How do the staff in your enterprise feel about your IT security policy? Does it restrict them? Or does it free them to do their work? Do they know what it is and do they follow it or ignore it? Do they like it or loathe it? Have you asked them recently?
In many organisations, an IT security policy is something to be feared. It’s often restrictive and counter-productive to good work and appropriate information delivery – doubly so for remote workers. But will an over-zealous, archaic security policy hold your company back? The simple answer is yes.
Security is essential, that much is obvious. BYO and social media offer new challenges to IT teams in terms of keeping company data and information safe. But many companies – especially those with remote workers – are hindering their staff by holding on to traditional security policies that were created for the desktop user. It will be difficult for any company to truly become a mobile enterprise when it is inhibiting its staff and not letting them perform to their full capabilities.
That’s why it’s important to start moving away from security and towards strategy. The days of the IT function acting as prison wardens is over. Strict, one-size-fits-all rules are no longer appropriate when people need to access information remotely, use social media to boost business, or work from a device that isn’t company issue. The IT function needs to instead take on a community policing role, guiding and advising.
By doing this, fluid strategies that are created with the input of an enterprise’s employees will emerge. Strategies that ensure companies can harness mobility rather than let it consume them. However, if your organisation is still being ruled by rigidity, here are three reasons why an archaic security policy will hold your company back.
You’re Still Driving the IT Agenda
We’re moving away from working practices where the IT function decided what the best equipment for people to work on was. IT technology is being driven by the people that use it. Forcing people to use technology they’re not familiar with can stifle creativity and productivity; forcing them off sites and channels they’re happy using can, in some cases, result in a loss of business. As Ade McCormack says in his white paper, DIY IT, “CEOs will always side with a money-generating business unit over a whinging support function.”
More importantly, there’s a huge struggle going on to hire staff that are intuitively interweaving the latest technology trends into their lives. These people are highly creative and possess the ability to give companies an edge and potentially offer disruptive insights into any given market. These are the people who are going to drive businesses forward. The problem for the IT function, in terms of security, is that these people don’t feel obliged to be corporately compliant and they don’t want to be dictated to in terms of what devices and tools they can use to get the job done. It’s these people that will further drive the IT agenda.
And here lies the challenge for the IT function when it comes to maintaining high levels of security. Applying old rules to new people, new technology and new ways of working is clearly not going to work. A new strategy needs to be developed in order to allow people the freedom to work.
You’re Stemming The Flow of Information
The 3rd Platform – the convergence of big data, mobile, social media and cloud – is allowing companies to engage with their staff, customers and partners in completely new ways. It’s a perfect storm – a once in a generation occurrence – where the most powerful forces in IT are coming together in way that will change the way we work. It’s feeding the BYO movement and allowing ever more effective remote working. Legacy security policies built for the factory age will be swept aside and the CIOs that uphold them will be carried along with them.
It’s the 3rd Platform that’s allowing companies to deliver information in new appropriate and context-sensitive ways. Trying to build a business around the 3rd Platform while adhering to a traditional restrictive IT security policy is like trying to cycle up a hill on a locked bike – you can see the end goal, you have the tools to reach it, but are being held back by inappropriate security measures. If remote workers can’t access the information they need to do their job due to security measures created for desktop users, how does that benefit the company?
Yes, there are risks involved with allowing staff to use social media and their own devices. There are risks involved with using unsecured networks when working remotely. Data loss is something that threatens to compromise companies. But are strict rules that inhibit productivity and growth the right solution? If the IT function’s reaction is to encrypt everything – including BYO devices – the flow of data becomes stymied.
You’re Controlling Rather Than Collaborating
Collaboration is key in the modern workplace. Society is built around it. Smart enterprises are trying to shift the working environment towards a societal standard in an attempt to improve the work/life balance.
Companies that adhere to traditional restrictive security policies tend to be those that still work in top down authoritative structures. Proscriptive attitudes towards security have led to the IT function building high perimeter walls to keep dangers out. But these walls have also hemmed employees in, restricting their freedom and forcing them to ask permission to leave and roam outside. This is slowing down business growth and employee productivity. If an employee can make a sale through social media channels, should they be able to act immediately or should they have to ask permission from the IT function first?
How to Fix Your Security Policy
Traditional IT security policies have the potential to suffocate and kill mobile enterprises before they even get a chance to get off the ground. But there’s still hope. A move from security to strategy will allow companies to give their staff the freedom to be creative, productive and drive growth.
Forging a strategy doesn’t mean leaving security issues to one side. Instead, build a strategy that takes into account business aims and user needs. Collaborate with employees and get them to help define the security strategy. Advise and educate them on privacy and security issues. Build highly visible usage policies and help them understand the risks involved with BYO in terms of losing their personal data if a device is compromised.
The smart CIOs will create security policies appropriate to their organisation and the market it operates in. Will you be one of them or do you want to be a CI-No?