By the year 2020, what should “security” look like? Organizations are now more complex than ever before, and there is no evidence that the next eight years will reverse this trend. Companies have adapted to succeed in a global and decentralized market economy, increasing reliance on vendors, suppliers and contract staff for previously in-house operations. They have changed their internal structure to better compete in changing markets and a down economy, and they have learned to leverage new technologies to increase the speed of both communication and business.
This complexity has brought new risks that pose an ongoing security challenge, at a time when security is already arguably at a disadvantage. Many institutions still have not regained confidence following the decade of security shortfalls that began in 2001. Global markets and governments face continued uncertainty, leading many businesses to stop investing in new infrastructure and programs and to instead cut costs and staff in an effort to weather a storm that may or may not be coming. Yet, if organizations do not develop or maintain a robust risk strategy, they could suffer stunted growth and loss of revenue.
How should Security evolve to excel in this environment? Some organizations have accepted the challenge to push security toward value enhancement and stronger, more consistent protection through the rest of this decade. They are already giving the industry a glimpse of what security could — and, perhaps, should — look like in the next decade.
What Security 2020 Could Be
The CSO begins the day briefing the rest of the C-suite on mitigation opportunities that the company’s unified risk oversight team is tracking. He helped provide the momentum to convene the first risk council that, over the years, has morphed into a diverse, cross-functional collaboration — gathering crucial and timely insights from across the company to both identify and address hazards earlier and better than previous siloed efforts.
The CSO is a business partner who is actively engaged in responding to key operational needs. His team pro-actively seeks alignment with the business’ goals through regularly scheduled meetings with business unit leaders.
Once relied on for heroic efforts to protect personnel and assets, the security function’s strategies have evolved to incorporate relevant performance metrics, including compliance certainty and contribution to plan. Security owns or plays a pivotal role in a wide range of organizational priorities, such as sales and supply chain exception reporting. Conventional fraud detection and response are augmented with cost avoidance planning, brand reputation protection, and corporate social responsibility, including community disaster preparedness. Security consistently applies its unique perspective to help build process and value improvements into these other functions.
The function is also advancing integration capabilities for the entire organization and the industry by participating in technology test beds. Partnering with solution providers, selected locations model, test and prove the effectiveness of integrated security technology elements. Data is shared with operators and vendor and integrator partners to influence product and process improvement. In some cases, security is using technology manufactured by its own company to influence both risk mitigation and revenue.
Collaboration is a hallmark of the unified risk mitigation security strategy. Security maintains multiple internal and external information-sharing partnerships with public and private organizations, and it also works to forge a strong link with the community through social responsibility and philanthropic efforts.