IT security leaders envision future security capabilities. Capabilities like Identity and Access Management or Threat and Vulnerability Management. Capabilities which enable the organization while disabling the attackers, built upon processes and technology. But there’s a problem. The technologies change. The threats change. Putting aside those change, we have to acknowledge that people aren’t adept at predicting the future. How do we design for the unknown while embracing our shortcomings?
By taking a page from Joe Colombo’s book. Colombo designed a series of futuristic rooms and furniture. The main goal of his design was variability. Each piece was versatile and modular. The overall room was reconfigurable and adaptable. “My design experiences try to create an evolutionary link between current reality and future,” is how Colombo described it. Evolution favors flexibility. As it is in biology, so too in technology.
When deciding between two options, choose the one with the greater variability. This increases the possibilities for handling future threats or technologies. We won’t always get it right. Take just technology. One of Colombo’s pieces couldn’t be produced until the plastics industry caught up. It took nearly 50 years, with the 4801 Armchair finally reaching production in 2011. That said, it’s better to have an unused possibility than have a need that the design can’t meet. To future-proof a security capability, design for versatility.
This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.Posted by