There is an good article on CIO Central: Are You Focused On The Wrong Security Risks?
An interesting discussion, and I partly agree that we have to challenge the way we look at the security risks. I would even broaden the questions he raises. When I talk about industry trends that impact your risk landscape, then include:
- Users ask for more flexibility: For a lot of roles, it does not really matter when you work and where you work. I am fairly open when I work personally, from where and how I split my private and work life. This means that in my case, my notebook is not directly connected to the Microsoft corporate network more than once a month.
- Cybercrime moved from “Cool to Cash”: This is not new but we have to understand that the real threats are the targeted threats and not anymore broad spread attacks like Blaster in the past. It is all about going for money and understanding the business case.
- Consumerization of IT: That’s a tricky one. I am convinced that more and more consumers are making strategic IT decisions. You disagree? Give me the one single company who decided to use iPhone or iPad as a strategic device. It came in by the consumers as they love the device and wanted it to be integrated into the IT infrastructure. This will continue. When the younger generation is entering the business, the ones who grew up with Facebook and Twitter, they will ask to be as productive as possible using the tools they know – and we are giving them a one-size-fits-all and giving them a standard build. We even feel good by doing so and are not realizing that they will find ways around the security boundaries we are building – with the intention to do their job efficiently. We need to help them to work productively in a secure and safe way.
- Security as a Business Enabler: We need to understand that our job is to help IT to help the business to be successful. We are not here to be the “no”-sayer.
- Cloud: That’s obvious but we need to be part of these discussions in each and every IT. Again, not to say “no” but to help the business to understand the real risks, not just our gut-feeling of losing control.
And then, we probably should look into the way we do risk management overall: Fixing Risk Management
So, let us accept these trends. I do not think that there is disagreement on the trends above. If yes, we have to embrace them and especially move towards a business asset. I am tired of having the touch of being just the pain in the back and so are the CxO’s to pay our bill.
Let’s become a business enabler and not a disabler as in the past.
Roger