Friday, April 24, 2009

Security as a service

Now that I'm part of a security company, I've been contemplating this security thing.  As a child of the seventies I notice I have a knee-jerk reaction to see security as a force of totalitarianism and control.  I find myself wanting to 'stick it to the Man.'

But here I am at Symantec, a company that is all about security.  I can either be grimly resistant to the whole focus of the company, or I can examine my attitude and try to find an approach that works for me.

Yes, absolutlely, the name "security" can be lipstick onto the pig of extreme, sometimes brutal control and inflexibility.  In the name of security you can make life miserable for people.  But I have to admit, you can't do without security.  It's a part of life.  In Berkeley-speak we call it "healthy boundaries."  If you have healthy boundaries, then you are actually more able to relax and be yourself.  If I think of it that way, my liberal genomes can relax a bit - "oh, healthy boundaries, that's OK."

I've also been remembering my volunteer offering of security at my place of worship in Oakland many years ago.  I remember the stance we tried to have in that role.  We were vigilant, we kept our eyes open, and were prepared to lovingly but firmly escort someone out of the building if they were dangerous or inappropriate.   But most of the time we were Just There.  We didn't have big badges or scowls on our faces.  We just stood there on the corner or at the door welcoming people and watching the world go by.

To me that's Good security - there when you need it, but quietly present when you don't.  It creates a sense of safety and comfort, not one of being hard-armed and constrained.

So, it's a delicate balance you have to play - you don't want to be too loose, and you don't want to be overly firm and harsh.  You need to catch viruses, but you don't want systems to run 10 times slower or exercise absolute control over exactly what applications people can run.  You need to balance risk against cost.  It's really quite a dancing act. 

But most of all, I believe you need to have the right attitude.  If you approach security with a feeling of fear and panic, you tend make decisions that are likely to be overly dictatorial (see the Bush years as an example).  But if you have an attitude of service, respect, and flexibility, then you are much more likely find solutions that work for everyone.

So armed with that attitude - an attitude of service and respect - I'm ready to go have some fun at Symantec.  Security as a Service.

No comments: