It’s an unfortunate fact that the people you put in charge of innovation often see those in security as members of the cult of “no.” The security team may stick to rigid policies or keep closed minds when it comes to new ways to enforce security policies that will make it easier for the creative personalities in your organization to innovate. But there is a way to get these factions to work together, ensuring you can maintain robust security standards without stifling innovation.
The Cult of “No”
The security culture has a bad habit of saying “no” to any new idea that comes its way. It’s security’s way of making others think harder about keeping the organization secure before trying to change things. But this approach to security could be holding your company back – or putting it at risk. Developers and other product development members have creative minds as a necessity. Sooner or later, they may have an idea they like so much that they just can’t take no for an answer. The only way around “no” for them will be to bypass security to get the idea implemented. That’s the worst way this conflict could play out for your company.
And it has played out this way before. Security expert Jon Heimerl told InfoWorld about a Fortune 100 client in the retail business. The company’s marketing team created a public facing website without the input of security, exposing the entire network infrastructure to a potential intrusion. When the security team found out about the risk, everyone’s first reaction was to shut it down. But by working with both factions, the company was able to use the expertise of its IT security team to rebuild the website under a safer infrastructure. This way, everyone got what they wanted.
Rethinking the Role of IT Security
What if your IT security team understood that their job was not just to protect existing infrastructure, but also to support innovations that will change it? What if the role included finding a way to say “yes” whenever the business unit needed a change? To accomplish this, you would need to change the role of your security team from that of the “protectors” to the “secure enablers.”
Changing Times Require New Attitudes
In the early days of business computing and connectivity, all the power was in the hands of the IT department. If security said “no,” that was it. But today, the level of knowledge about IT is much greater for the average individual. Creative minds that aren’t happy with security’s answer can just visit Google to find ways around security policies that let them accomplish their goals. Security is no longer in the driver’s seat.
That’s why security professionals must take the requests of other departments seriously. Turning down every request only results in a security hole. Saying, “Maybe, but let’s talk about exactly what you need,” has a better chance of success.
Making a change that helps security teams understand the new role of security in today’s business starts with the way you manage your IT security budget. Instead of encouraging security leaders to do more with less, encourage them to find ways to contribute to profit goals. This accomplishes two things. First, it turns security into a profit center instead of a resource sucker. Second, it improves morale in IT security when workers see that their work helps the company increase sales and profits.
Reevaluating Your Protective Policies
Goldman Sachs’ approach to this problem is one everyone can learn from. The company created a “Green Light Committee” to respond to the security leadership’s explanation that its job was to lock down information and that innovation would require an avenue that allowed them to make that happen.
The Committee’s job was to analyze the company’s legal, compliance, and security policies to determine if the interpretation being used was an unnecessary impediment to innovation. This action allowed C-level executives within the company to gain more visibility into the challenges each faced when implementing their prospective missions, allowing them to find solutions that took into consideration the challenges other departments faced when considering new ideas, methods, and products.
HyTrust Security Tools Make It Easier for Security Teams to Say “Yes”
When you have control over your data, it’s easier to say “yes” and allow new ideas to blossom inside your organization. Call us today to find out how HyTrust DataControl can give your IT security team the tools they need to ensure data stays within defined boundaries and innovation doesn’t lead to security risks.