User education and its impact on security, and security awareness, is in the news again. Gartner’s recent Nexus of Forces report (link below) describes the “convergence and mutual reinforcement” of four interdependent trends: social media, mobile, the cloud, and information. And what’s driving this convergence? The behaviors of users. It’s a development that is, according to Gartner’s research, actually rendering existing IT architectures obsolete.
If that sounds extreme, think about this: what sits right at the intersection of those four converging forces? The user. Not technology, not infrastructure, not software, but the user. Meaning, from an IT perspective, the point of control has shifted. The tenuous position of a technology focus built upon legacy architectures, processes, skills, mind-sets, and habits is becoming increasingly apparent: the consumerization and democratization of IT has forever changed the landscape of information security. The net imperative of this paradigm is a new emphasis on user education, behavior management, and culture change. As Gartner points out, “No longer can the IT department merely prescribe.” Now, it must persuade users that their behavior is critical to the security and the success of the enterprise.
So how prepared are you to deal with increasingly sophisticated, resourceful—yet potentially dangerous—users? As industry experts Dr. Larry Ponemon, Dr. Kenneth Knapp, and others assert, top executive support combined with user awareness training is absolutely essential to navigating the changes that are now upon us. “Start there,” they say, “with the users, and then address the technology issues.”