Skip to content

Managing Security ‘Friction’ Inside Your Organization

By Kazim Somji, CTO

March 31, 2021

This is the next article in my series on defining a modern security strategy that includes both cloud and legacy technology systems. In my last article I talked about the need to modernize your security strategy, but also the dangers of not managing the transition away from legacy systems carefully. In this article I want to explore the problem of friction and how too much security can impact your business.

Many security managers might ask ‘too much?’ Surely more security is better? To a certain extent I would agree, but this is a balancing act because if you let your business operations team “do anything” because security is very weak then your all assets are in danger. If you apply so much security that they are endlessly blocked from basic transactions and operations, your security efforts are preventing the organization from functioning effectively.

This is the next article in my series on defining a modern security strategy that includes both cloud and legacy technology systems. In my last article I talked about the need to modernize your security strategy, but also the dangers of not managing the transition away from legacy systems carefully. In this article I want to explore the problem of friction and how too much security can impact your business.

Many security managers might ask ‘too much?’ Surely more security is better? To a certain extent I would agree, but this is a balancing act because if you let your business operations team “do anything” because security is very weak then your all assets are in danger. If you apply so much security that they are endlessly blocked from basic transactions and operations, your security efforts are preventing the organization from functioning effectively.

I like to talk about this issue as friction. If a person working in a metal shop pushes harder and applies more friction to the tool, then sparks fly. That exactly is what can happen inside your business when you push harder and harder for greater security.

Security naturally creates friction inside a business. It slows down the processes that allow your company to function, but it plays a critical role in identifying which processes are a part of normal operations and which could be dangerous. Let’s identify both healthy and unhealthy friction, according to the Microsoft definition:

  • Healthy Friction: we know from exercise that regularly stretching the same muscles makes them stronger and this can also apply to security by reinforcing behaviors and actions that will strengthen security. By regularly considering how and why an attacker might try to compromise your system then reviewing, identifying, and fixing vulnerabilities you can integrate security – and continuous improvement – into daily operations.
  • Unhealthy Friction: this is when your security processes cause more problems and have more impediment to value than whatever you are protecting. False alarms are a particular problem and when your system is designed in a way that makes it very difficult to discover and fix security flaws then it can be very expensive just to manage and control.

So the question of security friction requires planning across a number of areas:

  • Awareness: is everyone in the organization aware of where and how attackers may attempt to access the system? Are you testing their reactions to threats such as phishing?
  • System design: can you investigate and discover flaws while the system is being used or can you only run tests when the business is not operating?
  • Partnership: is your management and business line on board with security or do they consider that you are just trying to prevent them doing their job effectively? Try building a partnership and helping them understand the value you are offering by protecting them and their data.

Follow the WatServ company page on LinkedIn to ensure you never miss our articles and commentary.

Sagen case study whitepaper

CASE STUDY

Sagen is Digital Ready for the Future with WatServ Providing Cloud & Cybersecurity

WatServ demonstrates best-in-class capability and market leadership through proven technology and customer commitment.

About

WatServ is an IT solutions provider that helps organizations digitally transform through cloud technologies and managed services.

Serving clients as a trusted advisor since 2006, WatServ provides experience-tested, strategic solutions across all stages of the digital transformation journey. Clients choose WatServ to migrate infrastructure and applications to the cloud, secure critical data, implement disaster recovery, deploy virtual desktop, enable data-readiness for productivity solutions and manage IT environments.

Our clients span a broad range of industries, and we’re a global supplier of IT services for many Brookfield Portfolio Companies. To help our mid-size clients, we provide scalable offerings that simplify cloud adoption and drive business optimization. For enterprise clients, we co-create cloud solutions that enable stability and efficiency for complex IT tools and processes.

With more than 15 years of experience, WatServ has a track record of delivering quantifiable business results and a superior client experience. Ranked as one of Canada’s Top 100 Solution Providers for the last three years in a row, WatServ is always on.

Skip to content