- Email: [email protected]
The changing role of security
Column
The changing role of security Martin Blackhurst Look at the average 20-year-old today and you will see insights into the future operation of business. Consciousness about how, where and when to communicate and access information will be replaced by a mindset that does so without thinking, regardless of location, with whatever tools are at their disposal. Business life will operate largely from a smart phone, notebook or thin client, not a PC and desk in the traditional sense. The tools of the trade will be social networking sites, online meeting places, text and IM, as much as email and phone. In just three years’ time, current university entrants will be approaching their mid-20s and already be established in the workforce. They will be the young driving force in organisations, keen to put their stamp on the way things are done, inducing a radical switch in the way we do business. These changes will affect means of communication, networking and collaboration, both inside and outside work. Work and non-work boundaries will become not just blurred, but totally non-existent. With home working and mobile business already prevalent, work patterns will flex beyond known capabilities. New mindsets in the workplace will be required to deal with the information addiction that our newest employees demand. Productivity, to them, will be based on doing what’s needed, when it’s needed, at any point during the day. So why does all of this matter? Because these changes will mean a radically altered view of the role of information security within organisations. This next generation of employees will trigger a necessary change in mindset and approach to securing an organisation for success. The origins of information security date back to a time in the not-so-distant past, but when organisations were vastly different to what they will be in just three years. The threats are changing, and so is the role of security. It’s no longer just about locking up your data. It’s going to be about letting data flow as freely as is securely possible to achieve the best economic returns. To manage this change, organisations must evolve their IT security strategy away from excessive security, or ‘lock down’ that will stifle innovation and productivity. Insufficient security may make the level of risk outweigh the potential benefits of more open exploration of ideas and information freedom, but optimal security will enable personal preference, freedom and flexibility in a secure manner. Information security will have the power to be more than just an insurance policy. With the controls set correctly, security will be the new rudder that steers firms towards increased success while simultaneously achieving business goals.
Martin Blackhurst, Redstone Managed Solutions
This next generation of employees will trigger a necessary change in mindset and approach to securing an organisation for success
CHECKLIST FOR ACHIEVING OPTIMAL IT SECURITY 1. Corporate information security must never be on default full volume; it must initially start at an acceptable level and be increased to the maximum point necessary 2. If your staff morale and performance is affected more by security breaches than it is by lack of information access, then your security measures are too relaxed 3. If the inverse of No. 2 is true, then your security measures are too stringent 4. A lesson in trust can be equally, if not more, beneficial to your workforce than a security monitoring system 5. It’s not tomorrow’s modes of communication that are insecure, it is the people who do not understand them well enough 6. Security is there to serve the business; business is not there to serve security 7. Active data, irrespective of how or where it is accessed, is the critical corporate asset. It must be monitored, but managed 8. In no uncertain terms should organisations reduce or forget security, they should however, review its value regularly.
JULY/AUGUST 2010
37
The changing role of security Martin Blackhurst Look at the average 20-year-old today and you will see insights into the future operation of business. Consciousness about how, where and when to communicate and access information will be replaced by a mindset that does so without thinking, regardless of location, with whatever tools are at their disposal. Business life will operate largely from a smart phone, notebook or thin client, not a PC and desk in the traditional sense. The tools of the trade will be social networking sites, online meeting places, text and IM, as much as email and phone. In just three years’ time, current university entrants will be approaching their mid-20s and already be established in the workforce. They will be the young driving force in organisations, keen to put their stamp on the way things are done, inducing a radical switch in the way we do business. These changes will affect means of communication, networking and collaboration, both inside and outside work. Work and non-work boundaries will become not just blurred, but totally non-existent. With home working and mobile business already prevalent, work patterns will flex beyond known capabilities. New mindsets in the workplace will be required to deal with the information addiction that our newest employees demand. Productivity, to them, will be based on doing what’s needed, when it’s needed, at any point during the day. So why does all of this matter? Because these changes will mean a radically altered view of the role of information security within organisations. This next generation of employees will trigger a necessary change in mindset and approach to securing an organisation for success. The origins of information security date back to a time in the not-so-distant past, but when organisations were vastly different to what they will be in just three years. The threats are changing, and so is the role of security. It’s no longer just about locking up your data. It’s going to be about letting data flow as freely as is securely possible to achieve the best economic returns. To manage this change, organisations must evolve their IT security strategy away from excessive security, or ‘lock down’ that will stifle innovation and productivity. Insufficient security may make the level of risk outweigh the potential benefits of more open exploration of ideas and information freedom, but optimal security will enable personal preference, freedom and flexibility in a secure manner. Information security will have the power to be more than just an insurance policy. With the controls set correctly, security will be the new rudder that steers firms towards increased success while simultaneously achieving business goals.
Martin Blackhurst, Redstone Managed Solutions
This next generation of employees will trigger a necessary change in mindset and approach to securing an organisation for success
CHECKLIST FOR ACHIEVING OPTIMAL IT SECURITY 1. Corporate information security must never be on default full volume; it must initially start at an acceptable level and be increased to the maximum point necessary 2. If your staff morale and performance is affected more by security breaches than it is by lack of information access, then your security measures are too relaxed 3. If the inverse of No. 2 is true, then your security measures are too stringent 4. A lesson in trust can be equally, if not more, beneficial to your workforce than a security monitoring system 5. It’s not tomorrow’s modes of communication that are insecure, it is the people who do not understand them well enough 6. Security is there to serve the business; business is not there to serve security 7. Active data, irrespective of how or where it is accessed, is the critical corporate asset. It must be monitored, but managed 8. In no uncertain terms should organisations reduce or forget security, they should however, review its value regularly.
JULY/AUGUST 2010
37