When faced with an increased number of threats, the natural tendency is to want to lock everything down as much as possible. In reality, the role of the IT security officer is evolving into one that enables business processes to occur with the least amount of risk possible.
A recent report issued by the Security Business Innovation Council (SBIC) created by EMC advises IT security officers to pursue a more nuanced approach. While there may be more security threats than ever, business opportunities are often fleeting. In an age when business is increasingly digital, organizations need an agile IT infrastructure that allows them to rapidly respond to new business opportunities.
Sam Curry, chief technology officer for marketing at the RSA Security Division of EMC, says one of the biggest issues facing IT security officers today is that they don’t speak the language of business. Every business person understands the concept of risk. After all, that’s what business is all about. Curry says that IT security people tend to overly emphasize the risks without fully appreciating the potential business benefits of the opportunity at hand.
Curry concedes that while striking a balance between risk and opportunity is easy to understand in concept, actually being able to make that work is fiendishly difficult.
To strike that balance, the SBIC recommends:
Curry says that instead of thinking of fighting the IT security with battleships blasting away at each other, the reality is that modern IT security more closely resembles submarine warfare. Most of your time is spent patrolling the depths of the Internet, trying to identify potential threats. Once they have been identified, the mission doesn’t necessarily become about eliminating that threat, but rather helping the business to navigate around it.