When was the last time you enjoyed the rare luxury of an empty checkout lane at the grocery store? That feeling you get when you can quickly unload your cart, pay via your cell phone and whisk through the checkout, barely breaking stride, is almost exhilarating. We all have too much going on, and we welcome anything that removes a barrier in our lives. Ordering your lunch before you get to the restaurant, refilling a prescription without having to talk to anyone, paying your bills without writing a check or using a stamp—okay, I may be dating myself with that last example, but you get the picture. Technology has become a transformational force for everyday experiences. That's a fact of life in this digital world, where obstacles seem to magically disappear where technology is introduced.
Today, technology is removing friction from all kinds of daily processes. Increasing convenience and efficiency has become a driving force for digital transformation in organizations, whether that means implementing facial recognition technology to speed up airline security and boarding processes or brokering data to provide targeted marketing. In those cases, removing friction is certainly a positive. But from a risk and security perspective, it creates the potential for a troubling outcome.
Think about it: Frictionless experiences smooth the rough edges of systems—whether information systems or physical systems—so that everything happens faster and more fluidly. But what does this mean in tightly coupled systems, where each component has an intimate connection with the previous and subsequent steps? That question has been the subject of many authors researching massive system failures, including Karl Weick and Chick Perrow, who explored work based on "systems theory" and the reliance and interdependence of large systems. A tightly coupled system operating with minimal friction can be beautiful to behold when everything is running smoothly. But throw a wrench into the works and the system can suffer a major blow, the impact of which will reverberate through all its tightly coupled components. That's how a data breach can go from one compromised credential to millions of personal data records in what seems like no time.
Facial recognition and data brokering are examples of introducing technology to reduce friction—and of the price that must be paid. People enjoying the advantages of using facial recognition to speed through airplane boarding and customs give up some privacy in the process. Companies storing and selling oodles of personal data risk exposing consumers to the prospect of having their data compromised (not to mention having discussions about whether it's a good idea to freeze the credit of your one-year-old).
Privacy isn't the only cost of a frictionless life. Highly automated systems, from the power grid to the manufacturing floor, rely on tightly coupled infrastructures that introduce potential resiliency risks. Single points of failure in these systems can lead to devastating outcomes and must be addressed with additional technology investment. Most often the benefits of automation outweigh the risk and increased investment, but there is still a cost.
The effort to reduce friction has long been a thorn in the side of security. When you provide convenience, security often suffers ("Hey, I know—let's just require a 6-character password!") In some cases, it may be worth bending long-held security tenets to deliver convenience. In others, technology may not only add convenience, but also improve security. Fundamental to understanding the trade-off is having a clear picture of the risk involved, which means analyzing the likelihood of a negative event and the impact of the event. As companies go through digital transformation, with the goal of helping their customers live a frictionless life, they must constantly analyze the trade-offs. In taking on new digital initiatives, some things aren't negotiable, like personal data privacy, or health and safety. Other risks must be balanced against benefits.
Risk, security and compliance functions are experiencing an existential shift in the modern enterprise. Traditional approaches to managing risk have become less relevant as organizations move towards digital business. The idea that annual or quarterly risk assessments, manual compliance checklists or stitched-together security architectures can adequately address the needs of a fast-moving enterprise no longer holds up.
To address potential exposures, an integrated strategy that enables organizations to innovate while managing risk is one of the most crucial ingredients for evolving business operations. Organizations must manage and coordinate cross-functionally, with more agility than ever, to keep a sustainable and evolving business. Someone once said the best things in life are free, but they might feel differently in the digital world—where there's always plenty to be gained, but also often a price to be paid. Successful digital initiatives happen when organizations can determine whether the benefit is worth that price and proceed accordingly.
You've probably heard the expression "an ounce of prevention is worth a pound of cure." Well, if removing friction is the cure for everyday inconveniences, just be sure to also include that ounce of prevention by taking steps to manage your risk.
# # #
Learn more about mitigating digital risk in the pursuit of digital transformation at rsa.com/digitalrisk.
Join the #TalkingDigitalRisk conversation on Twitter and social media by following @RSAsecurity