Information Security, and the New Generational Gap

We are taking a brief hiatus from the ALIST series this week to focus on an important topic that deserves discussion. We all know that each generation (i.e. Baby Boomers, Generation X, etc.) brings with it new and different behaviors, attitudes, opinions, and interests. However, with the rapid advancement of technology in general, we are just now learning exactly how pervasive connectivity is impacting the younger sect of our working population.

Earlier this week I came across a very intriguing commentary on this very topic, Lifestyle Hackers, which appears on CSO Online. This insightful article talked about what is being referred to as the “Net Generation“, the younger subset of our population that has never known life without the Internet and other communication technologies (as opposed to Baby Boomers who were raised with television as the primary technology/communications breakthrough early in life).

Connectivity: A threat or a productivity tool?
Connectivity: A threat or a productivity tool?

Technology exposure has upsides and downsides, and we won’t go into all of the social implications of being connected and interacting virtually rather than face-to-face. However, twenty-somethings, the first true group of working adults among the Net Generation, seem to have a knack for finding their way around security measures. The ever-present Insider Threat is no longer solely a problem of user ignorance or malicious intent; it is now a problem of technical competence and motivation. How can that be you ask?

You see, the Net Generation views life, business, and productivity through different glasses than previous generations. While your security team is blocking access to social media, instant messaging, and other “high risk” applications, NetGeners (as we’ll refer to them from here forward) find those media to be crucial to their productivity. But your leadership team likely sees these tools as hindrances to productivity, hence the desire to block access. In the end, we’re all chasing the same goal – to get more done and to do it as efficiently as possible.

How do YOU define productivity?
How do YOU define productivity?

Basically, the problem all comes down to perspective. Baby Boomers are more likely to focus on a specific task, much like watching a show or channel on TV. NetGeners, on the other hand, prefer the connectivity of the internet and have come to embrace multitasking as a fact of daily life. The article elaborates on this point, “As Internet-facing technology became ubiquitous and leaped from the home to the mobile device, the Net Generation adapted by incorporating new technology into its very social fabric.” Heck, NetGeners even have their own slang these days.

So who is right? Everyone is in some way. NetGeners see Facebook as a tool for collaboration to more quickly solve problems. They use Text Messaging (SMS) much like Baby Boomers have come to embrace email, but NetGeners prefer the instant gratification of knowing the message delivers now and the answer will come quickly, rather than a day or two later. For these reasons, many NetGeners actually refer to themselves as “Generation Now”. [Editor's Note: It's curious that most NetGeners somehow fail to grasp the value of Twitter, but that's another discussion altogether.]

The bottom line is this – media changes and evolves, as does technology. Different generations work in different ways. This has been true for hundreds of years now, through the Industrial revolution, which first made the term “economies of scale” relevant, to today, where micro-anything and real-time is deemed superior to the old way of doing things. First there was snail mail, then the telephone, then the facsimile (“fax” to all you NetGeners), then the Internet, then email, and then finally, widespread acceptance of cell phones. Cell phones naturally forced the whole equation to evolve again, and now, real-time is key.

So what’s a security professional to do? As a technologist, the smart approach is to embrace and enable safe usage of these new technologies. Revisit your Security Policy. If it’s too restrictive, expect problems if/when you hire twenty-somethings. They will find a way around it, and your policy won’t work. Ultimately, you risk failing to enforce the very security that you aim to establish.

Security is here to ensure safe operation of the network, but not here to handcuff workers from being able to be productive. We’re not there yet, but a balance must be struck, and it’s up to CSOs and Security Management to determine the optimal approach.

Have you managed to figure out the balance? Please share your thoughts, tips, or even any criticisms of this viewpoint. This is a topic that must be discussed, and we’re happy to take the lead on drumming up the discussion.