Over time, information security can become one of the more frustrating items on a leader’s docket. You can do all of the right things, hire a team of experts, purchase high-quality systems, partner with top-tier vendors, and allocate plenty of dollars, but in the end, it’s hard to show your investment has positively affected your company.
Sure, your product and systems are secure, but your company’s overall efficiency remains relatively unchanged, or perhaps has declined. Your operational costs have soared, your development life cycle has lengthened and your company’s strategic goals are not being met.
Further, your work environment feels more tense than ever. Departments across the company aren’t quite sure what the security team does, so they pretend it doesn’t exist at all. Engineering, for example, will set up its own virtual private network without first running it by your security experts, and things will get really awkward six months later once they find out.
Your security team also feels frustrated because, like you, they want to hit their goals. It’s no coincidence the average chief information security officer leaves his or her job every 18 months. It’s hard to feel professionally satisfied when you’re constantly underperforming and struggling to prove your worth.
It’s time to stop spinning your wheels and wasting your money. Take a more holistic approach to information security; one where specialized experts and department leaders work in collaboration to create systems and processes that drive efficiency, productivity, and revenue.
The value of collaboration
The traditional corporate mindset needs to shift. Departments can no longer be viewed as separate entities in their own solar systems. This siloed approach simply has no place in a modern business; it’s now crucial for leaders to ensure each member of every team understands the company’s overarching strategy and how their individual contributions factor into the bigger picture.
Not everyone will know the intricacies of information security, but all departments, not just your development, IT, operations and security teams, should have a stake in it. Everyone can contribute unique insights, perspectives and guidance, and when that happens, your security experts’ jobs become so much easier.
Your finance leaders, for example, should play a major role in budgetary governance. It’s one thing to ensure enough money is devoted to security and the team stays within its budget, but assessing whether the funds are spent wisely brings collaboration to a new level. With a bird’s-eye view of the entire company’s expenditures, the finance department can identify where systems, vendors, and processes overlap, thus helping leaders trim fat, save money, boost efficiency and embrace lean security.
Your marketing and sales teams are the front-facing figures that put your company’s life on the line every time they interact with clients. Explaining that your digital products have features and functionality that meet customers’ needs is only half the battle; building trust from a security standpoint and assuring clients their personal information will remain private and secure is essential to the modern sales process. And further, sales professionals know every client can be a lifelong partner who refers business to your brand. One security breach could not only dissuade a lead from converting, but it could also reverberate throughout a network of potential partners.
Last, and perhaps most important, your human resources department should foster a security-minded culture across the whole company. This involves recruiting the right candidates and instilling the right values in them during onboarding. Making sure new employees deeply understand and embrace the value of secure digital systems is key to developing the collaborative culture your company needs.
Instilling a collaborative security culture
Culture change is, by far, one of the most difficult things to implement as a leader. It definitely doesn’t happen overnight, or even over the course of a year. A widespread culture change takes years of commitment.
Here are three strategies to get you started on the right foot:
Highlight the successes of others
Take a look at some of the most successful companies in the world that are on the cutting-edge of delivering digital products. Put together a presentation that shows your team what they do well, highlighting the key role collaboration plays in their processes. Once employees see the best and brightest companies in the world embrace a collaborative security approach, they’ll be much more willing to follow suit.
Netflix is an example I love to use here. Though its core competency is streaming your favorite TV shows and movies, the company also has a tremendous track record of writing and releasing high-quality, secure software collaboratively. Some products, like Simian Army and Chaos Monkey, specifically exist to help companies boost their fault tolerance, minimize the internal impact of system failures, and limit the fallout these issues have on customers. One look at Netflix’s commit logs, and you’ll see that thousands of people hours go into the creation of their software offerings, with several departments playing a central role.
Identify and address your internal roadblocks
Some people at your company will likely see no problem with your current siloed approach to security. Perhaps lack of efficiency and wasted money aren’t directly affecting their day-to-day lives, and they’ll resist any major changes you attempt (and stall the process).
Do these sour grapes need to be managed out of their roles because they’re stubbornly holding the whole company back, or does an entire reorganization of the company’s structure need to happen? Do you really need separate operational, development and security teams “managing” your digital ecosystem from their own silos, or are there obvious opportunities for consolidation? Addressing these roadblocks is key and requires a leader to make some tough decisions.
Embrace cross-training
Perhaps you’ve already tried to break down the silos in your company by removing all of the cubicles, creating an open floor plan, and organizing more company gatherings in an attempt to forge interdepartmental relationships in which people naturally explain their roles to one another. But in the end, all you end up with is an office that’s noisier than ever, yet still isn’t collaborating.
Collaboration flows freely when teams are full of cross-functional, highly skilled individuals who understand one another’s roles. I’m not saying everyone needs to be an expert in everything; specialization is still important. But your developers should certainly know something about information security, and your security people should have a baseline understanding of what it takes to design and develop a product.
Again, Netflix does a tremendous job of ensuring its departments interact regularly and understand one another. Whether it’s organizing meetups between teams or instilling processes that keep all involved teams happy, the company clearly recognizes the value of fostering cross-departmental tolerance.
Information security should include everyone, not just your tech gurus. Often, creating this culture of collaboration requires a fresh set of eyes, so consider partnering with an outside security consultant that can expertly assess your company from top to bottom, find areas ripe for improvement, and help you change your organization’s DNA.
It may take several years, but once information security transforms into a collaborative undertaking, it will no longer be a costly, inefficient, and frustrating part your company. Instead, it will be a key driver of internal productivity, client confidence, and company-wide prosperity.
For more insight on information security, see 5 Effective Cybersecurity Steps Every CFO Should Know.
The post Collaboration Improves Information Security appeared first on Switch & Shift.