Paul Proctor- VP Distinguished Analyst and Tom Scholtz- VP & Gartner Fellow at Gartner
As digital business grows and adds vast amounts of new elements, data and dynamic interrelationships to the organization; the role of people becomes essential to enterprise security strategy. Gartner has described the need for organizations to implement People-Centric Security (PCS) to emphasize individual accountability and trust versus restrictive, preventive security controls.
This move from the digital machinist approach to the digital humanist context, requires that security professionals understand human behavior, tendencies, and experiences in order to be successful, according to Gartner analysts Paul Proctor and Tom Scholtz.
Organizations can begin by creating a Digital Humanist Manifesto that starts and ends with people, embraces serendipity, and gives people space.
Start and end with people
A security approach that starts and ends with people begins by observing how people behave, learning from that behavior, and evolving the system based on how humans use it. This approach is founded on the principle that people are the strongest link in the security chain and therefore must be educated about why their role is essential in keeping the organization safe. “Give people the freedom to fail if necessary, as long as they learn,” Scholtz said.
Embrace serendipity
By following the “autonomy principle,” security professionals allow people to figure out for themselves how best to use technology through experience and sharing with each other. The community principle encourages the desired security-conscious behavior and encourages openness, sharing of motives, actions and risks. In the end, it’s about allowing people to make and own responsibility for their decisions.
Give people space
When Facebook experimented with emotional cognition by tweaking what users’ saw and their reactions, it crossed a creepy line. Organizations should remember let people use technology without infringing on their individual space. A digital humanist approach to security keeps this in mind and acknowledges the balance between a culture where people push the boundaries to get away with as much as they can and one where the organization takes a “machinist” approach with features that maximize efficiency at the expense of usability.