/may 8, 2020

Great Minds Think Alike: Aligning Security With Business Priorities

By Hope Goslin

Do you ever feel like security and risk professionals have a completely different set of priorities than the rest of the business? Well that’s because, at most companies, they do. Security professionals are concerned with securing things – like servers, networks, and applications – from cyber risks.  Business decision-makers are concerned with the customer experience, growing revenue, and innovation.

Forrester addresses this discrepancy in a recent report, citing that, “Only 16 percent of global security decision makers at enterprises claim that they are identifying new sources of data-driven revenue, and just 14 percent are developing secure customer-facing mobile and web applications.”[1]

The difference in priorities can have a negative impact on a business. For example, by concentrating solely on the security of products and services, security professionals fail to protect against new attacks that focus on how to manipulate decisions made by or about your company or the perception of your products and services. These types of attacks are commonly associated with innovation, so businesses are often fearful that innovative software will expose the company to risk. But innovation is the only way for a company to progress and stay relevant. So, it’s kind of a catch-22.

How can you solve this dilemma? You need security to align with the business priorities, which means security has to concentrate on the customer experience. Just as development is creating minimum viable products, security must match it with minimum viable security. If security and development are aligned, it will open the door to innovation, making security a competitive advantage.

To learn more about this concept, including ways to shift the security mindset, watch the following video featuring Amy DeMartine based on a recent Forrester report she co-authored, Secure What You Sell: CISOs Must Tackle Product Security to Protect Customers.

 

[1] Secure What You Sell: CISOs Must Tackle Product Security To Protect Customers,” by Jeff Pollard, Amy DeMartine with Laura Koetzle, Elsa Pikulik, Peggy Dostie, Forrester Research, Inc.

Related Posts

By Hope Goslin

Hope is part of the content team at Veracode, based in Burlington, MA. In this role, she focuses on creating engaging AppSec content for the security community.