4 ways to overcome the security chill

  • Balancing security and innovation is key to supporting business growth.

  • Communicate security risks in business terms to ensure executives understand their impact across the company.

  • Securing your enterprise takes a company-wide effort.

The fear of costly security breaches or daunting gaps in data protection can lead IT policy makers to freeze important experimentation to help control risks. But doing so can put company growth on ice. Following these four tips can help you thaw the chill between security and innovation.

1. Speak in business terms

Communicate risks in business terms. Executives who have doubts about the tangible business consequences of a security threat or incident are more likely to be skeptical about the need for enhanced security. That’s why your security team should quickly establish the need-to-know facts about the threat, then focus on the business consequences. Make sure the C-suite understands that poor security means lost customers, eroded trust, diminished revenues, and substantial fines.

2. Security must accommodate change

Security is a matter of managing risks, and often, sticking with the status quo looks like the safest choice. Growth demands change, however, and change must be accommodated, even in the face of short-term risks and long-term unknowns. When evaluating the risk/reward balance of new solutions demanded by company leaders or sought by other IT groups, take a long-term view of business gains and security challenges to be overcome.

3. Transparency earns trust

The greatest threats to a well-reasoned enterprise security regimen come from within. As employees institute their own bring-your-own-device (BYOD) practices and business units purchase their own IT services and cloud solutions, they introduce new—and sometimes potentially catastrophic—risks that could go unnoticed until it is too late.

Your security team should be open to new ideas, easy to work with, and accommodate reasonable requests for new services and device classes. Equally important is the ability to be clear, concise, and trustworthy when rebuffing such requests. If, for example, regulatory requirements and the sensitivity of customer data are so rigid that all BYODs must be declined, security policy makers must state that in terms all users can understand.

A clear, honest explanation of the risks involved in untested, untried, or otherwise uncontrolled access via personal devices or cloud IT services may not stop every attempt to circumvent security policies. But an opaque, disingenuous, or otherwise inconsistent set of policies will discourage open dialogue when business users have new needs.

4. Make security everyone’s business

Today’s security challenges are so daunting because access to sensitive corporate data is vital to virtually every aspect of business operations. Your security team cannot be expected to shoulder the entire burden. Big-picture security strategies and policies are important, but building a more secure enterprise also takes working with operations leaders to find manageable, bite-sized ways to improve security procedures in their departments.

Find out more about the factors you should consider when developing an enterprise security strategy in the AT&T Network Security.  

Jason Compton is an internationally published writer and reporter with extensive experience in enterprise technologies, including marketing, sales, service, and collaboration. All opinions are his own. AT&T has sponsored this blog post.


Jason Compton Writer About Jason