Design principles observed in nature serve as a valuable model to improve organizations' security approaches.
Next year marks the 40th anniversary of a book that changed the world: Bill Mollison and David Homgren's Permaculture One, which described a set of agricultural and social design principles that mimic the relationships found in nature.
"In practice, permaculture is a growing and influential movement that runs deep beneath sustainable farming and urban food gardening," Michael Tortorello wrote in The New York Times. "You can find permaculturists setting up worm trays and bee boxes, aquaponics ponds and chicken roosts, composting toilets and rain barrels, solar panels and earth houses."
What does this have to do with information security? I believe there's remarkable synchronicity between permaculture and security and that the use of design principles observed in natural ecosystems can serve as a valuable model to improve organizations' approaches to security.
Think about the challenges of protecting an enterprise: lack of resources (people, technology, budget, or any combination thereof), competing priorities, balancing compliance requirements and business needs, awareness and training, enforcing policies and standards.
It's an environment well-suited for the application of permaculture principles, which focus on harmonious integration — working with, rather than against, nature — and embracing collaboration over competition. Permaculture, a portmanteau of "permanent agriculture," embraces three basic ethics: care of the Earth (or, in this case, the system), care of people, and reinvestment of the surplus.
About the Author
Chris has a passion for security, especially building security programs and teams in incredibly dynamic organizations. Chris joins Distil Networks as the Director of Security, where he will continue to expand on experimenting with Permaculture in the design and implementation of security programs and controls. At the end of the day, it is the Permaculture ethic “Care for People” that drives him most. Throughout his career in every type of organization from government to Fortune 500 he has seen how focusing on that foundation drives better results, unless you are looking for spectacular failure, then it’s ok to ignore that ethic.More Content by Chris Nelson