In a previous post, we looked at some of the key challenges technology and cyber security executives are facing as their organizations prepare for a digital transformation, including loss of control by IT and security leadership, an emphasis on speed to market that can hinder security, a lack of risk assessment with regard to cyber security, and not enough focus on security efforts related to people and processes.
Now let’s explore some ways to directly address those challenges.
One of the first things IT and security executives need to do is take back control of their organizations from a technology management standpoint. To be clear, this doesn’t mean putting the brakes on innovative technology efforts within business units or departments.
It’s not likely that shadow IT will go away anytime soon—and it doesn’t need to. What it taking back control does mean is that IT and security leaders need to work in close cooperation with business managers at all levels of the enterprise, working as business partners and brokers of a variety of services.
IT and security cannot be seen as obstacles to progress. That might actually hinder efforts to strengthen cyber security. Instead, they need to help business users make the best choices about product and service deployments, and make sure they’re making wise decisions with regard to data security.
This partnership includes making it clear to business users that security policies are to be followed closely, for the protection of the organization as whole as well as its employees and customers.
To deal with the challenge of the emphasis on speed to market for new applications, products, and services, IT and cyber security leaders need to find a way to balance business agility with strong security. One way to do this is to be part of the early planning cycle with go-to-market initiatives. The earlier IT and security get involved, the better chance they have to ensure that security is part of the discussion with any new technology project.
And regarding cyber security risk management, technology and security leaders need to help their organizations define the levels of risk associated with security. That includes working with business executives at the highest levels of the organization to develop a risk management strategy.
It shouldn’t be too much of a challenge getting buy-in from the CEO, CFO, and board of directors on a cyber security risk plan. All business leaders are likely to be keenly aware of what’s at stake if hackers manage to steal customer data, intellectual property, or other valuable information assets. They’ve seen it happen to other organizations in recent years.
Finally, to address the hurdles related to people and processes, IT and security management must take the lead on creating effective training and educational programs and security policies that address threats and vulnerabilities related to the new data center environments that are emerging.
The cyber security landscape is continuously evolving, with threats becoming more sophisticated and insidious. End users at all levels of the organization need to be kept abreast of what they must do to avoid exposing the company to potential damage.
Likewise, security policies must be kept up to date. That means reviewing and potentially revising them on a regular basis. For example, how many companies have policies specifically related to ransomware? And yet that has quickly become one of the most common types of cyber attack today.
By taking these steps, IT and security executives can help ensure that their organizations are prepared for the new security demands they face as they launch IT transformations.