The New Economics of Security

It costs money and time to protect your company right now. Look for unconventional solutions to the problems.

Last week I was in Caracas, Venezuela, at a conference on knowledge management run by PDVESA, a Venezuelan oil company.

The petroleum industry is one of the biggest beneficiaries of knowledge management.

It has a lot of highly technical expertise, many expensive, complicated machines and processes, and extraordinary geographical reach. Because Murphy’s Law is internationally enforceable, you can almost guarantee that when something goes wrong on a rig in the Caribbean, your best experts will be in Indonesia. Consequently, the oil industry as a whole is probably the world’s most advanced user of intranets and lessons-learned databases, libraries of video clips, and videoconferencing technologies — all the toys and tools that allow people in different locations to share knowledge and come together as virtual teams to solve problems anywhere in the world.

Of course, Murphy’s Law applies to all that technical gimcrackery too.

Someone from a major oil services company and I were swapping stories in Caracas. He told me his company was so badly hit by one of last summer’s computer viruses that access to the Net was shut down, along with a lot of internal systems. Suddenly, all those connections between engineers around the globe were severed. No one knew what to do. If someone in the North Sea needed to collaborate with someone in Houston, they could call or fax, but it wasn’t the same. Furthermore, no one knew whether the system would be shut down for an hour, a day, or a week. “For the first hour or so, people stood around and did nothing,” my friend said. “Then they went and started tidying up their desks.”

This summer my co-workers and I endured a similar problem, a screwup involving the Time Inc. firewall. I’d gotten up early — “geriatric daylight time,” a wag at the gym had said — because I had a ton of stuff to do. I arrived at the office, fired up my e-mail, and … nothing. Tried the back door, via the Web … nada. Tried another e-mail account … zilch. I said, “Phooey,” or words to that effect. It was 8:15 in the morning, and the techies wouldn’t arrive for three-quarters of an hour, nor be compos mentis for a while after that. How, I tried to remember, did we put out a magazine six years ago? It was noon before anyone could access the Net, and then everything was slow and interrupted. Colleagues’ faces wore that vacant expression you see at airports these days.

“Normal” is now different.

Companies worried about such inconveniences will have to protect themselves against more than just digital gremlins, including the very real threat of people intentionally taking steps to disrupt their business — or worse. Whether it’s computer security, building security, transportation security, or border security, more is needed and it will cost time, money, and productivity. Michael Hammer, the reengineering guru whose excellent new book, Agenda, is just out, puts it this way: “A whole set of boundaries are going to be raised higher than in the past. This has the potential of undoing a lot of what’s been done in the last 10 years, putting back a lot of non-value-adding overhead.” Some of this is obvious. I pass three checkpoints on my way into our building these days. Bomb-sniffing dogs search all delivery trucks. Whatever that costs, it ain’t chicken feed. Eventually some of this will be automated — but that equipment won’t be free.

Challenge is opportunity and necessity is the mother of invention, and now’s the time for it.

The right way to think about this, Hammer says, is in terms of balancing trade-offs — or rather, rebalancing them — to account for new economics. He offers a comparison: “I remember when people were cheaper than computers. So you maximized machine utilization. Computers worked 24/7 and made people wait in line to use them. Today the balance has shifted. Most office workers use their computers four or five hours a day. Someone from 30 years ago would be horrified to see it.”

Security is expensive.

You can, and you will, find ways to trim its cost — incremental improvements. But the big opportunities will be radical ones — possibilities that were uneconomical before, the way $30 barrels of oil would make solar energy work. There will be more inventory backed up in transit; how, then, can you use less in other parts of a manufacturing process? Air travel takes longer, but office space is cheaper: Can you suddenly afford branch offices close to big customers?

The biggest potential is in areas that seem entirely unrelated to security.

(You might say they are “out of the box,” but don’t use the phrase around me.) Inspections will perforce make it harder to do business. Counter, therefore, with a companywide effort to become easy to do business with. That means doing things like running more accurate size charts in mail-order catalogs so customers make fewer returns. It means better sales training and more precisely written brochures, for the same reason, and automated systems that make it impossible to order incompatible components for high-tech products. Simpler — much simpler — billing and payment procedures. Better help-desk service. Redesigned voice-mail phone trees. Improved package tracking. In every big, little, venturesome, and mundane way, look for what theologian Reinhold Niebuhr prayed to find in his life: grace to accept with serenity the things that cannot be changed, courage to change the things that can be changed, and the wisdom to distinguish the one from the other.

Posted by on October 16, 2001