideal.

Europe, innovation, round table, SCF, SEPA

Is security an enemy?

[Dave Birch]In talking about innovation over the last months we have also from time to time mentioned barriers to innovation. In places, I have mad a mental note to look again at some areas where the barriers are being erected by the very same organisations that want to increase innovation. A perfect example of this came my way when James Gardner wrote on the topic of security. This is a great case study, because of the tension between the security department (if one exists) and the innovation department (if one exists). James Gardner sets out a banker's perception of the security guys

I shut my mouth at this point, knowing I was speaking with that most invidious of creatures, the professional security specialist. You know the type: they spend all their days dreaming up the reasons you can't do something, rather than helping you find out how you can. Theirs is the right to kill any change for any reason, so long as it is related to a "potential security issue".

[From BankerVision: Does the business case for IT Security stack up?]

Surely the security department must have function other than blocking innovation? Like, for example, improving security. But actually, this is not so clear cut. In some organisations, the function of the security department is more about ensuring compliance, making sure that the right boxes have been ticked, because that is what they are paid and bonused on. They don't get a bonus if no security breaches are detected, or new customers are signed up, or if new products are delivered.

So the recent assertion from IT security chiefs at certain high-profile UK organisations that their primary concern was actually ensuring compliance with regulations such as the Sarbanes-Oxley Act and Payment Card Industry (PCI) standards may come as a surprise.

[From Security is built on compliance - WhatPC?]

I don't want to talk about whether compliance improves security or not, that's a different issue, but whether security is a genuine block on innovation, whether is isn't but is perceived to be, or whether it doesn't make any difference to the organisation.