More Insights Read more →
More Insights Read more →
Most executives, irrespective of their intelligence and experience, think of Security as though it is an “episodic” issue that requires response plans and SWAT teams; few realize that Security and the very fact of Business are fundamentally intertwined; they cannot exist without each other. Few realize that modern business, characterized by digitization, is built fundamentally on the ongoing balance between efficiency, growth, and productivity on the one hand and security, compliance, and governance on the other. The key word here is ongoing- there is no perfect state, nor is there a defined set of threats that stays still in time and space.
Like Siamese twins, business and security are bound together inextricably- the choice before us is to determine whether they are amicable or constantly at loggerheads. It is high-time that every leader of every organization understand this and act on it. Living breach to breach is tantamount to sitting idle while waiting for what some senior experts refer to as “extinction level” events.
Interestingly, however, once this realization is made, Security can be thought of as any other core business issue. A plan is necessary as is a dynamic framework that fundamentally presupposes that attack vectors will change constantly, that the sophistication of the “bad guys” will continue to increase, and that the surface area of attack will grow as organizations grow and transform digitally. This framework must be holistic insofar as it must solve for Technology, People, and Process. The framework must “live” and evolve. Stasis is death. If there are “Moving threats” then you need “Moving Threat Defense,” as cybersecurity pundits will tell you.
As with all such fundamental issues in an organization, great internal resolve is needed to embark on the journey. Knowledge of the intricacies is of course necessary but most organizations have only very rudimentary controls in place, indicating that once the resolution is made to take Security Maturity seriously, quick work must be done to assess where the organization is, and where it needs to get, with time being of the essence. Attacks are increasingly frequent and increasing costly and come from both outside and inside the organization.
In this, technology is important but neutral. As security (defense) technologies get more innovative and powerful so do the attackers’ methods. Put in a slightly different language, it’s important that organizations invest in the latest and greatest software to protect themselves and allow for their businesses to run smoothly, but they also need to invest in ongoing services and processes that allow them to stay a “step ahead.”
All large transformations offer great opportunity and create new costs. Digital transformation is no different. The enormous benefits that come from digital business are well-documented and well-understood. The costs associated with it have to be not only understood but accepted.
We need real security strategies not just theater as we move forward into new technologies with a new level of threats. Here’s how we can all empower ourselves for success with security. Read more.
Progression in digitization and the future of business relies on how we protect the benefits of the Internet and prepare for the risks in doing business online. Read more.
Technology is only great if is used in pursuit of a fix to a real and palpable problems. Real “solutions” do just that. Read more.
Digitization has, however, a downside as well. The Internet as a backbone for an organization’s connection to the outside world (customers, partners, media, financial institutions, consumers) is a powerful evolution in infrastructure, but is one fraught with enormous risk. These risks come from both outside the business and within.
In the lexicon of the technology world, these risks can be largely reduced to three ideas: security, compliance, and governance. Each of these three is of massive importance, and each requires the right mix of science and art to administer with success.
This trifecta of Digital (IT-based) Business constitutes what I call “The Big Push.” All organizations are pushed to build a framework in which this trifecta is not only manageable now, but in the future as well. This framework has to be absorptive and assimilative- new ideas have to be taken in and, especially in the case of Security and Compliance, have to be able to assimilate new attack vectors and new compliance regimes. Incidentally, neither Security nor Compliance are “predictable” and therefore a good framework takes the “unknown unknowns” and converts them—at least—to “known unknowns.”
“The Big Push” has put Digital Business at a crossroads; in my experience, 90% of organizations need some sort of assistance in navigating through this crossroads to a “safe” place.
1. Can Business Agility and IT Governance be simultaneously managed and prioritized?
2. Can Heightened Levels of Security threat be managed and accommodated?
3. Can ongoing and often sudden changes in the Compliance regime be managed?
These three questions, if answered in the affirmative, provide a powerful foundation for Digital Business insofar as they reduce the possibilities of blockage and even Digital Disaster.
“The Big Push” has been given to all of us. How ready are we?
Check out all the cool stuff we are doing in the video below.
Sorry, the comment form is closed at this time.