By Tim Brown
We often think of IT security as a figurative insurance policy designed to take care of us when something bad happens. That is an important part of IT security but not the only thing.
We need to also think about how security enables business, enables employees to do their job in the best way possible, and enables society to embrace new technology.
In my career I’ve met with hundreds if not thousands of companies. Most are as you would expect:
1) Those that have been under regulatory control for a long time have mature security processes and programs
2) Those that are new to security are still figuring out how to measure risk and oftentimes struggle with where to start
Every once and while I get a surprise and these surprises provide some of the most important insight and lessons.
Once, I was scheduled to meet with a manufacturer of pipe. I did my research to understand the company in anticipation of their security needs. I was expecting a basic conversation of how to measure risk, how to protect the internal infrastructure, how to take care of good cybersecurity hygiene, and generally how to keep the business protected at an appropriate level for a non-regulated company. I was completely wrong!
This manufacturer had one of the most mature and well-thought-out security programs I had seen. We did not spend our time on the basics; rather, we discussed advanced threat detection, security analytics and deception technology.
So why did a non-regulated manufacturer have such a mature security program? The answer is simple economics and one of the best examples of approaching security as a business enabler that I’ve seen. They may be a manufacturer of pipe - perhaps a low-tech business compared to the technologies needed to protect their business. But, their customers are the largest oil and gas companies in the world; companies that require high levels of security from their third party vendors.
By investing in a mature security program this pipe company became a privileged supplier; they could operate with their customers more efficiently and they could prove they would not be the weak link in their partners’ armor.
Since this first experience I have found a number of companies that are using security to enable partnerships, to expand globally, to enable new customer experiences and to embrace new technology as a means to drive the business. Security should be thought of like brakes on a car; brakes are there to let us go faster, not slow us down.
Now, take your foot off the brakes and let’s get going with security as a business enabler!
About Tim Brown
Tim Brown is at the front line of the most vexing challenge facing organizations today: IT security. As a former Dell Fellow, CTO, chief architect, distinguished engineer and director of security strategy, Tim deeply understands the challenges and aspirations of the person responsible for driving digital innovation and change. Tim is now an ITSPmagazine Fellow and the magazine's cybersecurity strategist.