Skip to content

Managing Security ‘Friction’ Inside Your Organization

By Kazim Somji, CTO

March 31, 2021

This is the next article in my series on defining a modern security strategy that includes both cloud and legacy technology systems. In my last article I talked about the need to modernize your security strategy, but also the dangers of not managing the transition away from legacy systems carefully. In this article I want to explore the problem of friction and how too much security can impact your business.

Many security managers might ask ‘too much?’ Surely more security is better? To a certain extent I would agree, but this is a balancing act because if you let your business operations team “do anything” because security is very weak then your all assets are in danger. If you apply so much security that they are endlessly blocked from basic transactions and operations, your security efforts are preventing the organization from functioning effectively.

This is the next article in my series on defining a modern security strategy that includes both cloud and legacy technology systems. In my last article I talked about the need to modernize your security strategy, but also the dangers of not managing the transition away from legacy systems carefully. In this article I want to explore the problem of friction and how too much security can impact your business.

Many security managers might ask ‘too much?’ Surely more security is better? To a certain extent I would agree, but this is a balancing act because if you let your business operations team “do anything” because security is very weak then your all assets are in danger. If you apply so much security that they are endlessly blocked from basic transactions and operations, your security efforts are preventing the organization from functioning effectively.

I like to talk about this issue as friction. If a person working in a metal shop pushes harder and applies more friction to the tool, then sparks fly. That exactly is what can happen inside your business when you push harder and harder for greater security.

Security naturally creates friction inside a business. It slows down the processes that allow your company to function, but it plays a critical role in identifying which processes are a part of normal operations and which could be dangerous. Let’s identify both healthy and unhealthy friction, according to the Microsoft definition:

  • Healthy Friction: we know from exercise that regularly stretching the same muscles makes them stronger and this can also apply to security by reinforcing behaviors and actions that will strengthen security. By regularly considering how and why an attacker might try to compromise your system then reviewing, identifying, and fixing vulnerabilities you can integrate security – and continuous improvement – into daily operations.
  • Unhealthy Friction: this is when your security processes cause more problems and have more impediment to value than whatever you are protecting. False alarms are a particular problem and when your system is designed in a way that makes it very difficult to discover and fix security flaws then it can be very expensive just to manage and control.

So the question of security friction requires planning across a number of areas:

  • Awareness: is everyone in the organization aware of where and how attackers may attempt to access the system? Are you testing their reactions to threats such as phishing?
  • System design: can you investigate and discover flaws while the system is being used or can you only run tests when the business is not operating?
  • Partnership: is your management and business line on board with security or do they consider that you are just trying to prevent them doing their job effectively? Try building a partnership and helping them understand the value you are offering by protecting them and their data.

Let me know what you think by getting in touch directly via my LinkedIn profile. Follow the WatServ company page on LinkedIn to ensure you never miss our articles and commentary.

Sagen case study whitepaper

CASE STUDY

Sagen is Digital Ready for the Future with WatServ Providing Cloud & Cybersecurity

WatServ demonstrates best-in-class capability and market leadership through proven technology and customer commitment.

About

WatServ is an IT solutions provider that helps clients digitally transform their business through cloud technologies and services. Founded in 2006, WatServ specializes in providing hybrid and multi-cloud solutions and hosting complex, high-availability environments for enterprise-level applications. WatServ’s unique approach to planning, migrating and managing multi-cloud environments, plus premium 24x7x365 support, enables its global customers to focus on their core business. Relying on Microsoft and Google’s public clouds, in addition to its own private cloud, the company offers an ideal managed cloud environment engineered for security, reliability and performance. With offices in Canada and the United States, and with 1000’s of users connecting from around the world, WatServ is always on. For more information, please visit www.watserv.com.

WatServ is an affiliate of Brookfield Business Partners (BBU), a public company with majority ownership by Brookfield Asset Management Inc. and listed on the New York and Toronto Stock Exchange. More information about BBU is available at www.brookfield.com.

Skip to content