Aligning Security to Provide the Anticipated Business Results

I was recently preparing to deliver an educational information security webinar to a diverse audience from different industry verticals and my theme was around how security can enable your business rather than act as an inhibitor.

The key questions that came to my mind are:

How do I articulate the value security can create for the customer’s business?

How can I change the mindset of folks from security being needed to being wanted?

How can security move away from just controlling systems to enabling capabilities?

What, where and how you communicate about security within your organization need to take very different forms depending on which security constituent you are trying to reach.

In the security world, we are always asked to show ROI and articulate value proposition.  Both of these are important whether it is to internal teams or to external audiences to obtain support and funding. Some of the things I have learned are around speaking the language of the executives. Security jargon only goes so far.  Executives understand terms like Risk, Business Impact, Compliance and Cost Avoidance.

The role of security is transforming from being just prevention and protection role to a strategic business enabler.

Folks who are part of security strategy development will understand when I say strategy is not a one time task. It is a continuous process that evolves as the organization changes.

Here are some key questions regarding that security strategy to consider:

How can you assess, understand and define security’s current and future role in your organization?

Where is money being spent on security personnel, processes and technologies across the enterprise?

What does security need to achieve for your organization in the future?

As emerging technologies transform the way we conduct business today, it is creating both challenges and opportunities.  As the workforce and consumers demand everything as a service — and expect it from anywhere — how can we help secure critical assets and information?

All of this requires a new approach to security, and one that includes building security into applications, assessing risk before coding begins, and applying other quality and operational management practices.

Bindu Sundaresan Strategic Security Solutions Lead AT&T About Bindu