Secure sharing: Maintaining the right balance

In his book “Polarity Management: Identifying and Managing Unsolvable Problems,” Barry Johnson makes the case that although we are trained from a young age to identify and solve problems, many of the challenges we face don’t reflect a single problem to solve. Far more often, the true challenge is a polarity of two things occurring simultaneously. By limiting our view to a single problem to solve, we miss the impact of the related issue that we’re not addressing and end up making things worse, not better.

Examples of polarities are all around us, and they include cost/quality, efficiency/effectiveness and change/stability. Technology leaders face a number of polarities masquerading as problems, and failure to grasp the importance of managing both ongoing issues will inevitably delay or destroy the best-laid transformation plans.

Information security professionals could minimize risk by walling off their organizations from the outside world in hopes of keeping out all the malicious actors. When taken to the extreme, however, that is a sure path to a self-inflicted denial-of-service attack. Bad things don’t get in, but necessary information doesn’t move either.

Similarly, if your job is to advance information sharing, your best efforts might fail to recognize that you’re under attack and your intellectual capital is being served up to adversaries and competitors. In a world where users demand access from any device, anywhere, a successful cyber strategy must embrace both information sharing and information security. By shifting our focus (and language) to “secure information sharing,” we will raise the bar on security while encouraging, rather than thwarting, the flow of knowledge.

By shifting our focus to “secure information sharing,” we will raise the bar on security while encouraging the flow of knowledge.

Another important polarity is determining the balance between work done at the enterprise and local levels. Way back in the last millennium when PalmPilots and Deep Blue roamed the earth, we lived in a world of local-area networks and systems. The advantages of doing things locally included a manageable scale, speed, agility and proximity to your customer. The downside of doing everything locally was that we wasted time and money developing duplicative solutions that were not interoperable and that created electronic barriers to sharing information.

With the advent of the Internet Age, we discovered that we could eliminate the expense of duplicate, disparate solutions. However, the pendulum has perhaps swung too far toward doing things at the enterprise level, resulting in more than a few major system implementations that, due to their immense size, failed to delight anyone by trying to appease everyone.

Agile methodology has demonstrated the power of breaking work into smaller, modular increments, and locally developed apps that meet local needs are classic examples of bigger not always being better. However, if managing the scope of an effort becomes the problem to solve, your preference will always be for smaller solutions, blinding you to the other aspect of the polarity.

Sometimes “evolutionary” change through small engagements is the right path to build momentum and gain support. At other times, “revolutionary” change is needed. If the Defense Department had not demanded a single Common Access Card solution for all 3.5 million of its people, DOD officials would be years behind their current state in addressing identity management, information security, e-business and physical access issues.

We live in a world that demands choice in the applications and devices we use while deriving great value from consolidated offerings such as enterprise services and cloud computing. The art is to understand that both enterprise and local solutions have their place and to ensure that early in your work, you decide the optimal balance to effectively manage the polarity you face.