Information Security in some organizations is considered to be a roadblock to doing business.
In some cases, unfortunately, this has been true, and it’s because the business do not view information security as risk management, and because IT do not present it as such.
Most organizations have a risk management function, and business units deal with risk every day.
We need to translate the purpose of information security so we are all speaking the same language
This article looks at scenarios from both viewpoints and suggests some alternative responses.
SCENARIO 1 – The Business would like to do more with Mobility
The Business Unit View:
We want to do mobile computing and have our sales reps be able to login to the network at a client’s site and show them our capabilities and results.
IT Security Response:
Sorry, we can’t do that. It is too dangerous. Not only are you sending sensitive data over the Internet or public network, you are exposing sensitive data to others who are not even clients.
Alternative Response:
Yes, there is risk involved in this, but if we work together using technology and your knowledge of the information that should be shared, we can do this.
SCENARIO 2 – The Business would like to use a Hosted Solution for a specific purpose
The Business Unit View:
We have worked with IT to try to use an existing system for this purpose, but nothing works. This hosted solution is exactly what we are looking for and will improve efficiencies and save us some money.
IT Security Response:
Sorry, we can’t do that. You can’t put that kind of information out on the cloud as we would lose control of it, and the vendor probably doesn’t have any security in place.
Alternative Response.
There is a great deal of risk with hosted solutions and having sensitive data stored offsite. However, let’s work with each other and the solution provider to ensure that they have adequate security in place, and that our data will be safe from intruders. We should also make sure that in the event of a business failure for the solution provider, our information will still be made available to us in a format we can work with ourselves, or with another vendor.
Both of the above scenarios are very real and happen every day.
There are many other similar scenarios that could occur but we can’t address all of them here.
The bottom line is that IT Security should not be considered a roadblock, but instead should look at the business point of view, and then work with them to assess the risks and plan to mitigate these risks.
Your business will love you for taking a more moderate approach to risk management, instead of putting information security roadblocks in the way.
Interested in finding out more about changing your perspective?
Give us a call to find out how we can help your IT and business units work together to begin a new era of cooperation.
Leave A Comment