Comment

Secure sharing: Maintaining the right balance

Shutterstock image (by Ismagilov): Businessman with arrows pointing left and right.

Think you can succeed by zeroing in on a single problem? Sorry, but life is not that simple. (Image: Ismagilov / Shutterstock)

In his book “Polarity Management: Identifying and Managing Unsolvable Problems,” Barry Johnson makes the case that although we are trained from a young age to identify and solve problems, many of the challenges we face don’t reflect a single problem to solve. Far more often, the true challenge is a polarity of two things occurring simultaneously. By limiting our view to a single problem to solve, we miss the impact of the related issue that we’re not addressing and end up making things worse, not better.

Examples of polarities are all around us, and they include cost/quality, efficiency/effectiveness and change/stability. Technology leaders face a number of polarities masquerading as problems, and failure to grasp the importance of managing both ongoing issues will inevitably delay or destroy the best-laid transformation plans.

Information security professionals could minimize risk by walling off their organizations from the outside world in hopes of keeping out all the malicious actors. When taken to the extreme, however, that is a sure path to a self-inflicted denial-of-service attack. Bad things don’t get in, but necessary information doesn’t move either.

Similarly, if your job is to advance information sharing, your best efforts might fail to recognize that you’re under attack and your intellectual capital is being served up to adversaries and competitors. In a world where users demand access from any device, anywhere, a successful cyber strategy must embrace both information sharing and information security. By shifting our focus (and language) to “secure information sharing,” we will raise the bar on security while encouraging, rather than thwarting, the flow of knowledge.

By shifting our focus to “secure information sharing,” we will raise the bar on security while encouraging the flow of knowledge.

Another important polarity is determining the balance between work done at the enterprise and local levels. Way back in the last millennium when PalmPilots and Deep Blue roamed the earth, we lived in a world of local-area networks and systems. The advantages of doing things locally included a manageable scale, speed, agility and proximity to your customer. The downside of doing everything locally was that we wasted time and money developing duplicative solutions that were not interoperable and that created electronic barriers to sharing information.

With the advent of the Internet Age, we discovered that we could eliminate the expense of duplicate, disparate solutions. However, the pendulum has perhaps swung too far toward doing things at the enterprise level, resulting in more than a few major system implementations that, due to their immense size, failed to delight anyone by trying to appease everyone.

Agile methodology has demonstrated the power of breaking work into smaller, modular increments, and locally developed apps that meet local needs are classic examples of bigger not always being better. However, if managing the scope of an effort becomes the problem to solve, your preference will always be for smaller solutions, blinding you to the other aspect of the polarity.

Sometimes “evolutionary” change through small engagements is the right path to build momentum and gain support. At other times, “revolutionary” change is needed. If the Defense Department had not demanded a single Common Access Card solution for all 3.5 million of its people, DOD officials would be years behind their current state in addressing identity management, information security, e-business and physical access issues.

We live in a world that demands choice in the applications and devices we use while deriving great value from consolidated offerings such as enterprise services and cloud computing. The art is to understand that both enterprise and local solutions have their place and to ensure that early in your work, you decide the optimal balance to effectively manage the polarity you face.

About the Author

David Wennergren is executive vice president for operations and technology at the Professional Services Council.

Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.