Security can't work in silos. Learn business and transform the enterprise..

We are fast paced into the digital world, with the spurt in the metamorphosis: data into big data, things becoming Internet of things. Many of us try learning the machine language, to gain artificial intelligence. Everything is becoming Smart, at home too, that every minute of everyone's life is on someone else hand. With all these changes being constant the need for security has been exponentially increasing.

Ironically, the security hasn't been gaining the required traction. Many organisations are still trying to fix some external requirements though not completely. It could be a B2B, B2C or some regulatory requirement. For e.g. an application is being developed and the requirement it to be GDPR compliant. We see to it that the GDPR compliance requirements are being met for the application. In other terms, Application security requirements are addressed. But the organisations must understand this alone can't keep them immune. They must look at other risks in the enterprise and fix them proactively with the foresighted business thinking.

The mindset must change that security is technology. Losing the business part and the resources engaged, then the security isn't complete. It is quite evident from most of the data breaches. One of the largest banks had a server, with all the customer confidential information, for ages without security controls. This lead to disastrous outcome recently, as the confidential information is into the dark web for sale now.

So, what is the immediate need?

1. Engage industry experts who understands the end-to-end business. They must perform complete assessment and chalk out the roadmap in collaboration with the insiders in key roles. The organisation may need to establish phased controls addressing so many architectural to operational loopholes. This may cut across things establishing security organisation, deploying stringent technological controls(like Identity & Access Management, Application security, Cloud security, PKI), forming and empowering risk & audit functions et al.
2. Keep a tab on the progress and infuse required funds in a timely manner, for meeting the 'improvement requirements' to be in sync with the dynamic environment and changing business landscape.

So, what is in it for the security practitioners? If you're really keen, the icing on the cake is to learn complete business. Security profession is one of the few, in which you understand the complete business and help them transform - to be secured. If you aspire to start your own business, this will help with the fundamentals over which we could develop per the need.