Home > Peak Performance > Outside contributor to the blog shares his views from the field

Outside contributor to the blog shares his views from the field

A security professional working for a large end user organization contributes occasionally to SecurityDreamer under the pseudonym of "Padded Arrow."  Here are his latest thoughts from a Fortune 500 corporate security department:

You may have noticed that over the last couple years, Security is changing phases in the never-ending cycle.  With the current financial climate, cost is once again the biggest project risk.  If Security departments are to survive, they will need to move from an add-on risk function to an integral part of the organization.  They will need to move from saying "no" to saying "how can we do this securely."

First, let's agree on two things; bolt-on security and security by obscurity don't work.  They cost more and in the end, don't increase security.

Collaboration, collaboration, collaboration
As much as we all want to be special, unique and different, that is a negative when it comes to corporate solutions.  Look for opportunities to collaborate with other business units in your company to save money.  I know this is difficult for most of the "I'll tell you but then I have to kill you" security types but why would you implement a million dollar security platform for monitoring when there may already be a solution available.  Many IT management platforms include functionality that can be leveraged by Security; reporting, logging, monitoring, alerting.  Collaborate during product selection and you may get the functionality you need without any additional cost.

Show costs accurately and realistically
Most business managers have grown immune to the claims of loss that Security has been spouting for years.  "If we don't put this system in, we will be overrun with hackers and that will cost millions if not the company."  Put real numbers to a real problem and then propose a solution that costs less than the potential loss.  You wouldn't spend more than something is worth to protect it.

Learn how to say "yes”
…or better yet, "Here is how you design this solution securely."  Granted, 100% Security is 0% functionality however
100% functionality doesn't necessarily mean 0% Security.  The earlier
Security is involved in the development and requirements process, the easier it is to make sure the organization is protected.

- Padded Arrow

About these ads
Categories: Peak Performance
  1. Robert H.
    May 15, 2009 at 6:51 am

    This is a very good point. I’m not sure why companies have such a problem implementing this other than control. When I started with my current employer, the first thing I was told was “we do not first say no, we first ask why not.” If there was a government law, mandate, regulation or something that prevented an action, then so be it, but it that was up to our interpretation, then why not? Or as you so elequently stated, “How do we do this securely?” GREAT POST!! I personally wish that others in industry positions that I have dealt with would buy into this mentality. Instead I get the lazy mans answer of “That’s not an industry best practice.” It will continue to be an uphill battle until people start thinking for themselves and the better practices for their organization instead of worrying what the rest of industry is doing and waiting to copy what everybody else is doing. Thanks for sharing.

  2. Padded Arrow
    May 15, 2009 at 1:27 pm

    I’m glad you enjoyed it. I have tried to effect change in my current organization with limited success. The challenges were most often people rather than technology…

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: