Security Culture Series — Part I: Expanding IT’s Responsibility

Security Culture GraphicAs the digital transformation trend continues to alter communications across all industries, concerns about the security of data located in the cloud are becoming more prominent.

Advancements in technology — namely smartphones and other mobile devices — have ignited a radical shift in the communication preferences of consumers, and in the security measures needed to keep their data safe. This new security landscape includes an expectation that consumers can use their mobile devices to communicate seamlessly with a business or organization of any kind. So what can organizations do to ensure that consumer information remains secure despite the continuous change of technology and increasing cyber threats?

Security Culture: Why It’s Necessary for Every Industry

With the latest innovations in technology producing an ever-growing number of mobile devices, omni-channel communications has become the standard for modern communications. Due to this shift, securing digital communications is now a high priority for many organizations. The adoption of a security culture is critical to any organization looking to ensure that consumer data remains secure despite the risk introduced by new and emerging technology.

The term “security culture” refers to a cultural expectation instilled by the leadership of an organization to maintain a security-focused mindset — where every decision and strategy is viewed through the lens of the highest protocol needs vs. internal preferences. As digital transformation continues to pervade industries, the need for organizations to instill this mindset of security is becoming more urgent.

It’s no longer enough for the latest security measures to be in place. If there’s an opening to sensitive data at any point within the organization, the risk of a breach increases. When an “opening” can simply mean one extra person having access to data that should be locked down and only accessible to certain IT workers for maintenance, then security becomes less of a technology problem and more of an internal culture issue.

The goal must be to have a culture where every member of the IT department understands that having universally accessible internal data, while easier to work on in the short term, is too high of a security risk in the long term to be worth it. A security culture requires a champion to step in and set the tone for a more protocol-based access to information, so only those who absolutely need to know are “in the know.” On the other hand, it also requires a willingness to work with (and not against) the right kind of industry partners — organizations that also value security above internal preference and have the type of technology that can digitally transform an organization to meet the ever-shifting consumer expectations.

The Need to Expand IT’s Realm of Responsibility

Unfortunately, impediments still exist to creating a security-first culture for organizations across the board. Often times IT departments view cloud-based providers as competitors — fearing that their mission does not align with the goals of the organization. Many IT teams have a long-held opinion that the scope of their responsibility extends solely to internal services within their organization — an “our team is only responsible for what we built” mindset. However, this type of thinking is a recipe for disaster as organizations today consume both internal and external services, with a skyrocketing trend toward external cloud services.

IT teams have a critical role in assisting their organizations in the deployment, use and support of the connectivity to cloud services. If an IT team holds a limited scope of responsibility, the risk to an organization overall is significant and can be expensive in terms of both cost and employee retention. IT teams can lead the charge by increasing security measures in the midst of digital transformation and embracing the philosophy of a security culture.

To help expand the scope of responsibility for IT, organizations can involve members of the team early on in the process of selecting a cloud-based service provider. This is particularly vital throughout the evaluation process, and encourages the team members to provide feedback on concerns or recommendations. By engaging the IT team in the process, they’ll feel more empowered, which can help to expand the realm of personal responsibility toward external services.

As technology transforms communications, the need for a security culture will only continue to become increasingly dire.

Recently in InfoSecurity Magazine, I discussed why the cultural mindset of healthcare organizations in particular needs to change as digital transformation continues to alter consumer communications — and outlined three tips to achieve this shift. This blog is Part 1 of three in a series to dive deeper into each one of those tips.

Share this entry
Contact Us