Security is no longer a dirty word in most organizations. It’s become something to be embraced rather than a roadblock. With all the public hacks we’ve seen sprawl the headlines management has taken notice. Many organizations are looking to take the opposite approach when it comes to security now and embrace it as a business enabler. They’ve noticed that not only is it wise to secure their data and business, but it could essentially be used as a business benefit. The security mindset is seeping into the board room and it’s assisting with the growth of security as a business enabler. Here are a few areas that can assist with watering this thought throughout your enterprise.
One of the first steps in transforming a company to use security as an enablement is to permit the in-house security resources to be evangelists. This starts with the security management and works its way down through the entire department. This has been talked about numerous times in multiple other articles, but what they don’t talk about is allowing the security team to be put on display and network with other teams. At the end of the day they’re the ones who will be performing the work and are the disciples who will be pushing the security culture throughout the company. If they’re able to circulate into other groups spreading the word of security it will disseminate through the company much faster. In doing this, the security team needs to be careful of using FUD to get there way. Let’s be honest, by using Fear, Uncertainty and Doubt a security team will enforce some issues in the business, but it’s a short-term win. By creating a culture of partnership with groups first will gain clout in your decisions when it comes to matters of real importance. Bullying teams into security only makes them want to circumvent the process the next time you’re involved. This doesn’t lead to security enabling anything within a business. Let’s put a check on the ego’s here.
If you can’t speak the language of risk a company will never see security as an enabler. Learn to be bilingual when dealing with those that might not understand security and bring the concept of risk into the conversation. Not all vulnerabilities, misconfigurations, etc are equal and if you’re running around like Chicken Little each time something is wrong, your influence can be tarnished. I’m not saying to not be security concise, that’s the last thing I’m saying, but applying risk to security is how it ends up becoming an enabler. This can be used against new threats coming into the enterprise, during mergers and acquisitions and essentially any business decision making process. This allows security to be seen as confident and astute when it comes to complex enterprise decisions and not as a panic-stricken department looking to catch up to the threats of the day.
This allows security to become a partner and change the perception of what your mission is within the business. You’re not here to stop projects or become a roadblock to progress, but to become a shareholder in assisting with moving the organization to the next level. By reaching this level it brings together the ability to work together with the business to not only protect the brand, but to protect the bottom line. By making security a trusted advisor in your business it allows an organization to continue customer loyalty or even gain additional respect, sell more products, complete compliance and reach higher levels of standards, wile first and foremost protecting your data and brand. By building relationships, networking, speaking security in a language that others will understand not only helps your internal security function more efficiently, but it will spread throughout the organization making security part of the process and a driver in your business going forward.