Written by Ermis Sfakiyanudis, the co-founder, president and CEO of Trivalent.
Today, it is imperative for companies to ensure their security teams and business strategies are aligned — and stay that way. With cyberattacks on the rise and hackers becoming increasingly advanced, business leaders must make it a priority to change how information security is understood and positioned throughout the organization.
No longer can business teams and technology teams operate in silos. Security, especially data security, should not be viewed as “someone else’s problem.” Instead, executive leadership must ensure that company heads view protection of their data assets as a top priority and implement an open line of communication among business and technology teams. Thus, leaders are empowered to assure security and compliance across all departments within the organization.
IT environments often include a confusing assortment of technologies and processes, leading to misperception within companies about the true security of their operations. Organizations can benefit immensely by taking time to benchmark their current data security strengths and weaknesses, determine how teams can collaborate to align business and security goals, and determine the budget allotment necessary to meet said goals. All the while, it is essential that the critical nature of security is cascaded from the top-down and positioned as one of the organization’s core values.
Here are three initial steps a company can take to achieve this alignment and drive a culture of shared, enterprise-wide data security risk management:
Identify the security gaps
First, business leaders and security teams should concentrate their efforts on identifying where the business faces its biggest risks. Does a company consistently use email to share proprietary information? Do C-level staff rely on phone calls to discuss private financial information that could be detrimental to investors if leaked? Identifying where a company’s most critical data is stored, transferred and accessed — and securing it with runtime protection that travels with this data at all times — will better equip security teams to address a breach before it happens.
Business leaders also rely on their security teams to help identify outdated security theories or technology. In today’s world, enterprises are constantly under attack from hackers to either exfiltrate or exploit their data, and every business’ outer security defenses can ultimately be compromised. By working together to ensure that the most critical information is protected with up-to-date or next generation technology, security teams and business leaders can collectively protect their company’s most important asset — their data.
Set time for shared learning
In order to address compliance and security goals, business leaders and their security teams must commit to shared learning. Most often, CEOs and their peers lack formal security training. Correspondingly, technology leaders may have limited exposure to business and operational challenges or priorities. During their initial meeting, the teams should lay out core objectives and set a shared goal that address key priorites of both perspectives. With regular face time and an open line of communication, business leaders and security teams are more likely to share updates that they wouldn’t otherwise think to discuss.
Security teams should also use these meetings to look for ways to make business easier to execute. Often this is a challenge because too many security professionals see themselves as protectors and not enablers. The team should ask themselves how they can help speed things up or add revenue-generating value through data security measures — rather than setting up even more hurdles.
These relationships and shared time are vital to protecting the company from cyber threats. The regular investment will yield meaningful rewards in terms of shared accountability and prevention of data theft or exploitation.
Meet in the middle
More often than not, budget and spending go hand-in-hand with compliance and security. Unfortunately, it is very rare for security and business teams to regularly communicate important resource and budget needs. By supporting dialogue between these teams, an enterprise can make better decisions and prioritize budget allotment when it comes to security and compliance.
With any group of people who have different short-term goals, there are bound to be disagreements on the budget associated with protecting a company’s digital investments, communications, records, etc. Therefore, shifting focus from individual department goals to a company-wide, long-term objective will help reinforce a culture of shared, security risk ownership.
There is no single tactic or strategy that will guarantee security success for a business. It is important, however, for executive leadership to initiate the steps necessary to identify and execute alignment of company strategy and security practices over time. Once data security and business strategy are aligned, data protection will originate in all sectors of the business, from department heads to part-time employees. Internal teams that work together to build a comprehensive, multi-level security perspective and process will enable data sharing, collaboration among teams, and added value to the business.