Can security be a competitive advantage? Are security and privacy at odds with speed and collaboration? How has Sarbanes-Oxley complicated the security challenge? And how do you balance risk and security?

Those are just some of the pressing questions 23 prominent IT executives and academics addressed at a recent daylong executive roundtable at Dartmouth College in Hanover, N.H.

The Thought Leadership Summit on Digital Strategies is an ongoing series of discussions for Fortune 500 CIOs and vice presidents focused on the business issues they face and the enabling role of IT. The summit was co-founded by the Center for Digital Strategies at Dartmouth's Tuck School of Business and Cisco. Network World President and Editorial Director John Gallant moderated the event.

Participants represented some of the largest and most well-known companies in the U.S., including Fidelity, Staples, Citigroup, Owens-Corning, IBM, General Motors, Hasbro and Cisco . On the academic side, Harvard Business School, Bentley College, Dartmouth College and the Tuck School were represented.

The executives shared with peers their security fears, goals, frustrations and challenges. The many challenges include protecting the network against internal and external attacks, educating and training employees on security, obtaining adequate funding from the CEO and board of directors, complying with new federal regulations, and making sure they don't impede the company's business units.

"I never want to be in a position that the business wants to do something and I'm constraining it," said Max Ward, vice president of technology at Staples.

There was widespread agreement on that point, but several participants noted that sometimes they can't avoid it. IT staffers are often so busy putting out fires, fighting viruses and applying patches that they don't have time to think about ways to make the business function better.

The issue becomes even more complex when you're talking about the extended enterprise. "As we extend the enterprise out to the suppliers, having to deal with security and validating that this guy is trusted . . . it's slowing that process down, but we have to do it. There's no way around it," said Doug Schwinn of Hasbro.

John Moore of IBM concurred. "You really want to be able to tie two networks together to have that free flow of information, but if Company A doesn't have the same security standards that your company has, you're really opening up your door to everything that wants to come in."

The emphasis on security also can slow innovation, Fidelity's Jim MacDonald said. Fidelity likes to work with small, innovative tech companies that can "help us get a competitive advantage." But, if the company's security standards are not up to snuff, "we've gone slower creating partnerships with those types of companies."

M. Eric Johnson, director of Tuck's Center for Digital Strategies, said information security is being treated today in a similar way that "quality" was treated 20 years ago: bolted on not built-in, viewed as an inhibitor of operations and residing in a "special" department. "It must move to being designed in at the start, being an enhancer of operations and internalized throughout the company," he said.

The security advantage

On the question of whether stellar security can be a competitive advantage, most took the position that security is a prerequisite for doing business, but not necessarily something a company trumpets in the marketplace.

"Failure in security, that's what gets noticed. If you're successful, it's expected," said Jack Matejka of Eaton.

Hasbro's Ed Kriete took a similar tack. "If you screw it up, there's going to be real consequences, but at this point, it's really a qualifier."

Staples' Ward disagreed, saying one of the reasons the office supply store is taking market share from its competitors is that it has convinced customers that "the system is going to be there when I need it."