RealSecurity

Ask any security professional, “Does compliance mean you’re secure?” and you will get a resounding “No!” But, let’s think about that for a moment. Before the wave of compliance security was barely considered. I vividly recall a meeting with my boss where I showed him the floppy that contained access control lists for the new fandangle Cisco thingy called a router that will help “…protect us from the Internet by blocking unwanted traffic.” “Protect us?” He exclaimed, “The Internet is essential. I don’t want to stop anything.” Sometime later we suffered from a security related event and ended up investing in more controls, and frankly this was the impetus of me getting into security as a career. So, before compliance, security was a shot in the dark. Now, the bipolar-ism of compliance verses security raises some interesting questions about the future.

As difficult as it may be to see through the fog of economic uncertainty, there is enormous opportunity -- and today’s challenges should be seen as a tipping point for the evolution of security. Given the vast challenges and comprehensive threats facing organizations, security is more important to the survivability of the business today than it has ever been. As companies are weakened by unfortunate, but necessary cuts, even the best recovery plans can be undermined by a publicized attack. Security can play a pivotal role in providing a secure environment to help executives focus on effectively implementing strategic initiatives. As well, there are other dynamics occurring in the depths of business that can be leveraged to translate today’s security activities into tomorrow’s security alignment with the business. Understanding these nuances will allow security groups to not only demonstrate value in the current economic condition, but also provide the foundation for enabling the business for the future.

If you’re a reader of this blog, know me, or have seen me speak you know that I’m very much about security enabling the business and operating in business terms. For years security had been an afterthought and seen as a barrier to the vast business opportunities that lie out in the Internet and the complete utilization of growing IT capabilities. Many security professionals wanted desperately to gain attention of the business. After the wave of regulations, most notably SOX, executives gained more appreciation for the role of security. Then a mixture of highly publicized attacks, advances in methods and technologies, and a massive increase in IT complexity has thrown security squarely in the boardroom. Be careful of what you ask for.