Clients often ask, how much is enough and how much is too much to spend when designing a security program?
My usual, tongue-in-cheek short answer is, depends on your tolerance for risk.
Without question there is always a pressure on reducing the cost of security spend. More and more frequently, enterprises are looking to technology to provide cost-saving solutions for risk mitigation. It is prudent to be cautious when implementing technology because the science is far from exact.
By the time you realize you’ve underspent it is often post incident.
Out Factoring Ourselves
In the span of just over a decade we have gone from the novelty of smart phones to smart houses to now depending on smarter than us virtual assistants named Alexa and Siri to make our lives easier. And, as of July 1, 2019, Florida joined the handful of states that allow self-driving cars on their roads. In the midst of this rapid, ever-evolving tech, we are still nowhere close to approaching the apex of the digital age.
As AI and adaptive processes streamline our busy lives and revolutionize every industry by enabling businesses to do more with less, it is also, at the same time, eliminating the need for a person to do it. Most of the tech solutions we encounter today fall under the category of the Internet of Things (IoT), but just around the corner is the “Internet of the Body and Mind.” The merging of human and machine is evidenced in recent announcements that 3D printing will soon print artificial hearts and, as Elon Musk hinted in April of this year, a brain-machine interface that hooks human brains to computers is “coming soon.”
No longer is it so far-fetched to wonder if by creating machines that can learn, are we making humans irrelevant? Competing with machines for jobs is more than pause-worthy. AI combined with machine learning and 5G will unlock data at warp speeds, generating analytics that will overwhelm humans, but not machines.
Balancing the Products
While technical solutions can certainly be less costly than employing people, most industries still prefer the thinking human over the well-oiled teaching-thinking machine. Considerations of compatibility, knowledge and skills necessary to help to optimize deployment of new technologies must be prioritized.
The ideal approach, in this middle stage (possibly golden age) of the digital evolution, especially for corporate security programs, is striking the right balance between technology and people. Understanding the limitations and strengths of each is key. For example, integrated systems help to reduce the delay between data collection, automate analysis and make recommendations that help humans make better decisions. This is technology that serves to improve productivity and enable security professionals to be more responsive and accurate in emergency situations. In another scenario, using mobile robots for monotonous patrols and leverage security personal for engagement and personal customer service delivery is a married solution that capitalizes on what each does best.
How Much Technology is Enough? How Much is too Much?
As these new technologies develop there arises a concurrent need for governance that must be consistently, even globally applied. If not humans, who will enforce that? Bill Gates posed an interesting perspective on the notion of robots taking over humans’ jobs: When we work, we pay taxes and generate revenue to support infrastructure and our governments. How will machines replace this revenue source?
At some point, we may reach the boundary where technology is too invasive and the pendulum will undoubtedly swing back and humans will resist machines. For now, the trick is in finding the equilibrium of people and technology.
About the Author:
Stevan Bernard is a security technology consultant for Allied Universal. Between 2002 and 2018 Stevan led Sony Pictures global protection services with responsibility for the CSO/CISO function, investigations and forensics, physical security, BCP, environment, medical, major events and protection, employee health and safety. Prior to this he worked in high-tech, energy and law-enforcement. His tour in the US Army included a year in Vietnam being awarded the Bronze Star. He is a Certified Fraud Examiner, has a BS degree in Criminal Justice, an AA degree in Psychology and is a graduate of the FBI National Academy.