Thoughts from the Gartner Security and Risk Management Summit
Attending Gartner’s Security and Risk Management Summit this month proved to be a great experience for me. Eighty percent of the conference’s themes, especially the day-one keynote, could have passed for an anonymized version of our strategy. The focus on providing both productivity and capability to digital businesses while improving security at the same time mirrors the core of our thinking.
One thought struck me more than anything else. The whole IT Security industry hangs on the premise that most people do the right thing most of the time (i.e., some people do the wrong thing some of the time, either accidentally, willfully or maliciously). Malicious attacks need serious attention and security teams need tools that support their defensive activities, but the accidental and willful breaches of policy can be approached in a different way. Accidental breaches are often caused by the complexity of the tools and systems that people use. Willful breaches are often justified by the need to serve a client or to “get the job done”.
With that thought in mind, what if our solutions focused on making it easy for almost everyone to do the right thing almost all of the time? What if they reduced the accident count significantly at the source and made it easier to use the right tools and processes instead of the willful and well-intentioned work-around? What if we greatly reduced the amount of information available that malicious entities could attack? Wouldn’t this be the biggest step forward in building confidence, both inside our organizations, and with all of clients and customers, whose information we care about protecting?
I think there is a great opportunity to build a positive self-reinforcing culture of security awareness. An approach like this would not replace the sophisticated technology monitoring of what is going on, but it could dramatically reduce the number of input events into our security tools and systems.
How can this be achieved? The old chestnut that security should be designed into our solutions and workflow processes is key. In addition, the solutions we implement need to work in the context of the user. They need to be familiar, comfortable and intuitive. The user’s experience needs to be secured with solutions that are aware of the user’s workflow, deliver the productivity they need and integrate with the base document storage and editing tools being used. The best solutions change what they do depending on the workflow, the context and the content itself. When we get to this point, we will greatly reduce the number of both accidental and willful security breaches. This in turn will make it harder for the malicious to make use of any vulnerabilities by reducing the attack surface considerably.
At Litéra, we’ve been producing productivity software for sixteen years. In the past five, we’ve focused heavily on securing the document lifecycle in ways that improve productivity for individuals and teams. The journey has been a fairly lonely one as there aren’t many solution providers delivering capability that drives benefit in both productivity and security.
As a simple example of this, consider our Litéra Secure File Transfer solution. Most clients who implement it already have an existing method for sharing large files and/or sharing files securely. They all get complaints that those systems are too hard to use or don’t fit into the normal workflows seamlessly. When the Litéra solution is implemented, we see increases in the volume of secured files of 10 to 100 fold. In a typical client, this means that thousands of documents a week that were being shared externally, without security, are now protected. The change in behavior happens quickly because the option to send securely is available in the normal workflow where it makes most sense to the end user. People are more aware than ever of what needs protecting and what doesn’t, and generally make good choices once the capability is easy to use.
Litéra Secure File Transfer is just one example of what we mean when we say, “making it easy to do the right thing”. We have solutions that deliver on the same promise across the document lifecycle. Any of us would be delighted to discuss your needs in this space.