Bas van Abel found his personal values in conflict with his technology use. Namely, his phone. He set out to bring these two into alignment and, in doing so, designed a phone and launched a company in 2013. The Fairphone aims to be as socially conscientious as possible throughout the supply chain and throughout the lifecycle. Fair mining of raw materials. Fair manufacturing conditions. Fair trade. Also, dear to the hacker ethic? Repairable and modifiable. Build a fairer phone, build a fairer world, that was the design inspiration. You can listen to Bas van Abel on the TED stage: Changing the Way Products Are Made.
People have strong personal values. Companies have corporate values. Hopefully, these values are in alignment. Ideally, people and companies follow their values. If they don’t, well, then values aren’t much of a design consideration. But when we have stakeholders with strong values or a value-driven corporate culture, adoption of our security controls goes much faster and much farther when the security design reflects those same values. Before you think IT security can’t reflect values, remember people thought the same about phones before Fairphone.
It will take work to frame the initiative in terms of values. For example, imagine our initiative is a Zero Trust Architecture and our corporate values include an open culture and a culture of trust. At first glance, the security and the value are at odds. But hold on. What if we position ZTA to increase the openness where possible, while reducing access only where risky? Good. What if we use ZTA as a technology to codify a culture of trust? Better. This example is one initiative but the idea scales. We can design a full security program, say with NIST controls, tied to strongly held corporate values.
If it can be done with a smartphone, it can be done with a security capability. Reinforce organizational values to gain support, speed implementation, and further adoption.
This article is part of a series on designing cyber security capabilities. To see other articles in the series, including a full list of design principles, click here.Posted by