Cybersecurity: shifting the focus to productivity
Digitalization is changing business everywhere. That’s undeniable. New connections, services, transactions mean new opportunities for growth and profit.
Against this backdrop, it is clear that organisations cannot see cybersecurity as the moat around their castle any more—the Internet of Everything reaches everywhere; it takes no notice of moats or castle walls. The mindset has to change.
You should adopt the same mindset in cybersecurity as in business: productivity-first.
Leaders need to see cybersecurity as something that not only protects but also enables. Security needs to be driven by business goals (productivity-first) and designed to enable people and processes to perform at their most effective.
That starts with working out what you’re trying to enable and by whom, and then working out the best way to do that securely. To create successful change, we must make sure everyone can take advantage of opportunities in a secure way and that they can protect themselves before, during and after an attack.
Perhaps the biggest change needed is the shift from security being seen as just something you do to protect assets, to a strategic business process that enables organisations to succeed more quickly.
Just like brakes enable cars to go faster more safely, effective security will enable businesses to achieve strategic goals faster, at less cost and with greater certainty.
Security professionals also need to change their mindset and switch from a ‘no you can’t do that’ attitude to ‘if that’s more productive, how can I enable that securely?’
If security is not about securing the business but enabling the business securely, the first step is to define security in productivity terms, i.e. what is the business trying to do, what processes are required to achieve it and, who needs to be empowered.
The other critical factor for security definition is the desired culture of the business. Clearly, there will be a very different security definition for a defence company intent on operating at high levels of secrecy and an online retailer intent on developing a 24×7 global business with high levels of mobility and collaboration.
While the definitions may be different, the solution is likely to be very similar. Each organisation will have a culture and business related security policy that is delivered as a service to all the people connected to the business. Each will use identity services and a policy engine to give the right permissions to the right people e.g. employees, partner companies, customers etc.
In this way, security becomes more about how you deploy the network with the right policies to deliver the desired performance and only then how you secure that activity.
A far cry from the old castle with moat. A more dynamic approach, that doesn’t inhibit innovation and collaboration, instead empowering people and letting them work in their preferred way. No mean feat in itself.