Integrating security processes with business processes

Contributed Article
March 5, 2019 7:32 am

Experiences shape the way we feel and act. This is why Ritz-Carlton offers highly-personalised service. They know the value of customer experience and have made it central to their business model. It is time for security and risk. Today, the battleground for the digital industrial revolution is the customer experience. Security should not wreck the customer experience, but it often does.

For security and risk leaders, the customer is anyone in their enterprise. Long focused on operational excellence, such leaders must now work to create an effortless customer experience for their business executives. This can mean giving up control, which leads to the nexus of a culture clash.

Your customers want the effort they put in, to match the value they expect to get. If you deliver the wrong experience, they will just tune you out. If you can improve their comfort and understanding of risk and security, you can help your company move faster. That is truly a business value of security.

Five things security and risk leaders can do now to create a better experience for their executives.

#1 Speak to executives about things that matter to them

Talk to business leaders about what is important to them. Do not assume you know. Remember, it is about what they think matters. Ask the question: What types of decisions do you make every day. The answer can provide lots of insights. Show them how their business outcomes are directly dependent on technology.

#2 Help executives with decisions through focused risk assessments

Start with a business process and conduct interviews with the people who execute that process. Offering executives decision-making in the context of operational outcomes makes these engagements more than interesting to them. It directly impacts the decisions they make. You are now helping them do their job.

#3 Create defensibility for your executives

Executives do not directly control technology security and risk. But when things go wrong, they are usually held accountable. They need defensibility. We have treated security like a dark art for so long that when an organisation gets hacked, people do not understand. You cannot guarantee the organisation will not get hacked, so stop selling your executives protection, and start selling something they truly need, defensibility.

#4 Take technology out of conversations

Your ability to put decisions in terms of business outcomes is critical to your success in a modern risk-based world. Do not talk about security and risk in only technology terms. Although technology will always be a part of the conversation, your partners need to understand what you are saying. Making risk and security transparent and business – aligned is an absolute requirement.

#5 Move from project to product management

Use product management to change the experience you deliver. Unlike project management, everything is continuous and typically organised around a business process and the IT requirements to support that process. Doing these five things will improve executive experience, their perceived value, and result in a better, more appropriately protected organisation.

Leigh McMullen, Research Vice President, Gartner.

Key takeaways

  • The battleground for digital industrial revolution is customer experience.
  • Security should not wreck the customer experience but it often does.
  • For security and risk leaders the customer is anyone in their enterprise.
  • Leaders must work to create an effortless customer experience for business.
  • Giving up control leads to the nexus of a culture clash.
  • Customers want the effort they put in to match the value they expect to get.

Leigh McMullen and Paul Proctor at Gartner explain a business can move forward when cyber security processes are aligned and understood by executives.

Tags: