Humane Security

I would like to explore the idea of Humane security as an alternative to Mandated security. None of these terms exist, or, at least, are established terms from before, so allow me to explain what i mean.

In traditional computer security, corporate security, public sector security, and basically any high security environment, there’s a power structure where the user is told what to do and what not to do and that’s the end of it. There’s very little wiggle room or room for discussion. Do this or face the reprimand. No need to understand why. Follow the rules.

In what i would like to coin Humane security, i would like to turn the top-down security imperative on its head. The job of the security responsible is to enable a secure but desirable environment and foster a secure culture. In this secure culture, security is not a threat or a weapon, but the foundation on which to build a safe and secure environment where everybody understands why security is important.

Trying to parse this out will be my challenge.

Consider for a while, what kind of environment you would like to work in. You don’t need a separate work persona and off-work persona. You can talk with people. You can tell people that you have a bad day or that you want to leave early because your kid is having a concert. You are trusted and you are valued. You are listened to and you listen to others. You don’t dread or fear. Things just work. You feel like you can do your work. You do the right thing, because that’s the right thing to do.

These are markers of safety, the subjective experience of security. In a safe working environment, it’s okay, even encouraged, to tell if you found, or did, something that is against security. Doing so, will not get you reprimanded. Discussing security problems and even omissions will be a learning experience for you and for your org, and in the end, your org and the people within will be more secure. Allowing people to be human sounds like a fundamental component for humane security.

Of course you need to operate with security in mind. You need to understand that you, and what you do, is part of everyone’s security, but doing so shouldn’t feel like an unnecessary chore. It’s something you do because you understand why you do it, and doing things the secure way isn’t overly complicated. It’s a balance that tips towards “it’s worth it”.

Security can actually be a relief. Once you have a system in place where it’s easy to do the right thing and hard to do the wrong thing, you know that you can do your stuff without much risk of causing a catastrophe. It’s calming, and you can concentrate on doing your work. Good security is an enabler, bad security a hindrance. Thus, humane security, done right, is good security.

Still, as i started this post, this whole thing of humane security is still just a little inchling of an idea which i’d like to see grow. If somebody steals it and develops it as their own, well, tough, but in the end, maybe everyone will be more safe and secure, and i shouldn’t let my ego stand in the way of something that i feel is truly important.