English   Deutsch   Русский   中文    

Security Leadership in the Connected Enterprise

Mar 05, 2014 by Sachar Paulus

The Connected Enterprise is opening new opportunities for business, for innovation and for growth - it is a fundamentally important imperative for today’s business world. But it does not come for free: there are a number of caveats to circumvent, risks to address and changes to execute.

One important activity is to re-shape your security leadership.The Connected Enterprise makes a number of changes necessary: implement a holistic security management beyond technology domains, move from an asset-oriented towards a risk-centric protection strategy, and move fundamentally closer to the business.

A holistic security management integrates all necessary security disciplines, independent of the technology of organizational area. Whether IT security, personnel protection, physical safeguards or process security controls: since the Connected Enterprise requires a high level of flexibility in the protection measures employed, it is necessary to be able to choose among all possible protection measures and controls to pick the one that not only theoretically protects „at best“, but also allows fast reaction times and short returns on invest.

The classical security paradigm „know your assets, and how to protect them“ becomes more and more difficult to follow in the connected enterprise. The primary reason is that the assets themselves are no longer the „stable entity“ in the business architecture - instead, they serve as resources that feed the value creation through connectivity. The way out for security leaders is to start thinking in risks instead of assets and protection goals. Furthermore, security leaders can no longer rely on a mid-to-long term validity of the „security ground work“ - instead, they need to adopt a „daily risk posture“ approach and accommodate to quickly change focus - just like a police department in a vibrant city.

Classical security practitioners and leaders either have a security services or a technology background. In both cases, they understand themselves as „mastering“ the security of the enterprise through their specific expertise. Due to the fast pace of the Connected Enterprise, they will more and more lose their value. The way out for security leadership is to „sit by the business“ - that means, to help business leaders to evaluate the risks, and enable them to securely develop their business. In the CISO speak: protect the „I“, not the „T“ in Information Technology.

These three recommendations will help organizations tackle the constantly changing security posture of the Connected Enterprise successfully. If you are ready for a certification, then you should go for an ISO 27001 certificate - the new 2013 program requires to set up your security leadership and organization along these lines.

And what skill set should security leaders strive for? They must be consultants, coaches, awareness experts and auditors at the same time - technical expertise is no longer the primary imperative, it is much more about social skills that help convincing the business to take their risks seriously. And if they are successful, they will greatly contribute to the value creation in the Connected Enterprise.

This article was originally published in the KuppingerCole Analysts' View Newsletter.


Author info

Sachar Paulus
Scientific Advisor
Profile | All posts
KuppingerCole Blog
KuppingerCole Select
Register now for KuppingerCole Select and get your free 30-day access to a great selection of KuppingerCole research materials and to live training sessions.
Register now
Customer-Centric Identity Management
As more and more traditional services move online as part of the digital transformation trend, consumer-centric identity management is becoming increasingly vital business success factor. Customers aren’t just physical persons, they are also the devices used by customers, they are also intermediate organisations and systems which operate together to enable the provisioning of the service.
KC EXTEND shows how the integration of new external partners and clients in your IAM can be done while at the same time the support of the operational business is ensured.
 KuppingerCole News

 KuppingerCole on Facebook

 KuppingerCole on Twitter

 KuppingerCole on YouTube

 KuppingerCole at LinkedIn

 Our group at LinkedIn

 Our group at Xing
Imprint       General Terms and Conditions       Terms of Use       Privacy policy
© 2003-2016 KuppingerCole