Also , there are no life preservers.
In a recent reflection on conversations I’ve had, I’ve noticed a recurring theme that highlights the disconnect between non-IT professionals and security experts regarding data handling and application deployment. Non-IT individuals often enthusiastically present their newly developed applications that utilize specific data and share it with various users, only to be met with security concerns about compliance and data protection from security professionals. The security experts express the need to halt operations due to potential risks and necessary protocols, but the non-security personnel, focused on app performance and revenue, tend to dismiss these warnings, leading to a frustrating dynamic where security concerns are overshadowed by business priorities.
This imbalance is exacerbated by the fact that security teams are typically outnumbered by thousands of users, making it challenging to manage and enforce security measures effectively amidst the chaos of ongoing operations.
– non-IT person :: we have developed this app, that does X with Y data, and then shares it with Z people.
– Security Guy :: You can’t do that, with Y data, let alone how are you A with the Z people…. (and so forth)
– non-Security :: Uh? What do you mean can’t? It’s already live with customers?
– Security :: You have to stop! We have A, B, C, … to do
– non-Security :: (Has left the conversation, to report app revenue to his manager)
Security will never win this conversation.
Let alone that in stark ration terms, there are normally 1 of Security for ever ‘X’ thousand numbers of users. Talk about a lot of spinning plates in the air.