Gartner Blog Network

ITSecurity Gone Wrong: Becoming the Threat

by Greg Young  |  April 16, 2009  |  1 Comment

Car analogies are one of my favorites in discussing ITSec. 

In Ottawa they put a layer of ashphalt at a notorious intersection.  This microsurfacing improved traction and reduced rear-end collisions 39%.  No safety downside, but it costs money.

In Virginia, a study on red light cameras determined that they increased accidents.  But they made money.  There has been some misdirection by apologist that the accidents were now happy rear-enders rather than devastating angle impacts, but that doesn’t wash because injury rates went up.  Officials say drivers need to understand the technology for it to work.  Red light cameras make money for cities, but insurance, police, and health costs are in a different bucket.

At the end of the day, security is about securing things and not getting in the way of business.   The rabbit hole of security ROI too often leads away from security and the business.  Security is and will continue to be a cost center, and people are more the threat than the best solution. 

Don’t spend frivolously, but keep security first and you will support the business, not try and create a competing one and become the threat.

Additional Resources


Greg Young
Research VP
6 years at Gartner
22 years IT security

Greg Young is a research vice president in Gartner and the lead analyst for network security. Mr. Young has experience in IT security in product companies, and in both the private and public sectors. He spent his military career in technology security… Read Full Bio

Thoughts on ITSecurity Gone Wrong: Becoming the Threat

  1. Hank says:

    But what about the broken windows theory!? Don’t we want all those rear-end accidents to happen to give mechanics and car parts companies money for jobs? Duh!


Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.