When cyber criminals pierce a company’s IT defenses, organizations are often quick to blame a security loophole and promise a patch to assuage user concerns. But the proliferation of these often-devastating hacks shows that there’s something much larger at play: The way companies handle security needs to undergo a revolution.
The Open Network Users Group (ONUG), an IT community I cofounded, brings together IT business leaders from the Forbes Global 2000 to discuss security challenges, exchange ideas, and share best practices. Through these discussions, we’ve found consistently that far too many businesses still treat security as an afterthought. The business gets excited about a new application it wishes to implement, then it turns to the security team at the end to have IT “sign off” and prepare whatever may be necessary to make it secure.
Security isn’t icing on top of a cake. It needs to be baked in from the start. And the team you currently have is, quite possibly, not the right one to do this.
The Evolution of IT Security
In order to build out the most effective cybersecurity processes in your organization, it’s important to understand how IT teams have evolved.
Companies went through dramatic changes in the 1990s. They developed new uses for technology, both internally in daily operations (email systems, customer resource management, human resource management) and externally for customers and the public (websites, sales apparatus). In general, these needs were handled by purchasing IT from vendors such as Cisco, IBM, Dell, Hewlett-Packard, and others. These vendors would provide tailor-made technology for each business to meet its specific needs. Thus, the security systems companies needed were vendor-specific based on each piece of technology.
Inside businesses, people with expertise on each vendor dealt directly with the vendor on behalf of the company. This was true for everything, including security. An employee who knew the ins and outs of how a specific vendor handled security was responsible for overseeing it.
As a result, IT personnel developed into separate silos within an organization. IT teams became virtually stand-alone entities. They rarely interacted with other silos or with the rest of the company.
Get Updates on Innovative Strategy
The latest insights on strategy and execution in the workplace, delivered to your inbox once a month.
Please enter a valid email address
Thank you for signing up
The New Cybersecurity
Today, the rise of cloud computing is changing the IT landscape significantly. Companies are no longer building their IT operations around mountains of infrastructure tailor-made for them by vendors.