By Arnaud Bacros - Country manager EMC Belux

 

Talking to the board of directors about information security is probably like talking to the taxman about poetry. The subject matter is really not top of mind for them, neither are they inclined to start asking questions on the theme themselves. Yet, information security is certainly something the board needs to address.

 

Information security is one of the top concerns of CIOs, a recent survey by the Society for Information Management unveiled. The survey found that IT nowadays is less focused on optimizing IT itself and more focused on optimizing the enterprise as a whole. That’s why a CIO’s success is increasingly being measured on the value IT can prove to the business. With a more enterprise-wide approach to IT, and new trends like Bring Your Own Device, cloud computing and shadow IT, the measures the IT department has to take on the fronts of privacy and security are becoming ever more important. And if all those internal measures were not enough, there’s new outbreaks of malware every week, bringing new threats to the enterprise.

 

The end to cyber security troubles is nowhere near. According to Gartner, more than three quarters of mobile applications for smartphones and tables will fail basic security tests next year, putting the enterprise at risk from hackers. The Internet of Things (IoT) may even be a bigger challenge yet for the IT department. The CIO really is between a rock and a hard place, with the business demanding innovation faster while good governance demands the security team rein in any risks.

 

As an ever larger chunk of your IT budget is being devoured by security matters, it may really be time to have that chat with executive management and the board of directors about cyber security. Executive management needs to be able to weigh “the risks of yesterday and today against the opportunities of tomorrow” as Gartner neatly formulated the dilemma of today’s decision-makers. The role of the CIO is to make it crystal clear to executive management what the benefits are of a good security strategy.

 

Getting the message across to executive management means cutting out all the technical babble about information security. Don’t bore the directors with operational metrics when talking about the threats you detected or countered. Talk business language, and indicate why certain security measures cannot be passed over lightly if the company wants to stay out of stormy weather. If you provide the answer to simple questions such as “what are the risks”, “what are we doing to overcome these risks”, “how this approach has helped us in the past” you clearly demonstrate you are a business leader too, and know what is at stake for the company as a whole, not just for the IT department. Security is a company-wide initiative that demands collaboration from everyone, especially from executive management. And while on the surface, they may be as little interested in security as the taxman is in poetry, by using the right words and the right rhythm, you are sure to hit the mark.

 

The opinions expressed in this article are those of EMC and do not necessarily represent those of IT One.