The Security Dog has Caught the Car: Now What?
In the tug of war between business units and security, Gunnar Petersen writes: “The security VPs win, quite a lot actually. There is something about a subject that is written about in the Wall St Journal every single day that gets C level and board attention.”
Security architects should take the mandate, and try not to blow this opportunity. Paraphrasing Gunnar:
- Ask for smart things.
- Plan around simplicity and scale.
- Focus on right-sizing governance.
- Do less and do it better.
- Integrate systems.
Good advice! I’d also like to suggest not getting arrogant or over-confident. Security mandates are like pendulums – they swing in, but they will swing away. Today’s project champion that got funded to install an expensive new gizmo will be tomorrow’s “dog” seen to have wasted the company’s money.
Put back some of that mandate into supporting processes and tools that promote good security governance, and make sure to develop a good, risk-appropriate business case for all new initiatives.
Speaking of which, we posted the recording of our February 11 Security Governance 101 webinar.