Information is the lifeblood of any organisation and, as is the case with actual blood, the consequences of the flow being blocked are just as serious as the consequences of some leaking out.
Clearly it’s essential that public sector organisations protect the data that they hold – that’s a given. None of us want to fall foul of the ICO and, much more importantly, we have a duty of care around our citizen’s data. Getting one’s data security house in order is key concern of any CIO.
But we have another duty – a duty to share information. Public sector organisations must share data internally and externally. Information is what we do – it’s our currency, our raw material, our tool and our product.
Back in 1999 Bill Gates wrote a book called ‘Business at the Speed of Thought‘ in which he set out his vision of how technology could transform an organisation. The point that Gates made repeatedly is that the speed that we do business is largely dictated by the speed at which we exchange data.
We do business at the speed of information exchange – if the information flow is blocked then we are in big trouble.
We should view any change to the organisation which impedes information flow with suspicion. This includes changes which are made in the name of ‘security’.
One of my favorite quotes is:
“A ship is safe in the harbour, but that’s not what ships are for”
(there is some debate about the origin of this quote but it seems likely that it was first used by John A. Shedd in 1928. I use this quote too often at work and at home – but it’s applicable to so many situations)
“Information is safe on a server, but that’s not what information is for”
If you want your data to be completely secure you should put it on a server, locked in a data centre and pull out the network lead. But that’s not what data is for.
Over-zealous security measures will impede the flow of information and your organtisation will be less effective. Most of the controls in the PSN code of connection, for example, are very sensible – but a few are draconian/ill-conceived and they have been implemented to the detriment of organisational effectiveness.
A big part of the role of the modern CIO is to be organisational warfarin – an antidote to the coagulating effects of pernicious ‘security’. If a security measure seems over the top to you then you need to push back.