Organizations have faced security challenges for centuries. However, securing information used by computers, and the applications and networks that access this information, has come to the fore only in recent decades. Furthermore, the demand for security has been blown out of the water by digital transformation initiatives over the past 15–20 years. A documented and agreed security strategy aligned with business objectives is essential to support these initiatives.
A security strategy should run throughout the organization
In centuries gone by, organizations developed ways of dealing with security issues. Individuals perhaps had to know a secret password to access business premises, letters were sealed with wax to prevent tampering between locations, and secret recipes were stored in a locked and hidden safe. These strategies evolved gradually over time, as organizational needs developed. However, the rapid rate of progression over recent decades has resulted in an environment where many organizations lack a documented and agreed security strategy suitable for modern enterprises.
Protecting an organization’s digital systems and information is a priority in today’s technology-centric world. According to Ovum’s ICT Enterprise Insights survey, the management of security, identity, and privacy is second only to the creation of digital capabilities in terms of IT trends. Further strategic investment is planned in a whole range of security software and services.
However, this investment may become haphazard if there isn’t a security strategy upon which to base the security software and services elements. A security strategy effectively provides a mandate from the top of the organization that security is taken seriously and is important to the enterprise’s continued wellbeing. It helps to focus security spending, not only on the necessary technology but also on the processes and people needed to support the strategy.
For those organizations without a documented security strategy, a good place to start is to engage with the business to decide how to align the security approach with overall organizational strategy to support desired objectives. Knowing what the organization’s plans are for the next few years (usually, three) aids definition of the security strategy. This strategy is governed and maintained by security leaders (e.g., a chief information security officer or chief security officer) throughout the organization, working with the enterprise to achieve the desired security posture.
ICT Enterprise Insights 2017/18 – Global: ICT Drivers and Technology Priorities, PT0099-000002 (September 2017)
“Digital transformation must address security,” INT003-000088 (March 2018)
“Security and privacy efforts can lead to stronger customer engagement,” INT001-000022 (January 2018)
Maxine Holt, Research Director, Infrastructure Solutions