Driving Business Agility through IT Security Simplicity

I read an excellent article earlier this month on Forbes in which Revlon’s CIO talks about simplifying IT to more quickly deliver new capabilities that not only support the business, but to actually DRIVE the business. CIOs bridge technology and business and can uniquely set the enterprise on a path to greater success.

In CIO’s State of the CIO 2013, the top four priorities for IT executives and business decision-makers were aligned:

1. Improve the use of data and analytics to improve business decisions and outcomes
2. Improve IT project delivery performance
3. Develop new skills to better support emerging technologies and business innovation
4. Improve IT budget performance

So it’s a good sign that CIOs and the business are more aligned than ever before, BUT security MUST be included in this discussion – as it is an integral part of the IT team – and not left as an afterthought. Security plays a very important role in driving the business because security can either impact the business positively or negatively. Streamlining and standardizing IT and security processes and systems can not only save money, but ultimately deliver services much more quickly and in turn help the business run and grow! In fact, in our State of Network Security Survey 2013, process was reported as the greatest challenge of managing network security devices.  Here are a couple of ways to get on the path to driving business agility through IT security simplicity:

1. Use information to improve process – Understanding where process breakdowns occur is an important step so then you can make the necessary improvements. Is it a matter of poor process? Is it a matter of process not being enforced well? Are the solutions in place not allowing the process to work as you want? These are all issues to identify and then you can map out a plan of attack. This all leads me to the next point…
2. Align the different stakeholders – Take the example of a critical business application in a data center… there are application owners who need to make upgrades and improvements to applications that fuel the business… there are network and security teams that must enable connectivity through firewall and router rules and ACLs – but these teams typically are not in synch so the business and IT are not working hand in hand. This is just one example of an opportunity for simplification and alignment- through improved visibility, streamlined processes and automation – and where IT can drive the business. Getting alignment across these different teams can simplify the overall change process and improve business agility – now IT and security teams can more quickly respond to changing business needs in a transparent process.

Revlon’s CIO said it really well: “We do what the business needs – only faster, cheaper and better.” The only thing I would add is “in a secure manner”. In addition to the above ideas, last year on this blog we posted an article on 4 Ways to Persuade Upper Management that Business Agility Can Be Improved through Information Security.What other strategies and tactics should be included to simplify information security and to ultimately drive business agility?