How does the security team become a "Department of Yes"
Bryan Casey 270003BSJV BFCASEY@US.IBM.COM | | Tags:  cio yes security ciso organization risk
0 Comments | 2,015 Visits
Did you know that in 2008, more than 80% of surveyed executives said they didn't pursue innovative projects because of risks associated with information protection?
Numbers that high tend to jump off the page, but when it comes to information security it probably wouldn't take much consideration to decide that 80% figure maybe wasn't all that surprising. At this moment in particular, with issues around cloud, mobile, the grid, portable healthcare records, etc, security has become more challenging than ever. The response of many security organizations (as evidenced by the stat with which I opened this post ), has been to say "no" to innovative projects. However, that is not a tenable long-term relationship between the security team in organizations and the business. These organizations need to partner more closely than ever before so security is properly integrated into projects from the very beginning.
Chart describing IBM's internal processes around how we build security into projects from the very beginning.
The alternative, is that innovative projects either get forgotten, or the business finds a way around the security team. Neither of these results is ultimately in the best interest of the organization. Becoming a "Department of Yes" is something IBM believes in and has embraced internally. To find out more, you can read the full paper here, and visit us on both the Institute for Advanced Security and Center for Applied Insights.