Information security practices are influenced by the geography of operations, the culture from that area, and the industry in general. The trust found within a community, as highlighted by Bruce Schneier in Liars & Outliers, allows the wheels of society to move forward. Said wheels also myopically continue as researched by Steven Pinker. To provide a bit of elaboration on these three points, let me elaborate briefly:
- Geography of Operations – This trust though is based on, in part, on proximity. Individuals are more trusting to those within the same community (however you define this works out to the same result).
- Culture from that area – “Trust non-kin is calibrated by the society we live in. If we live in a polite society where trust is generally returned, we’re at ease trusting first. If we live in a violent society…we don’t trust easily and require further evidence…” – Pg 37
- Industry – Familiarity also engenders trust within an industry, i.e, a doctor working with another doctor automatically introduces a level of confidence and trust in the communication and mutual activities.
Ultimately, Culture is King. It is the culture that defines an organization’s DNA and differentiates them in the market space. The experience one encounters with the Culture of a Google vs. Microsoft environment is palatable. One or the other is not right or wrong, but the Culture is different nonetheless. The challenge is that the Culture MUST change in a world where these principles are violated.
History and biology have proven that when an aggressive culture that doesn’t need to trust as it is the aggressor is introduced into a culture that doesn’t share that culture – the Aggressor always wins. This is highlighted across numerous examples of entire societies being destroyed / absorbed in Guns, Germs, and Steel. A biology example would be the Chinese fish that had invaded the ecosystem in the Great Lakes, and is destroying the current biology.
Ultimately, all systems are connected – regardless of the geography, culture, or industry. Therefore the concepts and methodologies of organizing go to market strategies; deployment of new technology, and simply sustaining competitive operations requires a reframing of the trust model. In essence, the culture of the organization where technology is introduced must be adapted to fit the more aggressive, violent, and hostile landscapes in the world.
Strategically speaking enterprises may operate locally, but must be governed with a global perspective. Such can and must include the geopolitical risks globally, the global value of the intellectual property, and be adaptive to the degrees of risk that is introduced at any given time.
Technologically the deployed systems must be considered and ensured that the trust equated into the system controls is configured aggressively. An example – the classic firewall rule strictness and ‘Deny All’ must prevail, yet in some cases I have seen this not to be true. Be mindful of the connectedness of these systems in the global community.
The impact of culture on an organization’s decision to survive competitively starts with trust – in the systems, the people, the process, and the market.
Thoughts?
James DeLuccia