Technology and computers are everywhere today, being used across generations, understood by billions of people but yet seem too often to ‘fail’ in business. I can’t count how many dysfunctional relationships I have seen so far in my career as a technology auditor and security consultant (maybe nature of the job). I have worked with the leading corporations of the world to the, still around after 20 years, ‘homegrown’ start ups. The biggest story communicated to me seems to be how IT is always delayed and there seems to be an outage every week; while business has no understanding for technology services and gives IT no budge or planning to work.
Companies need to find a way to break down the silos between departments, operations and staff in developing a secure technology environment. There are many ways to achieve smooth operations between a business group and IT, no matter the history of the company. A good place to start is by coming together in understanding the risk the company faces in today’s global world where business data is ‘online’ for a uncountable amount of entities at any time. Depending on your business’s internal knowledge and staffing, a effective way to understand business risk is by reaching out to a trusted security consulting firm that provides a range of risk advisory services.
The organizations that I have seen benefit the most in mitigating their IT risks and accomplishing more than compliance requirements achieve this by bringing in a experienced team of fresh eyes that have a history in security and compliance consulting. The first thing a good consultant will do is gain an understanding of requirements of the business, assess IT operations and design as well as facilitate general security practices across the organizations. The most efficient organizations are able to bridge the gap between business and technology operations in understanding risk in IT business resulting in a more secure operations where, if necessary, security exceptions are fully communicated, understood and accepted by the business.