It’s performance time again!

Folks, we’re in the midst of performance appraisals again. Yes, I used the dreaded ‘appraisal’ word because it heavily embedded in our culture.  But I wish that it wasn’t about appraisal in the sense of judgement.  It makes employees nervous and fretful, and gives managers headaches about what to say, how to say it, and how to deliver bad feedback.  What I really wish for is a world where:

• employees look forward to the performance review cycle as a meaningful way of having a chat about how they are doing in their role
• managers feel comfortable with reviewing an employee’s performance, giving good concrete examples of desirable and undesirable behaviours
• employees have a crystal clear picture of the year ahead, and the expectations that the manager has

Sometimes we focus too much on having a good computer system to help with the performance review.  But in truth, the computer system is just a way of supporting the process.  For employees and managers to derive value from the process, they have to engage with open minds and with a willingness to learn.

Dune, the Maginot Line, and Wikileaks

How comfortable are you with sharing data within your organization these days?

The news surrounding Wikileaks, especially the possibility of it extending to the corporate world, has put a chill into the notion of using technology to increase sharing and dissemination of data. It was, after all, efforts to improve sharing of information across various government agencies that enabled just one individual to access huge amounts of sensitive data that then ended up being made public.

What can be done?

Meet the Mentat

In Frank Herbert’s “Dune”, addressing the vulnerability of technology was taken to the extreme. Rather than trusting important information storage and calculations to machines that could be compromised*, human “mentats” were used. These were individuals trained to have superhuman cognitive and analytical abilities and basically removed the technology factor and its inherent weakness from the equation completely. But the value was still there; the need for it had not gone away.

Well, we can’t train mentats yet, so we’re stuck with computers, networks, etc. to provide the storage, analysis, and collaboration value we need to be competitive. But we’ve seen already just how vulnerable we are when these systems are compromised. We store so much information in these systems, both for the ability to recall it when we need it as well as to gain powerful insights through analysis of it. We also get huge value from collaboration technologies, but they can also make us susceptible.

So what to do? If we can’t eliminate the technology, should we instead look for that perfect technological solution?

Fighting the Last War

The Maginot Line was built after World War I, with the memory of the horrific casualty rates of trench warfare etched into strategists’ minds. The technology of rifles, machine guns, and artillery had reached peak lethality, so the mindset of “defensive” technologies took hold. What followed was intense research into creating an impenetrable defense to virtually “guarantee” that the enemy could not attack successfully. The technology was impressive, but ultimately ineffective, because the ways used to defeat it never came into the thinking of its design.

So it is that much of the mindset around information security is about trying to set up impenetrable defenses to “guarantee” the security of sensitive information. Well, just as the Maginot Line proved less than effective during the subsequent blitzkrieg warfare of World War II, so it is that current information (and airport, etc.) security measures and strategies frequently turn out to be not as effective as we would like. Instead, we see what seems to be a lot of “reactive” steps, such as forbidding removable media, backscatter x-ray, etc. put into place after the proverbial horse had left the barn.

But this doesn’t mean technology has no part to play, either.

Technology + Mindset

So let’s bring a science fiction novel, a military misstep, and current events together. The point is that neither eliminating technology nor just depending on technology is the answer. We must instead constantly be questioning our mindset regarding information security and technology’s role in it. Whatever the technology, it is ultimately people, their thinking, and how they apply technology that determines the success of security, or the lack thereof.

————————————————————————-

*or worse, turn against their human masters (but that’s not an issue for us to concern ourselves with, yet.)

Dune cover via Wikipedia

Hochwald historic photo via Wikipedia