Security and Efficiency are closely tied. When I use the word “efficiency”, it includes terms like productivity, work done, profitability, performance or any other term that indicates results that an organization wants.
Qualitatively the relationship between efficiency and security can be described by the following graph:
Where efficiency is the vertical axis and security is the horizontal axis.
When you have no security, no work gets done and efficiency is zero. When there is no security, all your work is stolen or compromised. When security is very high, no work gets done and efficiency is also zero. A powered down computer system is very secure and is immune to hacking.
The trick is to find the level of security that maximizes efficiency. This will vary with the organization, the individual, with the kind of security and the kind of work being done.
Traditional security personnel invariably tend to be on the right hand side of the curve. Users, developers and traditional user support tend to be invariably on the left hand side of the curve.
The goal of an organization should be to be at the top of the curve. Not too much security, not too little security but the right amount to maximize productivity across the organization.
It is a tough balancing act to produce … I wonder if opportunities to engage in more ongoing conversations can pull both camps towards the center? One of the things I have always tried to do (no matter where I have sat in an organization) is model open discourse and create pathways to communicate. As silly as the Coffee with Cole thing sounds it is part of a larger notion of openness and engagement … so are SB You and the rising use of Yammer. Communication and engagement aren’t the only ways to help balance the equation, but they are two strategies that I have seen work and have used effectively. I wonder what thoughts others have various ways to get to the top of that curve — in balance?