Tech: Don't shut out customers with IT security

Not only can IT security be breached easily, but it also starves companies of customer contact

Security was simple in the Middle Ages. You found a steep hill and built a castle on it. Add a few walls and ditches, and you felt pretty secure.

There is one problem with this strategy - most castles were starved, not stormed.

Locked inside the castle, the inhabitants had limited access to food. The attackers just sat outside and waited for them to starve. While they waited, they ransacked the surrounding estates. To be truly secure, those inside had to leave the castle and face the assailants.

IT security is like that. We build a 'keep' at the centre of our organisation and surround it with firewalls. We write policies shutting out the outside world. We tell everyone how dangerous that world is.

Then, we sit back and wait to starve.

We starve ourselves of customer contact. Our customers chat about us. They share photos of our products. When we restrict access to social media, we begin to look out of touch.

We starve ourselves of partnerships. We sell through a web of intermediaries. We buy from a complex supply chain. We work with many partners along the way. If we put walls around ourselves, those partners go elsewhere.

Cutting off feedback

We starve ourselves of innovation. Walls cut off feedback. They reinforce innate tendencies toward tribalism and 'groupthink'. Safe within them, we generate safe and stale ideas.

This sort of security is an illusion; perfect barriers don't exist. The more that people rely on technical defences, the more exposed they become to subtle, socially engineered attacks.

Worse, the illusion cuts us off from opportunities. Consider P&G's's open innovation programme: more than half its new products arise from collaboration outside the corporate walls. Tesco and Virgin Atlantic have used similar models.

Of course, the world is dangerous. Bad guys exist. We need technical defences. However, we can't lock ourselves away in castles. Eventually, we need to go out and face our attackers.

Graham Oakes is a technology consultant. He can be contacted via or His book Project Reviews, Assurance and Governance is published by Gower.


True security depends on human vigilance and action. A secure organisation equips its people to deal with threats.

It educates them about:

Rationale - Why is security important? What might attacks cost? This requires balance: we need to make the threat real without scaring people into inaction. Scare tactics are counterproductive.

Recognition - What does an attack look like? How can we recognise threats?

Response - How should we respond to attacks? How do we take opportunities without exposing ourselves to unnecessary risk? How do we balance risk and reward?

Practise - A sword is useless if you haven't regularly practised with it and don't know how to use it. The same goes for our security tools: people need to know how to use the tools we install on their machines.

This doesn't preclude the need for corporate firewalls and intrusion defence. We need such infrastructure, but as a support for personal defences, not as a replacement.


Before commenting please read our rules for commenting on articles.

If you see a comment you find offensive, you can flag it as inappropriate. In the top right-hand corner of an individual comment, you will see 'flag as inappropriate'. Clicking this prompts us to review the comment. For further information see our rules for commenting on articles.

comments powered by Disqus
Brand Republic Jobs

subscribe now


Oasis #springasmile digital campaign gets people doing good deeds
Coca-Cola: 'Don't approach bloggers with a fait accompli'
Tesco CMO Matt Atkinson: 'It is so important not to stereotype mothers'
McDonald's gives Ronald a new look ahead of global 'Fun times' social media push
In pictures: BrewDog opens first craft beer shop BottleDog for 'beer aficionados'
Facebook ad revenue leaps $1bn as it invests in targeting
Malteser or Maltesers? Mars takes Hershey trademark dispute to court
Apple Q2 profits top $10bn as iPhone sales soar
Lynx tells men not to leave love to fate
HBO captures awkwardness of watching sex scenes with parents
Primark to open first US stores with Boston chosen as flagship location
Marketing spend on the up but a reality check is needed before celebrating
Top 10 ads of the week: Jackpotjoy and BT Broadband fend off Kevin Bacon
Lidl beats Tesco to 10m Facebook fans
Center Parcs ad banned for encouraging parents to take kids out of school
Coca-Cola, Cadbury and Amazon named top brands for targeting youth market
Leaked document shows Nokia to be rebranded as Microsoft Mobile
Nike lays-off hardware staff in move that casts doubt on future of FuelBand
Greenpeace says save the bees or humans will die
What brands need to know about changes to VAT and online downloads in 2015
Jimmy Savile victims urged to claim compensation in new ad campaign
UKIP launches biggest  ad campaign and stirs up 'racist' accusations
Apple boss Tim Cook provides voiceover on ad touting firm's renewed green commitments
John Lewis walks consumers through its history to celebrate 150 years of business
Waitrose boosts content strategy with 'Weekend Kitchen with Waitrose' C4 tie-up
Hottest virals: Cute puppies star in Pedigree ad, plus Idris Elba and Fruyo
Amnesty International burns candles to illuminate new hope
Tom of Finland's 'homoerotic' drawings made into stamps
Toyota achieves the impossible by calming angry Roman drivers
YouTube reveals user habits to appeal to 'older' marketers