I participated on a panel discussion at SecureWorld Boston yesterday. The discussion topic was striking a balance between productivity and security and it yielded three thoughts that I would like to discuss in today’s blog.

1. The notion that our companies are going to employ the same type of security policies that we used over the last 30 years is ludicrous. With the arrival of the digital natives into the workforce, simply assuming that your new knowledge workers can adapt to your existing security policy is a farce.How do you establish security mechanisms for information when the people who use this information and data on a daily basis have a much more radical perception on information security and risk? Most digital natives think nothing of providing personal information via the Internet because there is a firm understanding that the information already exists there. These digital natives have grown accustomed to the idea that you should check your credit report every six months and always look for fraudulent charges when the statement arrives.
   
   That’s much different than the digital immigrants, who were taught to hold onto information as if it were classified government secrets. Unfortunately for us (I am also a digital immigrant), the digital natives will take over the workplace and that means the policies and technologies that we put in place to ensure proper risk mitigation have to be elastic and extensible to give new workers, new partners, and new customers the experience that they will be accustomed to in this world of digital natives.

   Action item: Be prepared to create security policies and procedures that take into account the contextual sensitivity of the owner and user.

2. Speaking of information technology over the last 30 years, isn’t it amazing that FTP, HTTP, and SMTP continue to be the focal point of where companies need to perform risk mitigation, data loss prevention, malicious code detection, and every other security buzzword there is? Why is that? Because more often than not, those of the forward facing protocols were implemented by humans. Got to love it.
3. My last comment during the panel was controversial…so why not repeat it? The question from the moderator was: What should companies do today to best balance worker productivity and security concerns?

   My answer was that all companies should single out people. Each of those people should be tasked with understanding everything about the current and future strategies of Microsoft, Google, Apple, and IBM. Microsoft because they make insanely difficult computing tasks ridiculously easy; Google because they do the above for free; Apple because they do the above and aim to have consumers bring their technology into the organization; and IBM because they will perfect it and charge enterprises a premium.

   Just something to think about…