The job of security is to reduce security risks to acceptable levels, at an acceptable cost, in a manner that is harmonious with the business. Lean Security Operations, an application of lean principles to security operations, can help us do that.
Lean is the systematic elimination of waste from all aspects of an organization’s administration and operations, where waste is viewed as any application or loss of resources that does not lead directly to value the customer is willing to pay for. That means both what the customer wants and when the customer wants it. Waste is any action, process or activity that does not add value from the customer’s perspective.
For example, obtaining a photo ID badge is of value to the customer — waiting in line for a long time to get one is not. Having a lengthy and complicated issuance process that ties up security personnel does not add value either — it occupies security staff and keeps them from performing other actions that could add value.
In manufacturing, waste typically has financial impacts — for example, the costs involved with excess inventory. What is different in the security function is that in addition to the financial impacts of waste, there can be risk impacts.
One category of waste is defects (any process, product or service error). In security, errors often increase risk. In the presence of an active threat, defects in a security process can be catastrophic. For example, failing to cancel physical access and/or computer systems access for a disgruntled employee can permit extensive damage, including theft, misuse of private or proprietary information and even physical violence against personnel.
Eliminating time and energy spent on actions that do not mitigate risk improves the focus on actual risk mitigation using existing resources. “Doing more with less” should mean doing more of the right things. That is a key result of applying lean principles.
Lean includes perspectives and tools that can be of tremendous use in increasing the value that security managers provide to their organizations. (Editor’s note: for an in-depth look at Lean Security Operations, please see the feature story in the July issue of ST&D).
What can I look forward to in future columns?
This column will introduce lean perspectives and tools and provide a path for security practitioners to follow in applying lean principles.
To start, the column’s focus will be on security management and leadership perspectives required to understand and apply lean principles to security. If your organization is already successfully applying lean principles outside of security, the initial material will help you and your organization’s existing lean leaders establish a common understanding of Lean Security Operations.
Later columns will present practical examples on applying lean principles to security operations. At that point, readers applying the material in this column should begin to experience benefits from applying lean principles to security operations.