As a technology company, this is sometimes kind of hard to swallow. Technology is not the limiting factor in security. We have the technology to lock down something so well that it can’t even be used (which I would say is a failure of security, but that is not the point). But, while we continually look for technology or that latest and greatest component to “solve” our problems, we have to remember that the key is not what technology you acquire, but rather the application of that technology. Any doubters would do well to read the article over at
http://www.itpro.co.uk/internet/news/182871/staff-forced-to-bypass-security-controls.html to see the results of their study that suggest 68% of respondents admit to bypassing security controls in order to do their job. Its not a challenge easily solved, but it helps highlight the need that we can’t fire and forget our security controls. They must be thoughtfully implemented, then monitored and audited effectively.