Over the past few years working as a consultant, I have noticed a disturbing trend occurring in companies across multiple industries. Due to the increasing number and seriousness of security breaches, I see companies tightening their security without stopping to consider the total impacts of what they are doing, what problem they are fixing, and how they will identify and address negative issues caused by the changes implemented.
A prime example is a company that decided to implement wholesale security upgrades on all workstations and laptops company-wide. The stated reason for this was to protect customer data in the event of loss of equipment. The company had experienced several stolen laptops containing customer data, and was attempting to resolve the issues surrounding data on stolen portable equipment. However, the upgrade was applied to all systems, including fixed systems and systems that held no sensitive data. The change was implemented without communicating with the distributed workforce about the impacts this change would have.
The net effect of the change was that equipment boot times increased dramatically. Employees reported boot times ranging from 15 to 30 minutes, and severe loss of performance once the system was up. In effect, the company had introduced a daily manpower loss averaging 1/16th of a workday per person across the entire company. (Doing the math, some estimates of the productivity loss from this change were in the mid seven figure range.) Not surprisingly, employees (being people) began to devise workarounds to defeat the so-called upgrade.
Oddly enough, such unfocused security implementation frequently goes unquestioned by the very people who should be asking the most business impact questions: senior management. So, I would ask CEOs and CFOs this question: Have you considered whether it might be more efficient to increase the security budget to provide targeted, granular, appropriate solutions? Will you really be satisfied with a very expensive, wholesale, one-size-fits-all approach that ultimately doesn’t solve the problem?
TMCnet publishes expert commentary on various telecommunications, IT, call center, CRM and other technology-related topics. Are you an expert in one of these fields, and interested in having your perspective published on a site that gets several million unique visitors each month? Get in touch.
Edited by Jennifer Russell