How can security play a central role in enabling business growth?
A very simple view of how security can enable business growth is to consider the question "why do cars have brakes?" The answer given by most people is that the brakes are there to stop the car, which is true of course, but not the reason, writes Peter Wenham CISSP MICAF CLAS, committee member of the BCS Security Forum Strategic Panel and director of information security consultancy Trusted Management.
Without brakes, no one would want to drive a car because it would be dangerous. So brakes enable the car to be driven in the first place, i.e. it enables the risk of driving the car to be taken. Extending this line of thinking, the brakes on an F1 racing car are larger and more powerful that those fitted to a small runaround car, i.e. the cost of risk mitigation is proportionate to the risk.
The extension of this analogy is that by applying appropriate security within a company, risks can be taken, and by taking risks, business will grow. The down side is that by taking too high a risk, or not applying appropriate mitigation, a company can get into trouble - as recent events in the banking area have shown.
As with cars and brakes, security within a company is not just a technical issue, it involves people and their security awareness and ability to effectively use in place security controls. Ignore the controls, and all bets are generally off.
Looking again at the question - How can security play a central role in enabling business growth? - ask yourself these supplemental questions: Would I deal with a firm that is constantly being burgled? Would I deal with a firm that has a poor information security record? The chances are, you would not deal with either, and the firms in question would eventually fail because they would not get enough business.
To underline this, firms are increasingly looking to connect their systems to those of their suppliers or customers in a drive towards efficiency and cost reduction in the procurement and accounts areas. Without proof of good security and good security governance, such deals will not happen, so only those firms which demonstrably take security seriously will continue to win business.
Read more expert advice from the Computer Weekly Think Tank >>
This was first published in September 2009