Security that doesn't get in the way

I was on the road last week, attending the RSA security conference in San Francisco, which is a great place to run into colleagues. Afterwards, I visited Disneyland, which, despite being in the same state, is surprisingly far away. What do these places have in common? Security.

At the RSA conference, I saw a lot of people I know, which made me realize how much the information security field has grown and matured. In years past, you might occasionally run across a colleague, but it was a notable experience worthy of mention and remembrance. Now, it seems as if almost everybody goes, with all of them using Facebook, Twitter and Skype as the collaboration tools of choice. I caught up with people I hadn't seen in years (and didn't really expect to see again, in some cases) with practically no difficulty. Instant messaging kept me in touch with people over great distances despite the challenges of travel. What this means to me is that technology can really make life easier, and the world smaller.

In the old days, securing our data often meant sacrificing some measure of functionality. Skype and other instant messaging services were forbidden in the company because their peer-to-peer capabilities could lead to inadvertent or intentional information leakage, and various mobile applications were great sources of concern for a security manager. Now that I have implemented real security for mobile devices, I can support this business enabler and protect my company's intellectual property at the same time. I can rest easy (in a relative way) while enjoying the advantages of mobility.

At the RSA conference, I saw many examples of new security technologies designed to make life easier and safer. To me, that's what security should do. I believe that security doesn't have to get in the way of business, and some of the emerging technologies and concepts look like they will one day change the way we think about security controls. Instead of controlling data flow through a choke point, we can now look deep into the network packets to see what's inside, and react accordingly, diverting data, blocking malicious or unapproved content, or even scrubbing out and redacting confidential content. New tools allow us to perform forensic analysis to find hidden or deleted activities on our data devices, even if people or programs try to cover their tracks, without needing to know much about the underlying protocols. And new ways of thinking about, analyzing and modeling threats will soon help us target our countermeasures on the areas of greatest risk.


Disneyland has always struck me as providing a great example of my own philosophy of low-impact, high-effect security. With the use of extensive (but unobtrusive) surveillance, employee vigilance and awareness, and preparedness, Disney provides a safe environment for its customers without annoyance. I had an opportunity to attend a presentation by Disney's CSO at another RSA show a number of years ago, where he spoke about Disney's security awareness program. It was remarkably advanced, and it's still one of the best I've seen. And here at the park, my practiced eye can detect the presence of trained security staff everywhere, and I know the regular employees are also well trained and security-conscious, but they aren't getting in the way of visitors. From my point of view, they are doing it right.

This week's journal is written by a real security manager, "J.F. Rice," whose name and employer have been disguised for obvious reasons. Contact him at

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

J.F. Rice

Computerworld (US)
Show Comments

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Cate Bacon

Aruba Instant On AP11D

The strength of the Aruba Instant On AP11D is that the design and feature set support the modern, flexible, and mobile way of working.

Dr Prabigya Shiwakoti

Aruba Instant On AP11D

Aruba backs the AP11D up with a two-year warranty and 24/7 phone support.

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers


This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang


It really doesn’t get more “gaming laptop” than this.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?