Security: Business Inhibitor or Business Enabler?

By Johna Till Johnson
On Feb 25, 2014
Tuesday, February 25, 2014

Can the right security posture actually enable business, rather than impeding it? Most folks would say no. Information security has long established itself as a barrier to productivity—how often have you heard employees complain they can’t do something “because of security”? In fact, among my clients we joke that security is the “Dr. No” of the organization

But this is changing. In the past, security professionals viewed their primary charter as protecting the organization. These days, however, security professionals and other senior executives are beginning to see security as a way to enable, enhance, and grow the business. In other words, they have moved from asking themselves: “What will it take to protect the organization?” to, “What would we be doing differently if we weren’t afraid?”

That’s a game-changing question—and by asking it, security professionals are beginning to turn security into a way to do business faster, better, and more reliably (reliability, after all, is an aspect of security). This approach is enabling formerly risk-averse companies to embrace formerly threatening technologies like consumerized mobility and cloud services.

The trick lies in understanding what the real security issues are, and addressing those head-on, rather than falling back to the easiest, but not necessarily most effective, solution.

One example: having an MDM in place enabled the CISO of a large financial services firm to say “yes” to a BYOD policy for its sales force, saving on operational costs and making the sales team more effective. “It was a convenience savings, an operational savings, and security was at the core,” says that CISO.

Another example: A midsized professional services firm made encryption and data protection a seamless part of its infrastructure—which became a selling point with its privacy- and security- conscious clients. “In our business development efforts, security issues are so visible, our [salesfolk] incorporate information about our security posture into our proposals to help sell business,” says the CIO.

The bottom line? Security professionals should start asking themselves, “What could we be doing if security were no issue?” and follow that with, “How can we do that thing securely?”

1

Research Tracks: