Striking the right balance between information security and digital transformation can be a difficult task for organisations. It’s inevitable that businesses need to adopt new technology to remain competitive and evolve their offering to meet the demands of the times. Yet nobody wants to implement new technologies that may put the business at risk of serious security breaches and cyber threats. Michael Richards, Senior Technology Specialist for Business Productivity at Microsoft explained to the Cyber Security conference audience at CeBIT Australia 2017 what it takes for an organisation to develop a security mindset that supports innovation.
“Traditionally cyber security is built on a fortress model. We lock all doors and hope that it will hold against any attacks,” explained Richards. “Organisations need to adopt a more forward looking model, not only because it stifles innovation, but hackers don’t have the same regulatory constraints as corporations. Their methods are constantly evolving.”
Security shouldn’t make it harder for people to perform daily tasks. Whenever the security department stood in the way of productivity, it was usually due to a lack of understanding of business outcomes. This approach also puts organisations unwittingly at risk as users were willing if they can’t get things done. This wasn’t because of malicious intent, but because they wanted to progress things faster than current processes allowed for. To avoid this kind of situation, security professionals needed to deliver secure business outcomes rather than security for security sake.
A framework that strikes the right balance between information security and innovation should be focused on:
Building a resilient security posture
Data and how it’s used - not on compliance to an arbitrary network classification
Strong global standards - they beat local prescription in the long run