So often when working with clients, you can tell how seriously they take security right there in the middle of the discussion. While security is always a trade off - between uber-secure and ease of access and cost. IT people will err on the side of security (locking everything down that they can possibly get their hands on), while users will almost always err on the side of convenience.
This week Hillary Clinton told us all that when it comes to security, she clearly leans on the side of convenience (at least that's what she said). Nevermind that you can have two email addresses on one device these days. And nevermind that it would only take you a millisecond of searching on Google to find an image of her holding her iPad and iPhone and Blackberry all at the same time. Now, this isn't a partisan political piece here. I'm just trying to communicate what I believe to be a very valid point.
How on earth can we get business owners, key decision makers, let alone their staff to take security seriously if such a high ranking official as our former Secretary of State won't? And this is when it relates to national security matters!!!
My point here is almost always - from Hillary, to Sony, to Anthem, to you name it - substantial security efforts can only take place in an environment where it's taken seriously. And this means the right message has to come from the top down. When convenience always supercedes security, don't waste your time trying to secure anything. You're just spinning your wheels and hiding your head in the sand.
Now, don't get me wrong. This doesn't mean I'm proposing that security is an all or nothing concept. What I am saying, is - take it seriously. Be just a little bit more agressive. To secure things, sometimes you do have to complicate things. Sometimes, security takes precedence over convenience. Keep this in mind when you're deciding which way to lean on this issue.