Information Technology (IT) Management (ITM) is a polarity requiring balance between ease of  use and security.  Ease of use includes accessibility, compatibility, performance, and GUI attractiveness.  Security includes non-repudiation, protection, information integrity, data assurance, and defense.  Both of these characteristics of any information system are desirable, admirable, and valuable.  They are also usually valued very differently by diverse groups of system users.  Unfortunately perfecting either is impossible and mutually exclusive.

As a primer on this classic information management conflict, I located a few insightful resources around the interwebs:

  1. TaoSecurity: Daliy Incite – Mike Rothman Is Right
  2. InfoSec Paper: Creating Business Through Virtual Trust by Kenneth F. Belva
  3. Adventures in Security: Insider threats: The pendulum Swings
  4. Bureau of Labor Statistics: Computer Support Specialists and Systems Administrators

My point is not that one of these attributes is more important, desirable, or better than the other.  I see a lot of IT Departments that are obviously aligned much more in favor of one than the other.  Most of them don’t even realize that they have slowly drifted there over time with the best of intentions.  Which sounds more like your System Administrators?  Are they bending over backwards to support every individual user, box, and system by constantly tweaking, purchasing, and upgrading to deliver the bleeding edge of Web 3.0 to everyone?  Or, have they locked down your organization’s network and computers so much that you cannot get to personal email, Facebook, or even make online purchases at Amazon?  I only wish to point out that rather than an either/or, one is better than the other, pendulum swing between, or unpredictable situation, the reality need to be much more dynamic.  A great book that describes the proper frame of reference is Polarity Management: Identifying and Managing Unsolvable Problems by Dr. Barry Johnson .

The Learning Exchange has a great summary of  Polarity Management:

"Polarity Management is powerful tool that leverages the best of apparent opposites resulting in win-win solutions. Many challenges are not problems that can be solved with either/or solutions. Rather, they are dilemmas or polarities to be managed. Polarity mapping provides a complete picture of the interdependent opposing forces that often create gridlock. Working with the upsides of both poles, predictions can be made for the types of change that will result from any strategy." (link )

You should think of usability and security as trying to move the positive poles of two magnets near each other.  There is a stable resistance point where they will stay, but if they are forced any more closer they deflect and end up ruining any hopes of stability.  Like the author says, there is no such thing as being only in the state of inhaling or exhaling, you need to always be in the perfect balance as you manage the breathing polarity.

I think that IT Departments fall into this predicament for all the right reasons by either thinking of themselves only as customer service agents (i.e. Help Desks) or bounty hunters (i.e. Information Security Departments).  I think that a better metaphor is that of a local Police Department… you know the ones that paint “To Serve and Protect” on all of their police cruisers.  These folks are the ones that may just as likely receive an emergency call about a cat in a tree as a homicide.  They never allow themselves to get stuck in either serving or protecting modes – they must always be a little of both.

Let’s all try to help our IT Departments learn to balance their inner policemen – learn to balance protecting and serving – learn to balance ease of use and security.

Do you think that I characterized the role of the IT Department correctly?

That is my Information Technology Thought of the Day (ITTOD) for April 7, 2009 ©Scott Coughlin .