Taking the IT out of security

By Angela Coble*
Thursday, 10 October, 2013

It was interesting when I read the guidelines to submit a solutions article to Technology Decisions for consideration - “…describe how a particular product or technology has been applied in a real-world, industry situation (…) to overcome a particular hurdle”. In my opinion, the greatest gain we have seen in IT, and security more specifically, has been without a “product” or “technology” but with simple messages and human interaction.

I know - I am in IT yet I’m advocating technology is not the solution! I don’t have some great new technology to excite you all, nor a widget of a product that miraculously delivers the most wanted outcome in security - that ‘secure’ risk posture! Nope! I’m giving a different perspective and am here to say that to get the greatest ‘bang for your buck’, it just takes a lot of hard work, plenty of talking and loads more listening - it’s as simple as that to create a security program that is mutually beneficial, to the person and the company.

I’m not so sure I understand why at the moment, everywhere I turn, and in varied articles I read from our peers, everyone seems to be preaching the same message - awareness and education. There are plenty of great ideas out there, but what makes any one strategy or solution more successful than the other, and why aren’t people listening?

I can’t answer that question but what I can suggest is that this back-to-basics approach, above all else, may deliver an outcome that sustains any new technology. Here’s a novel idea: if you reduce the complexity, make the message meaningful and deliver it in a timely manner, people will be receptive and will want to listen.

So, sorry, here is no silver bullet. However, I am constantly reminded of the chocolate elephant: how do you eat a chocolate elephant? Just start at his tail and take a bite. Or the tortoise and the hare: slow and steady wins the race.

In security, racing to the finish line is not an option. There is no finish line. It’s the journey that we chose to take our colleagues, family and friends on that makes all the difference when it comes to protecting our most valuable assets. For some it is intellectual property and for others it is their 9-year-old child facing our ‘online’ augmented reality.

*Angela Coble is Global Manager, Enterprise Security & Risk Management at Johnson & Johnson. A locally and internationally published author with extensive knowledge in health, utilities and finance sectors, enthusiasm and personal energy has supported Angela’s eclectic experience. During a career spanning 20 years, Coble has enjoyed senior manager roles in consumer strategy, strategic development, information management and security programs, and more.