How can security play a central role in enabling business growth?
The first challenge in attempting to articulate the extent to which security can help business growth is for the enterprise to recognise that security is a business issue, not just a technical one, writes Paul Williams, strategy chair of ISACA, and IT governance adviser to Protiviti.
This means that information security must be owned by the business in recognition that it is business assets that are being protected. While many of the security issues, and their solutions, may be based around technology and the people who use it, too many enterprises still place the responsibility for managing and governing security solely within the domain of the CIO. This has the effect of relegating security to a back office function, usually to be seen as a cost centre, and not as the business enabler that it has the potential to become.
At a basic level, it is generally recognised that bad processes lead to bad business outcomes. This has to be true also of bad or ineffective security processes. Appropriate and robust security processes are more likely to lead to good business outcomes in the form of revenue protection, asset protection, regulatory compliance, corporate reputation, staff loyalty and the many other good things that enterprises strive to achieve.
Business growth is heavily dependent upon stakeholder trust, particularly in the form of customer acquisition and retention - although supplier confidence and support can be equally vital. Enterprises that are able to demonstrate strong and appropriate security are more likely to gain and retain that trust. While the contribution of security can be difficult to articulate separately, it should be recognised that growth in revenues and margins is more likely where security is properly implemented, managed and governed.
Most growing businesses reach a tipping point where it is no longer viable to rely on the informal, largely entrepreneurial, processes that may have been appropriate in the early stages of building a business. As a business grows and more stakeholders become involved, organisational structures need to change and business processes require greater formalisation to establish the sound foundation upon which growth can more safely take place. This is equally true of security processes.
It will not happen by accident. It requires planning, investment, ownership and commitment. It requires business and IT leaders to work together in partnership towards well-articulated and commonly understood business goals. Enterprises that get it right will be better able to grow safely, enhancing sustainable stakeholder value over time.
Read more expert advice from the Computer Weekly Think Tank >>