Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Latest News
    • Blogs
    • Security Watch

    Taxing Concept? Rewarding Security Winners

    By
    Matthew Hines
    -
    March 5, 2009
    Share
    Facebook
    Twitter
    Linkedin

      We’ve been threatening to punish organizations that mishandle sensitive electronic data and allow attackers to infiltrate their systems to steal consumer records for years, but here’s an interesting new idea – how about rewarding those companies who go above and beyond the norm in doing a good job with data security – with tax breaks?

      I assume that I’ll see pigs fly long before we ever see it actually happen, but you never know what crazy ideas those folks down in DC might glom onto.

      In this case, Pat Clawson, CEO of security vendor, Lumension, gets the credit since he proposed the unique takeoff on how the U.S. government might actually be able to incent organizations to work harder to improve their IT defenses.

      The current system of compliance audits and fines has only encouraged organizations to do responsive “check box” remediation that meets the terms of mandates including PCI and HIPAA, the CEO argues.

      By offering tax breaks and/or credits to companies that can demonstrate that they’ve done a superior job of protecting their assets from attack, we might see a more pragmatic response among organizations that control sensitive data, he said, though Clawson doesn’t go as so far as to suggest any manner of measuring such efforts.

      “We’ve already tried the stick–regulatory requirements such as Sarbanes-Oxley and IPAA have given basic security ultimatums to companies around the country. Sadly, though, regulations don’t always guarantee security and they often have unintended consequence. Years of experience are starting to show that when it comes to the compliance with these well-meaning regulations, companies are following the letter of the law rather than the spirit of the law,” Clawson wrote in a blog on his company’s Web site.

      “This is why we must now introduce a carrot,” he said. “We need to find a way to encourage businesses to improve their security practices–without imposing additional cumbersome regulations that will not substantially improve our nation’s security posture. I believe the answer is to institute tax benefits that give businesses tax credits for making security improvements above and beyond government or industry compliance mandates.”

      So obviously the idea is promoting positive reinforcement, versus negative reinforcement in the form of fines.

      Personally, I’d like to think it’d work better to pay people who do well instead of punishing those who don’t, but all we know how those propositions typically go. We don’t see many compliance rewards being offered out there in the private sector, that’s for sure.

      One of the biggest advantages of such a plan would be that it might create incentives for organizations to invest in new security technologies that they might have otherwise passed on, suggests the CEO, though it’s easy to guess just whose products he thinks people might want to spend their refunds on – especially since he suggests automated security patch remediation tools like those that his company markets.

      “Take a company impacted by the Payment Card Industry Data Security Standard (PCI DSS), for example,” he writes. “One of the requirements is that the business installs a software patch within 30-60 days of its release from the vendor. That’s all well and good–a definite advance over not installing the patch at all. But the company would be most secure if it installed automated patch remediation that provided a way to install the patch within hours of its release. Under my proposal, such a measure would make the company eligible for tax credit.”

      Again, not a surprising suggestion when you consider the source, which previously went by the name PatchLink, but technological allegiances aside, you do have to wonder if it might work. Would companies actually invest the rewards they are paid in the form of tax breaks into better security controls?

      Now, not even this here dyed-in-the-wool blue state borne Democrat would ever expect that Mr. Obama might go so far as to cut taxes for big businesses for doing something they should already be doing on their own. As much as it makes sense to those of us in the business, I’d be curious to know what the public might say. I’m pretty sure that it wouldn’t be “let them eat cake.”

      But, positive reinforcement in regards to something related to IT security… is a pretty interesting idea.

      Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to [email protected].

      Matthew Hines

      MOST POPULAR ARTICLES

      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Cloud

      Yotascale CEO Asim Razzaq on Controlling Multicloud...

      James Maguire - May 5, 2022 0
      Asim Razzaq, CEO of Yotascale, provides guidance on understanding—and containing—the complex cost structure of multicloud computing. Among the topics we covered:  As you survey the...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×