A growing number of commentators are pointing the finger at the Societe Generale security function as being at fault in allowing "rogue" trader Jerome Kerviel to eventually bring the bank to its knees. Security product vendors are taking the opportunity to position their technology as being solutions that could have prevented this failure.

It is certainly the case that many forms of control technology can overcome human weakness. But at best, it is misguided to believe that technology failure is the root vulnerability, and at worst, this is an attempt to turn the security staff into the scapegoat. Believe me, the security managers were fully aware of the problem and had warned about it many times.

It has always been well-recognized in the financial services arena that trading staff do not follow even the simplest security procedures. Sharing of logins on the trading floor is the normal way that they do business. These are people who do not follow the rules. Not only do they not follow the rules, but their management and the bank management also feel that rules should not apply to these people.

The crux of that problem is that they are treated as golden geese, and any attempt to inhibit their flexibility is avoided, because the result might be fewer golden eggs. It isn't a security failure; it is a governance failure. And it is not a problem unique to SocGen. This is the way financial services firms run their trading floors, and there should be no reason to feel that other banks aren't equally or even more vulnerable to such an incident.

If you want to douse the flames of the bonfire of the vanities, you have to start at the top, not the bottom. Real improvements in risk management can come about only if top management is sincere in setting an agenda that balances short-term profits with long-term corporate viability and social responsibility.