Enterprises are missing out on making security an enabler not just a protector
So says digital anthropologist, analyst and TechRevolution guest contributor Brian Solis.
In a new interview with Solis, he says that security is much more than making organizations safe: It’s a differentiator and an enabler.
Enterprises traditionally regard security as a must-do, cost-based overhead, part of running a secure and scalable IT infrastructure that can withstand what he calls digital Darwinism. But according to Brian Solis, there is another approach: Security as an enabling technology that can deliver market differentiation and competitive advantage.
“Clearly security is part of doing business,” he says, “but those organizations that place security in a silo in some corner or other – literally and metaphorically – are at a competitive disadvantage.”
“Clearly security is part of doing business, but organizations that place security in a silo are at a competitive disadvantage.”
The challenge organizations face, it seems, is that security is not as well-understood as it should be. It’s a bigger deal than most organizations realize because it should be considered as an aspect of every part of the organization, not just IT, infrastructure, or asset protection.
“Security is much more than making organizations simplistically secure,” says Solis. “If organizations have a reactive stance to security, seeking to stop hacks or data thefts, or reacting when something like this happens, they run the risk of becoming increasingly irrelevant. They will focus too much on being careful, rather than on being innovative and disruptive. If you build security into your customer service programs from the outset, for example, you inevitably build security into those operations but you also make them more effective in the commercial sense. It’s almost that making them secure is the added bonus.
“And organizations that seek to bolt security onto processes can run the risk of making everything more-difficult than it should be – and not even necessarily more-secure.”
Some organizations turn security thinking around 180 degrees, one example being the payment of bounties to successful hackers so that organizations can learn where the weak points are.
“If organizations have a reactive stance to security, they run the risk of becoming increasingly irrelevant. They will focus too much on being careful, rather than on being innovative and disruptive.”
Does security conflict with digital transformation? Often, says Solis. “Digital transformation is the forward-looking movement to modernize organizations so that they become fit to compete in the future. Security rarely features in this transformation process – which is a mistake. As I’ve already said, it’s difficult to make security part of this process if it’s stuck in its own silo. And if it is absent, it’s impossible for infrastructure changes to cover all bases. There will always be something missing from the transformation picture.”
Security as a priority
There is hope, though. According to Solis, security is usually part of the second-level of priorities in organizations – alongside IT infrastructure, and technology changes designed to improve agility, flexibility and manageability. “If that sounds like security is part of the ‘technology infrastructure’ level, it probably is, but this makes sense when it’s part of this group of technology enablers,” he says. “The first-level priorities usually focus on outward-facing technologies such as social media, social e-commerce and similar technologies. The third-level priorities focus on global eCommerce platforms.
“And every organization will carve out its priorities according to their resources. Only one thing is constant across every organization, large or small: Resources are finite. Organizations have to make decisions about where to place their bets. Every organization’s appetite and ability to focus on security will, therefore, be different – along with every other priority.”
“Every organization’s appetite and ability to focus on security will be different – along with every other priority.”
Where does he see an opportunity for change when thinking about security? “There needs to be an increased understanding about the importance of security and where it fits in organizations’ technology strategies. One thing I’d stress is that it should be considered as an enabling technology. It’s so much more than a protector of reputation, for example. Considered strategically, security is a growth accelerant.”
“Security is so much more than a protector of reputation: Considered strategically, security is a growth accelerant.”
Customers and users have their part to play as well. Solis notes the irony of “users – all of us – being happy to allow access to our personal data in return for value, perhaps without thinking too hard on the matter, only to be surprised when our data is used against us or is hacked. Users need to learn that, in the security stakes, they have leverage that they need to apply, certainly leverage to give up only for the best-possible deal.”
Brian Solis’ latest book, Lifescale, is published by Wiley on 12 March.