Can Security Become Too Complicated?

Without hesitation, I would say that security can become too complicated.  While many security professionals in all fields of security have recommended that businesses protect themselves with layered security, if not planned out well and reviewed on a regular basis, it can often become so complicated that it opens up other vulnerabilities.  It can also lead to over-confidence by the business which feels it is no longer necessary to use common-sense security measures.  Businesses must take care to ensure that their physical and computer security systems are neither too complicated nor too simplified to adequately protect their assets.

Layered security in its simplest form means not depending on just one security measure for protection.  If a criminal circumvents or beats one security measure, there are other measures in place that will slow the criminal down until an adequate response to the threat occurs.  Implementation of layered security occurs in one of two ways, serial or parallel, or a mixture of the two ways.

The serial approach to layered security means that a criminal will encounter an ever-increasing level of security as they get closer to the asset that is being protected.  For example, when breaking into a business, a criminal would first encounter security fencing on the perimeter of the property, then an exterior intrusion alarm system that protects open areas, a high-security lock on the exterior security door, and security grates on all the windows.
The parallel layered-security approach places a number of security measures all in the same area.  In order to gain access to a valuable business asset, an ID card, a pin number, and some form of biometric identification may all be required in order to enter a security door.

Upon conducting a security review, many businesses will find that they have a mixture of the two approaches to layered security or no real security at all.  If more security or additional layers of security are required, businesses must be aware of the pitfalls of making their security too complicated.  When layered security is not implemented properly, new vulnerabilities will weaken the overall effectiveness of the security program.

Pitfalls of Layered Security

• Having multiple layers of security often give the business an excuse for allowing some layers to be neglected to the extent that they are not truly effective. Remember, a successful security plan depends on each layer functioning at one hundred percent and working together.
• The pitfall mentioned above may be undermining the security culture at a business.  Many times, common sense security measures are put on the back burner because of the over-confidence in the layered security approach that has been implemented.  For example, a company employee does not confront an unfamiliar face because they feel that unauthorized persons could not have breached the various layers of security that are required to reach that location.
• Determining whether security measures need to be tweaked or improved may be difficult if there are too many layers of security.  Security can become so complex that it is hard to evaluate current methods and plan for future improvements.
• Using each layer of security to back up another layer of security is not always effective.  Each layer of security usually has a specific purpose, and it’s primary or secondary purpose does not always provide a backup for another security layer.
• Determining how the different security layers help each other without examining how they can interfere with each other often leads to new security vulnerabilities.
• Creating a layered security approach that is too complex can lead to confusion and also lead to new security vulnerabilities.  Balancing low-tech methods of security with high-tech methods is the best approach.

Properly implemented layered security is a great way to protect a business, but these noted pitfalls must be guarded against in order to be truly effective.  Any other approach is wasting valuable business resources (money and time).

If you need assistance with any of your business security needs, feel free to contact us at Business Security Information.  We can help you through the process of evaluating your security needs as well as making appropriate security decisions to protect your business.