There is a great deal of research that shows we need to start trusting users. Now the concept of trusting anyone will leave many security professionals having mild panic attacks, don’t worry guys, there is help available!
So why should we trust our users? Well let’s take crossing the road, when you teach a child to cross the road are you teaching them to only do it with you? I don’t think so, you’re trying to teach them to be independent, and you give guidance so that they develop the skills to cross the road when you’re not there. They can adapt these skills for all different types of road, it’s part of them growing up and you are looking after them best by teaching them to be able to do this without you.
OK, now let’s look at the corporate security department, taking the same analogy you should be able to remove all your security staff and the company would still be secure. The employees would be able to work in a secure way and look after the company. Health warning.. If the first paragraph caused a panic attack, you’re probably on the floor in a mess by now.
Technology is changing and corporate control is reducing and consumer technology can do more. So maybe it’s time to look at the needs of the employees. Enforcing a policy on a device is really not a great long term solution. We need to get better at being able to know our users will do the right thing for the company.
Our user education needs to be at the same standard as the child crossing the road, that’s not to say we should not use technology, just that its only part of an overall package.