• United States




The technocracy is over – innovation is here, plan your security accordingly

Oct 13, 20155 mins
Cloud SecurityMobile SecurityNetwork Security

Information technology (IT) is going through an age of “technocracy” decline.  Innovations in the IT sector have made way for various platforms that can be leveraged to support employees’ workflows and processes. 

As a result, organizations are being confronted with the reality that they can no longer influence how employees use IT. As a result, security considerations must be as fluid as the new devices and technologies that facilitate their use.

Organizations not taking into account how these new developments both potentially help and hurt their businesses risk developing insufficient security strategies, as well as opportunities to further their products, services, and brand in the public domain.

Some of the most progressive developments in technology are indicative of this move away from technocracy trend. Four prominent developments have quickly taken hold and are influencing the way business activities have been traditionally done. These include:

Bring Your Own Device (BYOD): BYOD has allowed employees to use their own technology in support of their business activities. While the extent of BYOD use largely varies based on the organization, the ability to leverage personal devices has been popular for both employer and employee.

According to research group Gartner, almost four in 10 organizations will rely exclusively on BYOD by 2016, with nearly 85 percent of businesses allowing some level of BYOD by 2020. 

BYOD policies are indicative of the challenges that organizations are facing and must decide upon: on one hand, they can be cost saving and promote employee morale and efficiency. However, ensuring proper security procedures are in place and maintained is a legitimate concern, as BYOD can cover many different platforms and devices.

Cloud services: There is substantial literature identifying the benefits for organizations moving to cloud services, and the fact that more organizations are adapting this technology is indicative of the trend that is happening. The processes an organization would have normally provided and maintained in-house are now accessed via web browsers and hosted outside your organization usually with near unlimited storage capacity and backup/recovery capabilities. Still, security challenges persist in a cloud environment as well as how organizations ultimately rely on the security practices provided by a third party to safeguard the most sensitive of business information.

Mobile technology: There may be no bigger development that reflects the changing nature of our times than the adoption of mobile technology into our business lives.  The portability of technology has enabled us to conduct business on the go and increase our productivity. To think of our professional lives separated from mobile technology is almost an inconceivable thought. While security concerns continue to mount with mobile technology, its ease of use has made it a vital part of our professional existences. Even the government uses “secure” phones for both civilian and military business needs.

Social media: Social media continues to be a boon for both people and businesses. According to recent statistics, there are more than 2.2 billion global active users of social media, a global penetration of 30 percent. Businesses as well leverage the benefits of social media for marketing and branding.

A 2014 study shows that 81 percent of small and midsized businesses use social media. But social media is not just prevalent in the private sector. Government and military organizations all maintain social media accounts to increase transparency and open up additional communication channels to the public. Security challenges exist in this platform as well as taking care what types of information can be accessed.

What does this mean for our security environment? 

It is becoming increasingly difficult to conduct business without embracing one if not all of these innovations. At the heart of technocracy is the balance between streamlined efficiency and convenience, and security. While in some cases there may be a legitimate business reason that prohibits the use of one of these technologies, the fact remains for the greater private and public sectors, the utility of these are more beneficial to an organization than not.

For example, according to research conducted by a census company in the United Kingdom, 1,000 office workers in organizations of 50 or more employees used cloud storage services to support their workflows. This was allowed to happen because the companies did not have clear or else nonexistent policies with regards to use of cloud technology.

Another example showing this blurred line is organizations encouraging employees to synch their work and personal e-mails on their personal smartphones, thereby allowing employees to stay connected when not in the office. While the practice reduces the need for an employee to carry two phones, it does open up security concerns and potentially exposes the work account if the phone becomes compromised.

As IT security teams allow employees to utilize and access technologies outside an organization, it is important for cyber security strategies to demonstrate the flexibility of the advanced technologies they are trying to protect. 

The first step toward realizing this objective is recognizing that technocratic thinking of the past does not hold sway in today’s networked reality. Moving forward requires a holistic approach that incorporates embracing these innovations with an inclusive plan that includes security, policy, responsibility, and accountability. When it comes to the speed at which IT is developing, it’s certainly better to ride the crest of the wave then be left behind in its wake.


Over the last two decades Brian Contos helped build some of the most successful and disruptive cybersecurity companies in the world. He is a published author and proven business leader.

After getting his start in security with the Defense Information Systems Agency (DISA) and later Bell Labs, Brian began the process of building security startups and taking multiple companies through successful IPOs and acquisitions including: Riptech, ArcSight, Imperva, McAfee and Solera Networks. Brian has worked in over 50 countries across six continents and is a fellow with the Ponemon Institute and ICIT.

The opinions expressed in this blog are those of Brian Contos and do not necessarily represent those of IDG Communications Inc. or its parent, subsidiary or affiliated companies.