Build security processes into the business, experts urge

Embedding and automating risk practices – data security and regulatory compliance – into the business may change the perception that these controls are impediments to business, said a security expert.

Actually, the hope and expectation of top-level executives is to embed Sarbanes-Oxley (SOX) practices and other such controls into the business in order to reap a significant return on investment, said Mary Kirwan, chief security advisor with Mississauga, Ont.-based Microsoft Canada Co.

“Because at the end of the day, security is perceived as a fortress, as an impediment to doing business,” she said, adding that organizations can then free up time to focus on other matters.

Organizations tend to view security as a roadblock to business because “it’s not necessarily a revenue driver,” said Darin Stahl, lead analyst with London, Ont.-based Info-Tech Research Group.

Generally, he added, investment in security is presented, from IT or security, as “something that must be done, otherwise bad things will happen.”

But IT has a role to play, said Kirwan, because by improving corporate data handling practices and driving efficiency through such automated controls, IT will become a business enabler as opposed to just a provider of technical support.

It’s no longer acceptable, she said, for CIOs to “put out fires and do run of the mill stuff” – instead they need to get more value out of their IT assets.

With ever-evolving technology and tools, said Kirwan, “we’ve got to use these assets strategically. My hope is, over time, management will go back to basics and see IT as something that adds a great deal of value.”

Stahl agrees that this is the intended goal, however, in mid- to large-sized companies, the security team is often situated outside the IT department.

“That organization — in terms of staffing, focused responsibilities and lines of reporting — is probably the largest contributor to this issue.”

In attempting to streamline processes, said Kirwan, an organization should recognize they can’t fix all problems, and should really focus their expenditures and attention on high-risk areas.

In addition, they should create “a framework of controls”, so that new legislation can be easily mapped to the existing structure.

Dahl said software exists that allows greater automation and process focus across what has traditionally been discrete points.

He notes that although IT may operate security solutions within an organization, performing risk mitigation – setting and enforcing policies – belongs to the business owners.

Quicklink 071299

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Empowering the hybrid workforce: how technology can build a better employee experience

Across the country, employees from organizations of all sizes expect flexibility...

What’s behind the best customer experience: How to make it real for your business

The best customer experience – the kind that builds businesses and...

Overcoming the obstacles to optimized operations

Network-driven optimization is a top priority for many Canadian business leaders...

Thriving amid Canada’s tech talent shortage

With today’s tight labour market, rising customer demands, fast-evolving cyber threats...

Staying protected and compliant in an evolving IT landscape

Canadian businesses have changed remarkably and quickly over the last few...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now