Balancing business flexibility with cybersecurity can be a somewhat overwhelming challenge, but it is increasingly important as IT and corporate leaders work in tandem to protect company data. The problem is that business and technology leaders have vastly different priorities when it comes to security, something that is underlined by a recent study from The Economist Intelligence Unit and VMware.
“Business and technology leaders have vastly different priorities when it comes to security.”
Understanding the security gap
The study found that cybersecurity ranked as the top priority among technology leaders who were polled. For business executives, it ranked ninth. This difference in how much protecting data is emphasized between corporate and technology leaders highlighting the different focal points for each group, demonstrating that the two are not well positioned to support one another effectively. Furthermore, the research indicates that most security experts are working to ramp up their defenses by taking a “defend all” approach using traditional security systems. This would mean combining firewalls with a high volume of security tools to block points of access into the system. Conversely, CEOs who are not prioritizing security will be hesitant to allocate the budget resources necessary to take this “defend all” method.
Approximately 30 percent of security professionals polled for the study said they expect their firm to face a serious cyberattack and fall victim to it during the next 90 days. That figure rises to 40 percent if the period is extended out to three years. For C-Suite executives, those figures are just 12 and 25 percent respectively. Budgets aren’t the only area where alignment between business and security professionals is problematic, the core expectations about threats being faced are vastly different.
The underlying problem in all of this is that traditional security practices often fail to deliver meaningful value to businesses. They are a high-cost investment that may prevent losses, but fail to create significant gains on their own. For business leaders, security is a cost sink that limits a company’s ability to respond to industry demands and drive innovation. Overcoming this organizational schism hinges on creating security practices that, at the least, do not detract from productivity and value creation from an end-user perspective. Flexibility is critical in achieving this goal.
Establishing security without limiting business flexibility
Many businesses have run into situations in which security protocols limit their ability to adjust to industry demands. This problem can take many forms, including:
- Getting locked into specific software packages because IT teams are unable to support a shift to a new platform.
- Being unable to integrate emerging tech capabilities, like bring-your-own-device measures, because of network security limitations.
- Having limited app functionality because underlying database systems are based on legacy architectures and the security risk of making an update would be too great.
In all of these cases, corporate leaders face a situation in which their businesses’ ability to innovate technologically is severely hampered by the lack of an adequate security program. Building out effective data protection methodologies can actually drive growth. The key is to create security methodologies that foster a spirit of innovation without introducing risk.
Establishing security protocols that are built around flexibility depends on becoming more reactive and anticipatory within your IT department. Instead of just putting up barriers to protect data and constantly monitoring threats to make sure those barriers work, you must understand the technological implications of different technology service models and create a security framework that can support cloud, mobile and social technologies. Infrastructure management services can pay dividends in this area, as they help you identify the way both cloud and premise-based IT strategies impact your security capabilities and enact strategic data protection capabilities.