At many businesses today, there’s a fight between workers and their information
technology (IT) departments. Employees want to use instant-messaging programs
to communicate or export documents to Google Docs, while company security
officers get heartburn at the idea of so much company data being scattered
around.
At the keynote address this morning at the Black Hat computer-security
conference in Las Vegas, Douglas Merrill, who recently left EMI Music’s digital
group and was formerly chief information officer and vice president of
engineering at Google, said that companies should reconsider this adversarial
relationship.
According to Merrill, studies show that employees can increase company
returns when they have the freedom to innovate by trying new software and new
workflows. However, those returns disappear when employees are made to feel
that their activities are illicit.
As an example of how companies can give workers freedom without compromising
security, Merrill described his experience at Google. “Google’s
engineering culture was all about working the way you want to work,” he
said. Employees could use any operating system and work from any convenient
location–the office, home, a coffee shop, or wherever. As a result, it was
impractical to rely on traditional security solutions, such as installing
antivirus software on each device employees used.
Instead, Merrill said, Google addressed security by building up its
infrastructure. For example, the company put antivirus protection on its mail
server, which is the main source of viruses that infect the network. They also
watched their network traffic patterns for any unusual spikes.
Merrill said that companies need to find new ways to accommodate employees
while also securing their systems. Trying to change behavior, like asking
employees to stop using instant messaging, only stands to stifle innovation.
Don’t settle for half the story.
Get paywall-free access to technology news for the here and now.