Security: Not just a technological problem

Every incident of terror now is proximate to us. Guest columnist Peter Burris says decisions about security, as a social good, should not be left to technocrats.

COMMENTARY--Security is all about knowing and trusting that someone else is paying attention to matters of safety, rights, etc., such that we, individually and in the groups that matter, can focus on living our lives.

Today, the world finds itself feeling more insecure perhaps than ever before. Why? Because we don't know exactly who or what would do us harm, but we have the means to quickly learn about every single horrific act that happens everywhere. Our condition today is less like a time of war than a time of plague: our global village is under attack from an unseen, poorly-understood contagion and we are watching our "neighbors" suffer horribly on TV. Every incident of terror now is proximate to us.

Consequently, the living of our lives is in significant flux. And, we're clamoring to take steps to return to a state of relative normalcy--essentially a situation where we can go back to letting the "experts" look out for our security interests.

However, we all know that each of us individually will be called upon to learn new roles, be aware of new things, and exhibit new behaviors to enhance our individual and community security. The debate regarding what is expected of each of our leaders (both political and commercial), the experts, and us is just taking shape.

As I see it, the debate will hinge on the interplay of three elements:

* Security, which I'll generally describe as a measure of certainty that outside human forces won't totally mess up my day;

* Privacy, which I'll generally describe as my right to withhold information about what it is to be me (or, to put it into today's technospeak term, my "identity"); and

* Inconvenience, which I'll generally describe as the price I pay in the form of tasks, actions, behaviors, or disclosures that I must suffer to make sure that being me doesn't undermine someone else's security.

Central role for business leaders
Now, I'm not going to try to suggest the optimal organization of these elements. But I will suggest that business folk that don't understand the critical importance of their voice in this debate, which will be most clearly articulated by the way that they adjust and evolve customer and partner interactions, are going to lose business--lots of it.

Business leaders must take a central role in this discussion. Security is not a technological problem, per se. It is a social problem that can be attended--partly--by technology. Ultimately, policy and process are much more important to generating security than products.

To acquire greater security, business will foist greater inconveniences on customers, largely by forcing them to disclose, either directly by gathering personal information or indirectly by coercing different behaviors.

Customers will accommodate new inconveniences. They'll learn new ways. They'll factor new requirements into their lives.

But they also--absolutely--will respond to excessive, onerous, or stupid security practices by changing their buying patterns, not just in how they substitute one class of product for another ("Normally, I'd fly, but I think I'll take the train to Boston"), but more subtly in how they swap suppliers within a single product class ("Despite my frequent flyer status, I'll go with a smaller airline carrier that doesn't have the huge check-in lines").

Indeed, I think that this is so important that convenience will become a critical brand element in all industries--not just fast food--over the next year. Along with trust, maybe the critical brand element.

Moreover, I expect that the real lobbying effort in Washington won't focus on bailouts, but rather on making sure that government-mandated security precautions are universally applied across industries and their close substitutes. Pretty soon you won't be able to purchase a nail file in a train station, either.

The key thing to note, here, is that decisions about security, as a social good, should not be left to technocrats. Your company's brand already was subject to the actions of your IT organization, and your partner's IT organization, and your IT suppliers, etc. But delegating this critical element of the face your company shows to your customers is a recipe for disaster. Any decision that changes the customer experience must not be left to your company's--or anyone else's--security "experts."

The tech industry is going to respond to the call for new security forms with some phenomenal stuff. Partly, this is because few industries historically have been as sensitive to securing business as tech companies; this experience will be shaped into products and services and transferred to customers through markets, as it should be.

But quite frankly, I am afraid that the debate will focus on the perceived magic of technology; that privacy will be treated as a disposable asset, when in fact it is a cornerstone of every capitalist democracy; that few connect the dots between inconvenience and security; and that excellent brands and highly trustworthy businesses suffer as a consequence.

Peter Burris is an industry analyst and Meta Group research fellow.