Mind the Competence Inversion
Recently, an iGoogle “quote of the day” made me stop and think. Usually, I read the quotes, smirk, and move on. But this one was different:
Technology is dominated by two types of people: those who understand what they do not manage, and those who manage what they do not understand.
— Archibald Putt (a pseudonym)
It turns out this quote is known as Putt’s Law and was first published in Research/Development magazine in 1976 (yes, before my time in high tech). Apparently, engineers have been smirking at Putt’s Law, a kind of Peter Principle for technocrats, for the last 30 or so years.
What struck me (along with the quote’s wicked ring of truth) is that Putt’s Law has real implications today for organizations struggling to meet IT compliance mandates. There’s a similar “competence inversion” that exists here – those who understand security and IT controls aren’t responsible for business risk management, and those who set policy and establish accountability often don’t understand the technology they strive to govern.
So what’s the answer?
Software can help. Identity governance solutions are designed to transform technical identity data into centralized, easily understood, business-relevant information – giving business users and managers the information and metrics they need to effectively govern identity. Role management plays a key role in providing business context to low-level entitlement data, to better enable audit, attestation, and business administration tasks. Dashboards, reports, and query tools designed for business users provide greater transparency into IT data and processes – opening up the IT “black box.”
But like it or not, the technology is only as good as the people implementing it. Organizations are still on the hook for the human responsibilities and tasks that must be performed. The good news is that software can help you better focus your time and energy on proactively addressing areas of potential weakness or liability. Mind the gap!