For business leaders, it has never been more important to have a regular, open dialogue about security with IT staff.
The rapid pace of change and innovation in the technology industry, particularly in the cloud, is enabling organizations to transform their service models and open new markets every day.
And yet, as I wrote in a blog post last summer, many IT professionals are struggling to connect with their executive leaders about the need to build effective security controls to keep pace with business innovation. It’s a theme that I heard again in conversations with industry pros at the Cloud Security Alliance Congress in Orlando, Florida, earlier this month.
Anecdotally, security pros say their advice is often ignored, and their leadership doesn’t understand how important security is.
It’s time to think about that problem in a different way, according to V. Jay La Rosa, Senior Director, Global Security Architecture, at ADP, who gave a great keynote presentation at the Congress.
“Maybe it’s not them [leadership]. Maybe it’s really me,” La Rosa said.
Security pros need to learn to translate “geek speak” into “executive speak,” according to La Rosa. It’s not enough to merely identify the risks that new services or strategies might present. A more valuable approach would include providing guidance in managing those risks with appropriate security controls, and identifying the calculated risks that would remain.
Too many security pros function as a checklist, or worse – a roadblock — to innovation, La Rosa said. Acting as a gatekeeper of sorts may have been an important role for security teams in the past. But effective IT pros are evolving today toward a more balanced role.
“You can be part of the decision making, or you can be a roadblock – and they can go around you,” La Rosa said.
That last comment really struck me and I wonder how many business leaders actually view their IT staff that way – as an obstacle to be circumvented. Surely that can’t be the best use of such a valuable resource.
To be clear, security is an important consideration and anyone running a business or organization should be sure to understand and prepare for the challenges. Safeguarding your assets, including intellectual property, through secure development and operational security processes is as important as ever.
So, while La Rosa offers some powerful advice to security pros – learn how to talk to your leaders and find ways to help them reach their goals – it occurs to me that the reciprocal must also be true. Business leaders should help their IT staff understand what they really want from them.
Through that dialogue, your IT staff can not only retain their strategic value, but also find new opportunities to serve as a partner in implementing your new plans and big ideas. Instead of a roadblock.