There are three pillars to the classic PPT Framework for organizational management, initially coined by Harold Leavitt in the 1960s: People, Process, and Technology.
This framework greatly informed the early days of cybersecurity as initial industry thought leaders, like Bruce Schneier in the 1990s, constructed their approach to security and privacy specifically around these three elements.
This framework continues to influence our thinking even now. You’ve probably heard time and time again about the chronic shortage of available talent in the IT security industry; or the lack of adherence to policy standards and best practices by far too many businesses and organizations; or the repeated weaknesses in technology (zero-day vulnerabilities, supply chain attacks) that malicious actors exploit. Each of these IT security challenges are addressed by the PPT Framework.
This PPT Framework helped us formulate our Safe Networks Philosophy, built around a desire to live in a world where we can trust our systems to bring us together and allow us to securely collaborate and tackle complex problems as a team.
When we were thinking about Safe Networks, we were informed by the ways our societal communities strive to achieve safe neighborhoods and safe streets, free from crime and fear. When the term “Safe Streets” is invoked as a metaphor, we all know that the ultimate goal is not to safeguard the asphalt and pavement itself, but rather to strive for safety in the communal spaces that we share.
Similarly, we think of “Safe Networks” along the same lines, invoking the shared goal that we can collaborate, communicate, and operate freely with the technology that connects us. Our networks allow us to create, share, and store data in ways that enables commerce and community. Our networks are the cyber-roads we travel on when we work and collaborate with teammates or customers alike. And our teammates and customers very much want to trust that our connections are always reliable and used solely with good intentions and even better outcomes. By pursuing a world with universally Safe Networks, we are not just focused on the environment, or “safe streets” per se. We are quite focused on protecting data and the actual people as well.
Many cybersecurity solutions that target small businesses fall short by focusing on data and user protections disproportionately, and overlook the benefits and broad impact of establishing truly secure network environments.
Our examination of small business cybersecurity both confirmed and challenged our hypothesis: the weakest link in the PPT framework is People, but largely because we lack the Process to make these People great. A second finding we had was that Technology does need to be the first step we take on the path towards improving cybersecurity, but not for the reason you think.
Our approach to cybersecurity follows this sequence of steps:
- First, select the Technology platform, or the Tech Stack.
- Second, leverage the Tech Stack vendor’s professional training program to center your Processes around best practices
- Third, establish your own hands-on skills development program to institute a continual improvement cycle with your People
The PPT Framework has us thinking in threes. Our steps towards Universal Safe Networks cannot categorically be just Technology or Process or People steps at the exclusion of the two other categories. We observe Technology’s capabilities to guide best practices in your Process, which in turn informs how you can best empower your People with the skills they need to be successful.
With our Safe Networks Philosophy, we are building a program that will do more than ensure we respond well to the inevitable cyberattacks.
With the “edge” of the network in constant flux and typically expanding (with the integration of new remote workers and new cloud applications, just to name a couple examples), the traditional perimeter-focused security approach of this last decade won’t be enough.
We must build Safe Networks where anything that relies on those networks can be created, developed, and shared without reservations, whether it’s an important email, a cloud-based application, an “Internet of Things” (IoT) device, or someone’s workstation.
Our Universal Safe Networks Blog Series:
- How We Developed Our Approach to Security (Introduction) - You Are Here
- The First Cornerstone to Safe Network Design: Technology Stack (Pillar One)
- Why You Need Technology Specialists (Pillar Two)
- The Stack Lab: Meeting Cybersecurity Hands-On (Pillar Three)