Prioritizing IT Security Management to Fuel Business Growth

Over the weekend I read a very interesting top 10 CIO Priorities list by @robpreston, VP and Editor in Chief at InformationWeek. While all 10 priorities listed deserve time to be discussed and analyzed, I found the top 3 the most interesting because they apply to network security professionals and directly impact an organization’s bottom line. And at the end of the day, that’s what it’s all about.

• Priority #3: Break out of the 80/20 spending trap

This is where we aren’t taking enough advantage of innovation to fuel growth. While many CIOs are faced with flat to declining budgets the challenge has been finding money and resources for business growth initiatives. Security professionals are also challenged to “do more with less” in managing and securing complex IT environments.

One way to drive more value out of a flat budget is to get more efficient with current processes and technologies. For example, virtualizing data centers or looking at solutions that improve IT visibility – whether on the network, endpoints or both – optimizing IT and security operations (e.g. firewall optimization), reducing IT risk and improving your compliance posture – without impacting business productivity. While these types of solutions may not directly fuel business growth, they certainly can open up previously taken funds to explore new markets.

• Priority #2: Make IT One With the Business

Couldn’t agree more here. IT’s number one job is to enable the business and security is no different. It’s hard to have a successful business without good IT and solid security in this day and age. How else can you ensure the availability and protection of your sensitive information and systems? Without these things your business cannot operate effectively and profitably. This can be looked at in two ways:

1. How can IT focus more on business growth opportunities as opposed to day-to-day support and security?
2. How can IT further improve its service to the end users so that end users can be more productive. This requires IT security and networking personnel to go from a culture of “No” to a culture of “Yes” and efficiently determine ways to manage risk while giving users the access to systems, applications and data that they need to do their jobs.

• Priority #1: IT is Too Darn Slow

Today’s business environment is global and 24×7. Accessibility and availability is expected “ASAP” and anything less is unacceptable. And business needs are constantly evolving…

With all of the change that occurs within the IT environment, one area to address this priority would be to automate and streamline change management processes even more – this goes way beyond standard ticketing systems and requires solutions for example like a firewall change management solution that can seamlessly integrate with a broader change management system. So if business requirements dictate certain access that goes against a current rule/policy, it doesn’t take days, but can be done in minutes.

IT and security professionals must think like their business user counterparts to not only support and secure, but improve the growth. And then we can have a real ROI discussion. What security management initiatives are you researching to improve your organization’s business?