How can security play a central role in enabling business
growth?
The first challenge in attempting to articulate the extent to
which security can help business growth is for the enterprise to
recognise that security is a business issue, not just a technical
one,writes Paul Williams, strategy chair ofISACA, and IT governance adviser to Protiviti.
This means that information security must be owned by the
business in recognition that it is business assets that are being
protected. While many of the security issues, and their solutions,
may be based around technology and the people who use it, too many
enterprises still place the responsibility for managing and
governing security solely within the domain of the CIO. This has
the effect of relegating security to a back office function,
usually to be seen as a cost centre, and not as the business
enabler that it has the potential to become.
At a basic level, it is generally recognised that bad processes
lead to bad business outcomes. This has to be true also of bad or
ineffective security processes. Appropriate and robust security
processes are more likely to lead to good business outcomes in the
form of revenue protection, asset protection, regulatory
compliance, corporate reputation, staff loyalty and the many other
good things that enterprises strive to achieve.
Business growth is heavily dependent upon stakeholder trust,
particularly in the form of customer acquisition and retention -
although supplier confidence and support can be equally vital.
Enterprises that are able to demonstrate strong and appropriate
security are more likely to gain and retain that trust. While the
contribution of security can be difficult to articulate separately,
it should be recognised that growth in revenues and margins is more
likely where security is properly implemented, managed and
governed.
Most growing businesses reach a tipping point where it is no
longer viable to rely on the informal, largely entrepreneurial,
processes that may have been appropriate in the early stages of
building a business. As a business grows and more stakeholders
become involved, organisational structures need to change and
business processes require greater formalisation to establish the
sound foundation upon which growth can more safely take place. This
is equally true of security processes.
It will not happen by accident. It requires planning,
investment, ownership and commitment. It requires business and IT
leaders to work together in partnership towards well-articulated
and commonly understood business goals. Enterprises that get it
right will be better able to grow safely, enhancing sustainable
stakeholder value over time.
Read more expert advice from the
Computer Weekly Think Tank >>