The Public And Private Sectors: Who Does Security Better?

Image by: Michael Johnson

Often pitted against each other by economic theorists, business leaders and politicians as two diametrically opposed ways of organising businesses and service providers, the public and private sectors are often seen as being in constant competition with each other.

Political debates and endless column inches in newspapers and magazines are taken up with arguments for and against the public or private sector becoming the dominant mode of organisation for businesses and social service providers.

Advocates of the private sector highlight the fact that private ownership allows an organisation to be more efficient, more profitable and better able to adapt to the constant flux of the modern business environment. Advocates of placing businesses in the hands of government point to the idea that universal working standards of equity and employee rights would be much easier to implement.

The bottom line is that the debate is complex and lengthy. The best way to begin getting to the heart of the issue is to look at the different components of each model in detail. In the modern day and age, perhaps no other issue weighs more heavily on business people’s minds then the issue of security.

So how do the public and private sector and match up on security.

Cyber Security

The first thing to realise is that neither of these business models is perfect when it comes to data protection and cyber security. The history of both the public and the private sector is littered with huge and embarrassing data breaches, from internal negligence to more nefarious criminal activities. The evolution of technology, the increasing dependence on computer networks and storage and big data have affected both sectors equally, and exposed both of them to a number of new threats.

Separating the public and private sectors in terms of data security is not an easy task. On the one hand the public sector could be expected to have better safeguards in place due to the greater history of dealing with public information, but on the other the lack of adaptability may mean that they have been slower than the private sector in reacting to the new kinds of security threats. 

The evidence seems to point towards the latter conclusion, with the a series of ICO reports in 2012 claiming that 11/16 of the private companies and only 1/15 of the public ones surveyed held what was deemed to be a satisfactory level of data protection or had implemented the right kinds of data security procedures. It is important to realise, however, that the public sector is often the one that often faces the most sophisticated and large scale kind of cyber-attacks.

This points to the fact that while private companies are likely to have widely diverging security architectures and processes, the public sector has to a high level of security as standard.

Physical Security

The physical security challenges that are faced by public and private organisations are also likely to be significantly different. Private companies are firstly likely to have far less employees then some public organisations and may also have much less interaction with the public. This fundamental difference in both the internal composition and customer base means that public sector organisations are generally going to need much higher diligence when it comes to physical security.

Public sector organisations are likely to have more people who are in possession of ID cards and certain levels of security clearance, so systems need to be designed to accommodate for a much larger flow of people in and out.  Private companies on the other hand, will be able to implement physical security systems that are able to utilise the main tenants of physical security:

• Deterrence of potential intruders (signs and perimeter markings)
• Distinguishing those people who are authorised from those who aren’t (ID cards and other forms of recognition software)
• Delaying, frustrated and prevent intrusion attempts (walls, doors, locks and safes)
• Detection of intrusions
• Trigger the appropriate response

Who Does Security Better?

Have we got anywhere with this brief investigation into the way that public and private sector organisations approach security? Well, on the surface it would seem that we have circled around and got stuck in the same argument that plagues most people when they begin to engage in debates about which of these modes of organisations.

The answer becomes that on a basis of individual organisations, private companies will probably have an easier time in implementing security systems that are specifically designed to suit their needs whereas public organisations are likely to have to try and fit themselves into a much broader security system that is designed as a one-size-fits-all model.

In the realm of physical security it becomes clear that the security requirements of public and private become clear. While private sector organisations can create systems that allow them to focus on the five main tenants of physical security, public organisations often find that they cannot do this.

What do you think about the public sectors versus the private sector when it comes to security? Do they both need different strategies or can one unified system work for both?

About the Author:

James Duval is a technology obsessed blogger who has always had a fascination with the ways in which technology and business interact in the modern world. He writes for a GKBC as well as Essentra Security.