Maksim Kabakou - Fotolia
Development, operations and security teams are often seen as semi-autonomous elements of single business entities. To break down these imaginary – and sometimes physical – walls, the key to every interaction is through dialogue and constant communication.
There is a discipline called “privacy by design”, which invites every stakeholder in a business to at least consider security and privacy. However, I would go so far as to say we should instead be thinking in terms of “privacy by definition, by decision, and by debate”.
It is only through communication across these “3Ds”, and by setting graded and realistic expectations, that we will be able to elevate the overall awareness of security in businesses and affect actual change.
The most important thing to remember about 21st century business is that – whether you are in security, development, compliance or risk management – we are essentially here for one reason: to ensure the business meets its short-term goals and longer-term objectives.
One of the key pillars to any business grand plan must be a robust, solid and outlined approach to security. This should especially apply when it comes to managing customer data and/or developing platforms for customers to use.
As a member of the cyber security sector, I believe we have a unique opportunity to provide security as a competitive advantage. The chance for individual companies to differentiate themselves from competitors through their approach to customer security, and also an internal awareness and support for security from each employee, is a genuine opportunity to set a business apart from others in its field.
Galileo commented around 500 years ago that we must “measure what is measurable, and make measurable what is not so”. This captures the realities of the wider cyber security industry and enshrines the continual desire and need to keep advancing against equally advancing threats.
Read more from Computer Weekly's Security Think Tank about using DevOps to maintain security
From development to operations, gateways to the databases and from the network into the document management system, we need a holistic approach to security, where the gaps created by managing in silos can be alleviated.
A robust framework should guarantee full traceability of a person – employee or customer – through the whole platform and not just in silos. It should bring control and visibility on every system for every user, where roles, profiles, entitlements and rights are of utmost importance.
Some companies think this level of security is expensive, but I would challenge this notion and ask: “What would the cost of not securing your business be?”. Similarly, some believe compliance is complex, but again I would argue they should try “non-compliance” and just see how complicated it can become.
Simply put, when it comes to security in the different areas and teams in a business, there are no workarounds or shortcuts – transparent communications are key.
Ramsés Gallego is international vice-president of Isaca and security strategist and evangelist at Dell Software.