Former US secretary of state Colin Powell urged companies to take a stronger, yet more balanced approach to security at the McAfee FOCUS 09 conference.
The retired general and diplomat told attendees that executives should seek to take a leadership approach in terms of implementing security.
Powell recalled a story from his own time as head of the US State Department. Charged with leading a massive IT overhaul, Powell had to oversee not only the purchase and installation of the systems, but also the implementation and use of the new technology.
"I changed the hardware and software, but the hardest part was changing the brainware," he explained.
Powell said that the IT overhaul also taught him a valuable lesson about managing security. He explained that the implementation of new technologies brought about an increased risk for attack.
In managing the security risks, Powell said that the department had to be careful not to overly restrict the new systems and hamper their usefulness.
"While I wanted to spread this technology everywhere, I knew we had to protect the department," he explained.
"But I also had to convey that if you have too much protection you can't use these advances."
Ultimately, said Powell, the decision on how to implement and manage security systems should be the job of the top executives. He noted the need for strong leadership and accountability when managing issues as important as data security.
"It is a fine judgement," he explained.
"And it is a judgement that has to be made by the bosses and commanders, not just the security folks."