Finally, they're starting to "get" security

When I started focusing my attention on Information Security, the only people who wanted to speak with me were cops and geeks. Four years later, information security has become a mainstream topic. Now anyone who hears what I do for a living wants to chat with me (though I still prefer the cops and geeks).

Yup, security is hot and getting hotter. Now John Q. Public is even catching on to even more esoteric Corporate and IT governance topics, disaster recovery and risk management. Why? I believe it's the combination of unprecedented events like 9/11, the Indian Ocean Tsunami, and Hurricanes Katrina and Rita along with 24 hour news coverage, the Internet and bloggers.

It's nice to see that some large organizations understand the implications here. Case in point, I received a recent correspondence from Vanguard, the big mutual fund company in Pennsylvania. To my surprise, this wasn't a marketing document about new funds or retirement accounts; it was a high level description of business contingency planning and disaster recovery programs!

The document was a simple one-pager with text about contingency planning, programs, testing, communication and data security. No meaty IT stuff that nerds like me find interesting, just some reassuring text about Vanguard's disaster planning methodology and commitment. My take: Kudos to Vanguard for being proactive here. Given the messy state, local, and federal response to Katrina, it's nice to see a company controlling a lot of people's retirement dough addressing this dicey issue head on.

This document should also be seen as a sign of things to come. More and more consumers will make strong security, disaster recovery/business continuity, and risk management part of the cost of getting their business. In other words, Joe Average will soon think something like, "You want my business (Vanguard, Allstate, Blue Cross Blue Shield, Verizon or any other company)? Prove to me that you won??t lose my personal data or be washed out in the next Hurricane."

When this happens -- and it will -- government regulations will be a secondary consideration. Companies will jump on the risk management bandwagon before their customers hit the road.

It kind of sucks but the more we depend upon information as currency the more we have to come to terms with these risks. The potential consequences are really high and even private citizens are starting to realize this.