IT Security Must Enable Business, Not Disable It

Security professionals should try to add value to business and make new business models possible, instead of focusing on restricting users, says Mike Small of CA.

IT security sucks all the fun out of the universe. It has focused on covering weaknesses in the technology with an ever growing number of point products. This approach misses the point, and increases complexity and cost without solving the real problem.

mike_small_large2.jpg

What is needed is an approach that supports the business in an integrated way to manage risk and improve agility.

Since organisations are critically dependent upon their IT systems to operate, any improvement that can be made can have a positive impact on the business. Equally, any loss of these systems due to security issues can have a severely negative effect.

Security management is no longer just about securing the perimeter and managing employee access, it is about understanding your customers, and providing them with the personalised services that they need, reliably, securely, and when they need them.

What is the problem?

Organisations are critically dependent upon their IT systems to operate, since these systems hold the data and automate the processes vital to their survival. IT has been adopted in this critical role by organisations because of the benefits which it brought. However, in the race to obtain these benefits, security considerations were often bottom of the list of priorities. At the same time, the evolution of IT has accelerated apace, again with security at the bottom of the list, resulting in technology weaknesses and complexity.

In turn, the IT professions have focused their attention on managing the flaws in technology rather than the business issues, and this has increased the gap between the business and IT security.

The IT security world needs to focus more on supporting the business and less on the technology.

Technology and business compliance

Throughout history organisations have exploited the latest information technology to enable them to do business more effectively. For example 3,000 years ago in ancient Assyria (now Iraq) people were recording transactions on clay tablets inscribed with Cuneiform writing.

The British Museum has a collection of 130,000 such tablets. Amongst these tablets is one which names a person mentioned in the book of Jeremiah in the Old Testament of the Bible. When this was translated it caused quite a stir amongst scholars since it provides proof that the biblical person mentioned did in fact exist.