Exclusive: Taking a Lego approach to security organisation – Part 3

security

Share this content

Facebook
Twitter
LinkedIn

Back in the day, the process of building homes was rudimentary and time consuming. In order to build strong shelters, early civilizations commonly used a mix of dirt, water and other organic elements, such as straw or sand. These early structures had good insulation and many other properties that made adobe or clay really good choices. Once a structure was built though, that was it. You had no option but to conform with the design. This type of construction technique was effective at meeting people’s basic needs: shelter and protection from the elements and predators, but re-configuring, moving or altering a house made of adobe or clay would be quite the project.

Fast forward a few centuries and the scenario is quite different. Similar to a Lego set, new construction techniques aim for speed, modularity and functional space use. People’s needs are met, but designers and architects create spaces with the understanding that, over time, user’s needs will likely change. They look at construction projects as a canvas that can be painted over and over again, rather than a piece of marble a sculptor will only chisel once. Construction materials have also changed to accommodate the needs of the user and the builder. The ultimate goal is to use physical space as an open platform.

The architectural configuration of organisations has also changed. Historically, teams and business units have been arranged in order to maximise operational efficiency. Large companies have resorted to implementing what’s called “divisional” structures, in which each division maintains all the functions (e.g. finance, legal, comms, etc.) that are necessary to support a team or product in a specific market or region. A divisional model is known to be suitable for large organisations and is helpful to prevent single points of failure. If one division fails, the others aren’t necessarily affected. However, divisional organisations create silos that may not be ideal for cross-functional teamwork, short-duration projects and fast-iteration. Similar to adobe construction, divisional organisations meet the basic needs, but when it comes to problem-solving and collaboration, a divisional architecture may not be the best approach.

Global security and resilience teams are usually arranged in what’s called “functional” structures that prioritise command and control, uniformity and strong governance over flexibility and autonomy. These types of organisations are inherently slow and are designed to maintain rigorous standard processes and procedures. For security groups this ties to their very mission: protecting and preserving life, information and infrastructure. In this scenario, maintaining rigorous processes and standard procedures is a must. A functional arrangement works well for organisations that live and breathe red tape (think government agencies or public sector bodies) but it’s inefficient and simply too slow for innovation. It’s like building a structure with a single-coloured Lego set and only a few shapes to pick from, which limits the opportunities for creativity.

The number of projects that exist in today’s organisations is simply astonishing. Employees are working on more projects than ever before. In large organisations, projects that require cross-functional collaboration have flooded people’s calendars while their companies try to play catch-up with constant reorgs. These changes have been driven by the speed in which societies, markets, information and products are moving nowadays. We live in a world where things (all things) must be ad-hoc, on-demand and always tailored to a particular need. In addition to the volume, projects are also getting larger in scope and complexity. Basically, innovation and operations coexist under outdated and inefficient organisational structures. This may be why people don’t have the time for or interest in true innovation. Divisional and functional organisations are simply inefficient at meeting these demands and the reason why future organisations will likely look very different.

Build whatever you want

The question then becomes: How do we best arrange modern security organisations so that they are effective, agile and forward-looking (all three at the same time)? A Lego-like approach may be the answer. If we start with the premise that operations, innovation and strategy are mutually exclusive, we can deduce that we may have a need for organisational architectures that allow just that. Organisations do not have to fit one single structure. For example, a Chief Security Officer may choose to arrange his global team to have: a) functional structure for standard operations and day-to-day work and b) a so-called “flatarchy” for innovation hubs, crisis management, or short duration projects that require a high-degree of problem, speed and what I call “functional cross-pollination”. In the Lego set analogy, you’d have your standard single-coloured set and another box that contains all sorts of colours and shapes to build whatever you want.

At the individual level the issue boils down to operations and specialisation: who do you need, for what purpose and where? Generalists could tackle operations, as the requirements are fairly standard and straight-forward. Alternatively, “touch & go” projects that require speed, ingenuity, collaboration and specialised knowledge might be suited for project managers and sub-specialists who are better equipped for the mission. Another alternative would be to dive into the notion of a neo-generalist, people who maintain the knowledge, skills and qualifications to navigate specialisation and generalisation. These individuals would be tremendously successful in organisations that require to pivot regularly.

Modern innovation frameworks rely on the power of ideation, collaboration and iteration, which are directly proportional to the degree in which information can be exchanged across an organisation. This can only be achieved by architectural models that allow freedom of expression, diversity of thought, limitless ideation and lots of colours and shapes to pick from.

security
Ricardo Segovia

By Ricardo Segovia, Global Security and Resiliency Manager at Google

Bio: Ricardo Segovia is a Global Security and Resiliency Manager at Google. He is based in the San Francisco Bay Area and completed his graduate education at the Middlebury Institute of International Studies, Naval Postgraduate School and the Stanford Graduate School of Business where he is an executive course facilitator. He writes about innovation, strategy, crisis management and security.

You can connect with Ricardo on LinkedIn here

Disclaimer: The analysis, views and opinions expressed in this publication are those of the author and they do not necessarily purport to reflect the opinions or views of Alphabet Inc. or its entities.

Newsletter
Receive the latest breaking news straight to your inbox