03 Nov Security and Business are Fundamentally Intertwined
Most executives, irrespective of their intelligence and experience, think of Security as though it is an “episodic” issue that requires response plans and SWAT teams; few realize that Security and the very fact of Business are fundamentally intertwined; they cannot exist without each other. Few realize that modern business, characterized by digitization, is built fundamentally on the ongoing balance between efficiency, growth, and productivity on the one hand and security, compliance, and governance on the other. The key word here is ongoing- there is no perfect state, nor is there a defined set of threats that stays still in time and space.
Put simply: Security breaches are a fact of life and Security thus inheres in everything a business does.
Like Siamese twins, business and security are bound together inextricably- the choice before us is to determine whether they are amicable or constantly at loggerheads. It is high-time that every leader of every organization understand this and act on it. Living breach to breach is tantamount to sitting idle while waiting for what some senior experts refer to as “extinction level” events.
Interestingly, however, once this realization is made, Security can be thought of as any other core business issue. A plan is necessary as is a dynamic framework that fundamentally presupposes that attack vectors will change constantly, that the sophistication of the “bad guys” will continue to increase, and that the surface area of attack will grow as organizations grow and transform digitally. This framework must be holistic insofar as it must solve for Technology, People, and Process. The framework must “live” and evolve. Stasis is death. If there are “Moving threats” then you need “Moving Threat Defense,” as cybersecurity pundits will tell you.
As with all such fundamental issues in an organization, great internal resolve is needed to embark on the journey. Knowledge of the intricacies is of course necessary but most organizations have only very rudimentary controls in place, indicating that once the resolution is made to take Security Maturity seriously, quick work must be done to assess where the organization is, and where it needs to get, with time being of the essence. Attacks are increasingly frequent and increasing costly and come from both outside and inside the organization.
In this, technology is important but neutral. As security (defense) technologies get more innovative and powerful so do the attackers’ methods. Put in a slightly different language, it’s important that organizations invest in the latest and greatest software to protect themselves and allow for their businesses to run smoothly, but they also need to invest in ongoing services and processes that allow them to stay a “step ahead.”
All large transformations offer great opportunity and create new costs. Digital transformation is no different. The enormous benefits that come from digital business are well-documented and well-understood. The costs associated with it have to be not only understood but accepted.
Constantine Korovkin is the COO and Co-Founder of Akvelon. He is passionate about excellence in execution, building successful high-tech businesses, project management, exceeding clients and customers expectations in every way.
We need real security strategies not just theater as we move forward into new technologies with a new level of threats. Here’s how we can all empower ourselves for success with security. Read more.
Progression in digitization and the future of business relies on how we protect the benefits of the Internet and prepare for the risks in doing business online. Read more.