“Museum Visitors Damage 800-Year-Old Coffin by Putting Child in It for Photo”

“Oops! A Gallery Selfie-Gone Wrong Causes $200.000 in Damage”

“Whoops! When Museum Visitors Get Touchy-Feely With the Exhibits and Unleash Mayhem”

Yes, these are real articles in the New York Times. Yes, these are real things that are happening out there. TL;DR here – people are going crazy for social media and causing major damages, in some cases to irreplaceable items in museums (like an 800 year old coffin for example.)

Now, of course, I’m a major art and history advocate, so reading these articles appalled, disgusted, and ultimately confused me. I’m a social media queen, and I would never accept the thought of climbing inside an artifact, much less actually do it. (I’m even afraid to touch things in the interactive sections sometimes!) Being irresponsible around someone’s work of art or our world’s historical items can be extremely detrimental… because as aforementioned, they’re irreplaceable.

In one of the articles, Christopher Mele mentions a very important struggle for curators and museum executives nowadays – Accessibility vs. Preservation. After talking with several professionals in the museum industry, this is the number one challenge – and there is no easy answer. Creating an interactive environment but also not cheapening or (like we see here) endangering the exhibits as well. This existential battle only keeps growing as social media and the internet become more ingrained in our society. The “perfect” selfie or video can go viral in a matter of minutes, and who doesn’t want their 30 minutes of fame?

So, I’m sitting here fuming, and then it hit me like an 18-wheeler. This is exactly the same problem we have in Information Security today. Innovation vs. Protection.

Think about it: the reason that “Next-Generation Firewalls” took the industry by storm was because they allowed both enhanced visibility and the ability to pick and choose what was allowed/blocked WITHIN an application rather than the app itself. In the days of yore there was no reason for anyone to be on Facebook at work, so blocking the site entirely was effective. Now we have people whose entire job is to keep the company’s Facebook page current and interesting. This was a solution that satisfied both sides of the fight.

However, let’s take another example. You set block parameters based around certain websites due to content and malware risk. On this list is alcohol related content, because the employees should be focusing on work and not what booze they’re going to be picking up on the way home. Makes complete sense… until Joe Schmoe needs to gather data about a large brewing organization. Joe types in the website, gets blocked, and gets annoyed. This is a major company, and he can’t do research on them because of the nature of their business. Having grown up in the internet age, Joe finds a workaround.

Now, all of that money you spent on those fancy WAFs that avoid cross-site scripting and all that other amazing stuff is rendered useless because he’s running around it… which opens his device up to all kinds of lovely bugs! All it takes is one wrong click and you’re getting a ransomware demand.

Now obviously, this is exaggerated, but you get the point. If you aren’t thinking outside of the box, someone else is. But you have to also make sure you’re not opening yourself up too much. Innovation and Protection have to coexist, because otherwise you will be losing out on revenue. It’s a delicate balance, and one that I’m not sure we’ll ever fully master.

Innovation and Protection have to be a collaborative effort – because putting too much weight on either side will tip the proverbial canoe.