Security needs to become easier for users: Novartis CIO
- 11 November, 2011 12:56
The IT industry must take measures to make security easier and faster for employees who are not computer savvy says Novartis Australia chief information officer, Ruth Marshall.
Speaking at the Australian Information Security Conference (AISA) 2011, she said the pharmaceutical company employed a mobile workforce who were struggling to remember multiple passwords and were being slowed down by security updates which could take 15 minutes to load when they logged in to the company’s virtual private network (VPN).
In-depth: Information security 2011 Research Report.
“Sixty per cent of my 1000-strong workforce is out in the field and they only come to the office twice a year for meetings so the VPN is essential for them,” Marshall said.
Many staff members, who are not “computer people”, neglected to click the send secure button on emails and forgot multiple passwords.
“Even if they did use the send secure email function, someone can just forward the email once they have received it and then it could go anywhere,” she said.
Another problem faced by Novartis was that staff chose not to use the company’s corporate encrypted e-meeting tools as, according to staff feedback, Skype was “way cooler”.
The same applied to an internal social networking platform developed by the company called Yammer with staff choosing to use public social networking sites Facebook and Twitter instead.
“No matter how many times we tell staff that we’re not monitoring their conversations, they are never going to be as free with their opinions on the internal Yammer tool as they would be with Facebook,” she said.
“The more our community gets distributed and their data gets put into the Cloud, the harder it is for us to be sure that we are managing security, traceability and controls.”
While Marshall has reminded staff to be more disciplined and to not do security updates while trying to load reports, she conceded that many were not disciplined when it came to security.
“People are not going to change their behaviour in order to make the company more secure so we need to look at security environments,” she said.
To overcome these problems, Marshall issued a challenge to conference delegates to make security more efficient and usable for people.
“Useability is the biggest challenge we face because we can’t turn the clock back to stop Cloud computing or bring-your-own-devices [BYOD]. We need to stop security being a barrier for people who are trying to do their jobs; we need it to be transparent and useable.”
According to Marshall, email encryption should become a default rather than a opt in option while virus scans needed to be easier and quicker.
“People cannot be slowed down anymore by a 15-minute wait while their machine is being crunched through,” she said.
Follow Hamish Barwick on Twitter: @HamishBarwick
Follow CIO Australia on Twitter: @CIO_Australia
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Android Malware Exposed
Take an in-depth look at the evolution of android malware. The world of malware targeting the Android OS is similar yet very different from malware affecting Windows. Explore the rapidly evolving world of android malware and shed light on the various techniques used to exploit devices using this OS.
In Control at Layer 2: A Tectonic Shift in Network Security
Network hacking and corporate espionage are on the rise and set to intensify. Information security risks remain commonplace, and most organisations need to increase vigilance. This paper has analyses the realistic threats to fibre optic Ethernet networks – both at the LAN and WAN level. Read now.
Benefits of Deploying Microsoft Exchange Server 2010 on Dell Compellent with Data Progression
Messaging and collaboration platforms have emerged as mission critical applications, consuming a large portion of IT spending for organisations. The rich features in these applications have significantly changed the messaging requirements and needs of today’s information from anywhere with any device, the result is an ever increasing demand on storage systems both in terms of capacity and bandwidth. Many organisations are rethinking their storage strategies to meet the demanding criteria and to handle the future requirements. Read more.