IT leaders disagree on security change catalysts

What drives security changes: people or technology?

New security technologies like multi-factor authentication (MFA) and single-sign-on are "critical", IT leaders told us at the Okta Forum London last week - but they disagreed on what drives development.

Richard Perez, Director of EUC Technologies at NewsCorp, thinks that new security technologies, and particularly the level of intelligence that accompanies them, are vital for any organisation. Geolocation and the accompanying analysis tools, for example, are important in his company, where journalists frequently fly around the world to follow a story.

"I expect the providers - be it Okta or any other - to provide that as a featureset, as a product, as a service," he said. "This is where I sit today: to ensure that that roadmap from Okta reflects the growing concerns of the industry and what happens from a personal perspective."

That would imply that it is people who drive security developments, but Perez comes down on the opposite side: he believes that technology is the catalyst, because users find it difficult to see beyond the limits of their own experiences. Discussing future security trends such as password-less, he said:

"I think technology drives [change] more, because I don't think people - on the whole - could possibly appreciate everything that you can have. They wouldn't be able to appreciate that you don't need to have passwords any more."

Once the technology has been developed, though, adoption comes down to people. A culture change is often necessary inside the company, which Perez admits is often the hardest part.

"My job is all about the comms to that end user: how do you tell them a story that is going to work for them, as opposed to just mandating something which doesn't really work?"

John Bazley, ‘Application Support Manager at The Alzheimer's Society, had a contrary opinion, telling us that people are responsible for driving change. Using password-less systems as an example, he said:

"People hate passwords! I'd say that there's a big consumer demand for that. Peoples' only approach to it thus far has been to use one password for everything.

"There have been [people] who've used things like LastPass to make their lives easier, and Google and Apple have had some vaulting approaches that you can use if you're entirely in their ecosystem, but most people don't use LastPass or turn on iCloud Keychain or whatever. I think that most people would be delighted that passwords are going."

Bazley was particularly keen on biometrics as a replacement - so much so that he has just opened a bank account secured solely with such a system.

"I'm hopeful that [people] will understand that anything not involved in passwords could be more secure, because it's about something you have - the device - and something about you, which is much more difficult to fake. Firstly you've got to steal the device and then they've got to steal part of you."