English   Deutsch   Русский   中文    

Security Leadership in the Connected Enterprise

Mar 05, 2014 by Sachar Paulus

The Connected Enterprise is opening new opportunities for business, for innovation and for growth - it is a fundamentally important imperative for today’s business world. But it does not come for free: there are a number of caveats to circumvent, risks to address and changes to execute.

One important activity is to re-shape your security leadership.The Connected Enterprise makes a number of changes necessary: implement a holistic security management beyond technology domains, move from an asset-oriented towards a risk-centric protection strategy, and move fundamentally closer to the business.

A holistic security management integrates all necessary security disciplines, independent of the technology of organizational area. Whether IT security, personnel protection, physical safeguards or process security controls: since the Connected Enterprise requires a high level of flexibility in the protection measures employed, it is necessary to be able to choose among all possible protection measures and controls to pick the one that not only theoretically protects „at best“, but also allows fast reaction times and short returns on invest.

The classical security paradigm „know your assets, and how to protect them“ becomes more and more difficult to follow in the connected enterprise. The primary reason is that the assets themselves are no longer the „stable entity“ in the business architecture - instead, they serve as resources that feed the value creation through connectivity. The way out for security leaders is to start thinking in risks instead of assets and protection goals. Furthermore, security leaders can no longer rely on a mid-to-long term validity of the „security ground work“ - instead, they need to adopt a „daily risk posture“ approach and accommodate to quickly change focus - just like a police department in a vibrant city.

Classical security practitioners and leaders either have a security services or a technology background. In both cases, they understand themselves as „mastering“ the security of the enterprise through their specific expertise. Due to the fast pace of the Connected Enterprise, they will more and more lose their value. The way out for security leadership is to „sit by the business“ - that means, to help business leaders to evaluate the risks, and enable them to securely develop their business. In the CISO speak: protect the „I“, not the „T“ in Information Technology.

These three recommendations will help organizations tackle the constantly changing security posture of the Connected Enterprise successfully. If you are ready for a certification, then you should go for an ISO 27001 certificate - the new 2013 program requires to set up your security leadership and organization along these lines.

And what skill set should security leaders strive for? They must be consultants, coaches, awareness experts and auditors at the same time - technical expertise is no longer the primary imperative, it is much more about social skills that help convincing the business to take their risks seriously. And if they are successful, they will greatly contribute to the value creation in the Connected Enterprise.

This article was originally published in the KuppingerCole Analysts' View Newsletter.

Google+

top
Author info

Sachar Paulus
Scientific Advisor
Profile | All posts
KuppingerCole Blog
By:
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live trainings.
Register now
Spotlight
Analytics
There is now an enormous quantity of data which is being generated in a wide variety of forms. However this data, in itself, has little meaning or value; it needs interpretation to make it useful. Analytics are the tools, techniques and technologies that can be used to analyze this data into information with value. These analytics are now being widely adopted by organizations to improve their performance. However what are the security and governance aspects of the use of these tools?
KuppingerCole Services
KuppingerCole offers clients a wide range of reports, consulting options and events enabling aimed at providing companies and organizations with a clear understanding of both technology and markets.
Links
 KuppingerCole News

 KuppingerCole on Facebook

 KuppingerCole on Twitter

 KuppingerCole on Google+

 KuppingerCole on YouTube

 KuppingerCole at LinkedIn

 Our group at LinkedIn

 Our group at Xing

 GenericIAM
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2015 KuppingerCole