Positioning Security as a Business Service – Insights from Gartner Security & Risk Summit
The Gartner Security & Risk Management Summit took place from June 12-15 at the beautiful Gaylord Hotel in National Harbor, MD. There were many interesting events and sessions covering enterprise mobility, data loss prevention, securing IoT and application of Artificial Intelligence to cybersecurity initiatives. One of the things that really stood out at the conference was the theme of security as a business service. In fact, it started off early as in one of the keynote addresses it was suggested that security has to become a business service and that we, as users and vendors, should begin to think differently about security and IT from the perspective of user convenience and design. I couldn’t agree more.
It was also clearly stated that context is key to security and risk management. Knowing what and where content is, how information is used by the business, as well as the markets and clients addressed by a service, enables better security and risk management to be achieved. Some great take always I took to heart:
- Position cyber and any security initiative so that it is supportive of growth
- Don’t sell security initiatives or technology on just risk and compliance – that is not enough
- Support the customer experience and don’t treat your users as criminals
- Always be seen as part of the growth strategy
These are great recommendations for customers and vendors alike. It is always difficult to position security, privacy, and confidentiality, which have traditionally been seen as risk mitigation functions versus business enablers. It requires a major shift in attitude, one that I have taken to heart and was reinforced walking out of the Gartner conference. Those in security, governance and compliance functions of organizations, as well as vendors providing security and compliance technology, must focus on the business impact and benefit of security, privacy, and compliance in order to be successful.
As a side note, I also had the opportunity to speak at the event on a panel with Roberta Witty, one of the outstanding Gartner analysts. Our topic was on Women in Cyber Security and STEM (Science, Technology, Engineering, and Mathematics). We had a great turn out and there was quite a bit of audience participation. Gartner has some new exciting research that demonstrates that having a mix of genders on technology teams, or any team I say, makes the entire team ‘smarter’. We talked about how to get women interested in STEM at a young age, how to best interview and advance one’s career as a female in technology. It was nice to hear from recent graduates entering the workforce that they benefited from some of the techniques we discussed. I was honored to be part of the discussion.
However, despite everything discussed – we still have a long way to go on both fronts. The conference was mostly attended by men, which resulted in one huge benefit. While the lines in the men’s rooms were quite long, the wait in the ladies’ rooms was nonexistent – a rarity at most large events. And I still heard a lot of discussions on the exhibit floor and in the hallways on looking at technology for risk mitigation versus how a particular technology could be used as a differentiator for business impact.
I’m looking for the pivot, or transition, on both fronts with great expectations.
Contributor: Galina Datskovsky