Security: Never mind the products, educate the users

Security experts at the Cebit trade show see informing users as the top priority when it comes to improving IT security

If they could change one thing to improve IT security, the assembled experts on a panel at Cebit would better educate their users.

"Education is important: We're all too naïve," said Eddy Willems, global security officer for G Data Software, speaking in a panel session on security during the Cebit Global Conference, part of the Cebit trade show in Hanover, Germany, on Wednesday.

"People need to take security seriously. We can do a lot at a technological level, but if they choose a weak password, they are at risk," said Joachim Schaper, vice president of research at AGT Germany, which provides physical, as well as IT, security services.

Richard Marko, CEO of ESET, an antivirus software vendor based in Bratislava, Slovakia, would rather users kept their data where his desktop security products can see it: "I wish users would think twice before they decide what it is appropriate to put into the cloud," he said.

However, improved user education can only accomplish so much: IT systems developers also need to make systems simpler to use safely.

"If you want millions of people to use a service, it needs to be easy, without the need for them to install more software," said Georg Rau, senior vice president at Deutsche Post, another panellist.

But the obligation isn't only on customers to learn: it's also on suppliers to inform. Buyers can't make educated decisions about how to set up and run their IT infrastructures unless vendors supply them with the necessary information.

Nowhere is that more the case than in the market for cloud computing services, where vendors vaunt the fact that their customers don't need to know how things work.

"We need transparency from cloud computing providers. We should know how their systems are organized, and we should know about the people they hire," said Natalya Kaspersky, chairperson at Kaspersky Lab.

She wants to see more transparency in such services, and better standards for security practices, so that customers can evaluate service providers.

"If the level of security and transparency is very high, I may be willing to pay more. If I don't care about security, I can pay less. But I should have that choice," she said.

Schaper drew a comparison with the automobile industry, where manufacturers spend millions conducting crash tests to demonstrate the safety of their vehicles. Because the tests are standardized across the industry, the results can be compared: That's important, he said, because safety might be a decision factor when purchasing a car.

While the vendors of IT systems in general, and of security products and services in particular, do conduct tests of their products, these are not always directly comparable, Schaper warned. "If you go to other providers, they might have a different standard," he said. "It still needs a lot of work from vendors to make these tests transparent and standard."

The chairman of the panel session, Martin Gutberlet of analyst firm Gartner, came to the same conclusion.

"There's still a lot of work to do on standards and certification" of security practices, he said.

But, he wondered, "Are we willing to pay for it?"

Peter Sayer covers open source software, European intellectual property legislation and general technology breaking news for IDG News Service. Send comments and news tips to Peter at peter_sayer@idg.com.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Tags AGT GermanyGartnercebitDeutsche PostsecurityG Data Softwareesetkaspersky lab

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Peter Sayer

IDG News Service
Show Comments

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?