As I mentioned last week, the Secure360 conference was in town. And as always, it was a great show. I was pretty busy and had 3 different talks. The first was a 4 hour pre-conference session on BYOD. (slides here)
After talking about the history of portable devices and framing the issues with which organizations struggle, we did something a bit different.
In my past posts and, perhaps even more often, in my presentations, I often discuss connecting with the business. Security and IT folks often develop a kind of tunnel-vision in that we see all issues as technical issues with technical solutions. But the real work that an organization needs to do originates with the business areas. The organization exists to fulfill its business purpose and security and IT need to support this purpose.
Rather than always jumping to technical solutions to challenges, technical and security groups need to really try to understand what the business wants to do, and more importantly, why.
So, we split the room into 4 groups, each group playing the role of consumers of technology... doctors, lawyers, salespeople and systems administrators. The exercise was to really "be" that business person, think about these questions and tell their story:
- How would you use: consumer tech/apps; cloud; social
- How does it help you (the business person) serve the end customer?
- What do you need? want?
Each group discussed and then presented to the rest of the room. Here's what they came up with...
While some very good points were made, what counts here is not the quality or accuracy of the items. What counts is that we went through the exercise! What counts is that we had technology and security professionals trying to think like business users. We could all do this more often!