Page 197 - Cyber Defense eMagazine March 2024
P. 197
This culture change also involves recognizing and rewarding good security practices. By highlighting
instances where teams have successfully balanced innovation with security, organizations can
demonstrate the value of good friction in action. This not only reinforces the desired behavior but also
shows that the organization values security as an enabler of innovation.
Challenges and Considerations
Adopting a system of guidelines and guardrails is not without its challenges. It requires a delicate balance
between providing enough freedom to innovate and ensuring adequate security measures are in place.
Organizations must clearly articulate the rules to avoid ambiguity that could lead to security lapses. They
must monitor the guardrails to ensure no one leaps over them to run outside the business’ chosen path.
Critically, this approach demands a higher level of security awareness among all employees,
necessitating ongoing education and engagement initiatives.
The transition to good friction requires a shift in mindset at all levels of the organization. It involves trusting
teams to make the right decisions within the defined guardrails and being open to adjusting these
guidelines as the business and its security needs evolve.
Conclusion
In the quest for robust cybersecurity, replacing bad friction with good friction represents a paradigm shift
towards a more agile, innovative, and secure organization. By adopting a system of clear guidelines and
guardrails instead of barriers, businesses can empower their teams to make informed decisions that
balance the need for innovation with the imperative of risk management. This approach not only
synchronizes cybersecurity to the pace of business, but also cultivates a culture of security mindfulness
that permeates every level of the organization. As we move forward in this digital age, embracing good
friction in cybersecurity is not just beneficial; it's essential for maintaining competitive advantage in an
increasingly complex landscape.
About the Author
Craig Burland is CISO of Inversion6. Craig brings decades of pertinent industry
experience to Inversion6, including his most recent role leading information
security operations for a Fortune 200 Company. He is also a former Technical Co-
Chair of the Northeast Ohio Cyber Consortium and a former Customer Advisory
Board Member for Solutionary MSSP, NTT Global Security, and Oracle Web
Center. Craig can be reached online at LinkedIn and at our company website
http://www.inversion6.com.
Cyber Defense eMagazine – March 2024 Edition 197
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.