Every year the executives of Anitian hunker down in some remote location and hash out our plans for world domination. Okay, we cater in some sandwiches at a coffee shop in Beaverton and try to figure out how to better serve our customers. I am sure we will get to the world domination part some day.
This year was an especially good meeting. I have never felt so positive about the future of Anitian.
When I started the company, way back in 1995, I had minimal security experience and even less business acumen. In the 16 years Anitian has been my life, I have seen it through the good, the bad and the infuriating. But, in the last few years, we have really started to fire on all cylinders. I credit a top to bottom business assessment we completed a few years ago. We hired a team of business and management consultants to give the business a complete review. And their advice was extremely valuable. It has lead to numerous improvements in the business that has allowed us to grow carefully and continue our mission of practical, pragmatic security solutions and guidance.
This underscores something important that good businesses know – outside advice is sound advice. It’s easy to criticize consultants as “just prolonging the problem.” However, the reality is, good consultants are not like that. They provide valuable perspective that internal employees cannot provide. Consultants see your business, systems, applications, security, etc. in the context of many other businesses. Moreover, they can provide experience from other companies to improve another company.
In the case of our external consultants, they made me face some tough questions about Anitian. They made me look critically at the systems and people around me and showed me a course of action which has paid off not just for the business, but for the clients we serve.
This is why security assessments from an outside resource are equally as important. An external source is not encumbered with politics, job security, and a myriad of other issues that can skew the evaluation of security. Mostly, external consultants are not going to be subject to the optimism bias or the familiarity bias. These are two psychological issues that make people see things as they want to rather than how they really are. In security, as in running a business, this concept can cause people to evaluate their business as being secure when in reality, it is not.
At Anitian we have found that one of the most pervasive impediments to good information security is not the lack of technology or even people, but internal politics. The petty bickering and posturing among employees can grind security and compliance efforts to a complete halt. We have seen this at thousands of companies, large and small (although larger organizations tend to have this problem more often.) People will use internal politics as a mechanism to avoid doing their job. It is always easier to stand around and talk about security than actually implement it.
This is why outside consultants are so valuable. They can break through the internal politics, be honest about the situation, and propel people to action. An external consultant does not have to play politics. They can focus on getting the job done.
True, there are a lot of bad consultants out there. People who really do try to prolong the problems so they can maximize their profit. However, I believe these types of consultants rarely last long. Eventually, this attitude catches up with them.
Now, getting back to that world domination thing…
Anitian – Intelligent Information Security. For more information please visit www.anitian.com