Tuesday, June 9, 2009
Security in IT is not an item to be checked off the list as "done." I'm not talking about the typical Microsoft directed threat vectors, or viruses, etc. Here I'm speaking to the ideal of Data Security in a contracted environment. When you deal with client data, there is a need for exacting detail to security. Contracts usually stipulate security concerns in relatively broad terms that are then defined by those who implementing them.
Leaving this definition process up to those back room folks who run the security hardware and software is likely not a good idea. Business leaders need to be involved in this process from the start. The best possible solution, tailored to the business need (client demand, etc.) can only come from a business leader. Security analysts hold the keys, and had better be good Master Sergeants who can nail down the needs when appropriate, but they must also be able to develop a plan when directed to a target by the Generals.
"Done" is not something that can be achieved in the ever changing world of IT Security. Security is a process, and should remain on the radar with visits to the SOPs that guide it on a regular basis. Much like any SLA or contract they should have expiry dates that require re-validation and repositioning. The security threats of today are nothing compared to the threats of tomorrow, that much we all know, and we need to bake that into our guidelines from day one.
Security needs to be guided by business leaders, implemented by IT, and revisited by all parties regularly. The best possible solution is where security is just another fully implemented tool utilized by all levels of the company.
Wednesday, May 20, 2009
While I'd love to determine the viability of this concept, I pose that it is already true.
The best companies do not have an issue "Aligning business and IT." Technology does not spur growth and greatness, it's really about people and business strategy. (Jim Collins does an excellent job describing this in his book "Good to Great.") Technology can absolutely help, but it is not the source of a company's growth or greatness.
The best and brightest companies are those that have the people, vision and understanding to succeed. IT fits within an organization at all levels in all departments. It should be thought of as a facet of each department, not a island unto itself. When each department thinks of IT as it's wingman so to speak, the organization as a whole can forget it. So, it is unimportant if IT holds a place of it's own in the boardroom, what is more important is that it is part of ALL seats in the boardroom.
So CIOs beware, your days are numbered... Well not really. What matters is that the CIO, IT Director or whoever heads IT, understands that we are wingmen, supporters en masse, co-conspirators all, but not necessarily business leaders. CIOs can lead when they understand that the best way to lead is by following. When the business is aware that following is your goal, enabling the business becomes your focus, you will gain the best of allies, the CEO and the holy grail buzzword for IT "Aligning business and IT."