The Dilemma of Balancing Business and Security
Organizations are continually managing the act of running and transforming at the same time. It's a balancing act — keeping things running smoothly in the short term while also transforming to take advantage of future opportunities. But all those efforts can be meaningless if they cannot properly secure the business, its customers, and other critical assets.
The Importance of Resilience
We must shift to a model that puts resilience first — one that aligns with business outcomes while supporting the level of risk an organization is willing to bear. This demands a change of culture and mindset for security teams.
We can no longer simply say we are aligning to the business needs. We must engage and collaborate with the business-line owners to identify their priorities and measures of success. The conversation must enable a true partnership that ensures ongoing alignment and delivers the best possible outcomes. This shift is one that centers on ensuring that cybersecurity is embedded across the entire organization to enable security for what matters most to the business.
Running a Cyber-Resilient Business
By understanding these areas of importance, security teams can focus attention on both priority and placement of protection and detection mechanisms. They can then apply the appropriate measures to minimize the impact of actual security incidents. They cannot continue to take an approach that applies the same level of security across all assets. The reality is, cyber incidents will happen. The difference is this: Cyber-resilient organizations know their specific business operational needs and align their program to emphasize securing those critical business assets (applications, data, and digital identities).
Security must also keep up with changes required to drive seamless delivery of innovative solutions. These solutions allow competitive differentiation and faster consumer adoption. Think of it this way: How long did it take for development and operations teams to change their approach from waterfall to agile to DevOps? Organizations that use those older approaches have seen their competitors surpass them.
Transforming Cyber Culture
One way to initiate the partnership-building process includes leveraging a model that goes beyond security and instead focuses on being cyber resilient. Another key element encourages teams to collaboratively define both priorities and successes. Many organizations have begun embedding information security officers within their lines of business to help achieve this goal.
Unfortunately, we won't be able to protect everything to the same level. But if we don't embed security into the new innovative capabilities the business is implementing, then security will continue to play catch-up. It's vital to invest in the areas deemed highest priority to keep the business moving forward when something happens. This approach allows security to influence the flow of digital changes happening in the business.
Recently, we've seen the impact of forced, rapid organizational changes that had been delayed for quite some time. These changes centered on how employees could continue to perform their work duties no matter where they were. Additionally, businesses had to accelerate their shift to cloud-enabled capabilities. And all the while, security teams were doing the best they could to keep up with the speed of organizational change.
We've learned a couple of notable things in a short time. The first is the need to quickly adapt — supporting the ability to securely access systems, applications, and data the workforce needs to keep the organization running. And secondly, even through adverse events, the business needs to identify and unlock transformational opportunities that will allow future growth.
Focus on Resilience
It's critically important for us to shift our approach from strictly security to one that is focused on making our organizations cyber resilient. As businesses swiftly adopted and evolved DevOps, shifted to cloud environments, and accelerated overall digital transformation efforts, security consistently has been an afterthought. As a result, although not explicitly attributed to some of these initiatives, the frequency of high-profile security incidents has increased — and will continue to do so. This digital evolution has now driven security to the forefront of business leaders' priorities.
An excellent example to reference comes from the "2021 Global Risks Report," released by the World Economic Forum. Within this year's report, "cybersecurity failure" has risen to the No. 4 global risk in terms of most relevance and probability over the short-term (zero to two years). Only societal risks (such as infectious disease) and environmental risks (such as extreme weather events) are of higher concern.
Digital Dilemma? Meet Trusted Solution
As you run and transform your organization at the same time, ask yourself: Have I taken the right approach to help ensure we reduce cyber-risk for our business?
Micro Focus is one of the world's largest enterprise software providers. We've been helping our customers solve their digital dilemmas for over 40 years.
Our mission-critical technologies and services help more than 40,000 customers worldwide manage core IT elements of their business. Strengthened by a top 10 patent portfolio and expert professional services, our broad set of technology for security, IT operations, application delivery, governance, modernization, and analytics provides the innovative solutions you need to simultaneously run and transform and solve your digital dilemma.
About the Author
Rob Aragao is a Cyber Security Strategist for CyberRes, a Micro Focus line of business. In this role, Mr. Aragao is responsible for working with organizations collaboratively to drive strategic initiatives around cybersecurity and alignment with business objectives and desired outcomes.