Why modern security begins with ‘people first’
- Posted on March 26, 2019
- Estimated reading time 3 minutes
This article was originally written by Avanade alum Chris Miller.
It’s almost become a cliché to say that digital transformation (DX) isn’t about technology; it’s about people.
As with most clichés, it’s become this way because it’s true.
To lead effective digital change – whether it’s moving to the cloud or modernizing the workplace – you need to have a deep understanding of the real-life people behind the technology, first.
In fact, a recent article in Harvard Business Review suggested 70% of all DX funding goes to waste because organizations simply don’t consider the impacts to people when it comes to executing on digital plans. The technology was there, but the follow-through wasn’t.
As the global practice lead for security at Avanade, I think we should all be making the exact same argument when it comes to modernizing cybersecurity.
You can’t modernize security without securing your people
This idea is made clear in Avanade’s latest CISO Guide: 5 imperatives to up your security game. In it, we highlight a series of must-dos for the modern CISO – and so many of them revolve around a people-first mentality.
Take, for example, my favorite on the list: The CISO “must put identity at the center of security.” On the surface, this might seem like a pretty fundamental technology concept. But it’s really so much more.
Identity turns out to be one of the leading causes of data breaches, accounting for nearly 65% of all incidents in 2018. It also ends up being one of the most powerful tools for protecting data, in a world where the old firewall is no match for the new threats facing the on-the-go worker.
Our advice is to put identity at the center of your security strategy. By doing so, you can’t help but focus on real people, and real-life scenarios. How are your workers accessing email? How are you allowing collaboration across company lines? Why are you forcing people to remember 10 passwords just to access their apps? Great questions, all of them focused squarely on people.
Another imperative we call out in the guide is perhaps the most surprising one. The modern CISO “must deliver a great user experience.”
Since when did making great user experience (UX) make it on-the-job description of the security pro?
The reality is, no good security leader can effectively achieve his or her goals if the technology they deliver is broken from a UX perspective. Not only are terrible user experiences going to lead to Shadow IT and abusing the rules (human laziness is powerful), but a poor UX will also ensure no one includes security at the table when developing their transformation agenda. By virtue of making the right kinds of behaviors more user friendly, you make your workplace more secure.
Start thinking people-first, security will follow
Just like every other digital leader, CISOs are tasked with implementing cutting-edge solutions, which will drive new sources of revenue, prevent loss and unlock tremendous new value.
And while selecting the right security technologies is important, making sure you understand your people, first, is simply the cost of admission. Failing to do so will ultimately lead to poor execution, dwindling returns and, worst of all, unnecessary risk.