I still remember the day twenty years ago when one of our company’s financial advisors asked about using WiFi on his work laptop. WiFi had just been starting to gain traction in homes across the country and was starting to slowly be discussed for use in businesses. At the time, all I saw were the security risks associated with what was considered an unsecure platform on which to conduct business, one that could introduce any number of security risks. I simply could not see the benefits to the business, only the security risks. With myoverzealous security attitude and inexperienced business mindset, my immediate response was “Not over my dead body!”.
Being fairly new to the security field and business then, I had failed to realize the most important key to ensuring cyber security within an organization is not a technical skill, but is rather a soft one - understanding how cyber security can align itself with the goals of the organization. My one saving grace was an exceptional manager who was present the next time an employeeasked about deploying WiFi for the organization. I had no doubt that my manager would tell her the same thing I had told others but, instead of saying “no”, he told them “Let’s see how we can help you do this as securely as possible.”
"Just like when companies first wanted to first deploy WiFi, we need to be able to deploy the solutions the business needs while deploying them as securely as possible"
Those words were a much needed blow to my computer security ego at the time in which I learned that the business wasn’t there to support me with a career and a paycheck, but that I was hired to support the business. Suddenly, the business no longer revolved around IT and the information security team, but quite the other way around. My job was to focus on keeping the organization safe from hackers, while the business itself was focused on growing revenue, expanding market share and helping clients in doing so. It was my role, and still is, to gather the technical knowledge required to secure the business’ latest initiative before it’s being deployed,while at the same time understanding how the latest project ultimately supports the business in being successful.
Twenty years later, that lesson I learned still holds very true in a world of new and evolving technologies. In the last couple of years alone, IT and security teams are being presented with requests from the business to deploy new technologies from the latest IoT solutions and cloud-based applications to machine learning and artificial intelligence. Just like when companies first wanted to first deploy WiFi, we need to be able to deploy the solutions the business needs while deploying them as securely as possible.
Are there times in which security concerns and the true risks of a new initiative would dictate we say no? Yes, but those instances should be few and far between. Our first and only answer when supporting the business must be - “Let’s see how we can help you do this as securely as possible.”