Are IT security and the business really disconnected?

A recent survey suggests IT security and the business are closer than you might have thought.

“If they think so alike, why do IT teams and the business teams they serve appear to be so disconnected on security?!” I thought this over and over again as I recently reviewed a Vanson Bourne study on security in the application economy. (You can obtain a free copy of the study here.) The study includes some encouraging data.

Closer than you think

According to the survey just less than half  (47 percent) of the respondents view security as a means to enable the business (“Enablers”). A further 36 percent view it as “mostly” about providing a means of control, while 17 percent feel security is “entirely” about control. I’m an optimist, so I like what I see: 83 percent of those surveyed no longer believe IT security is “Entirely” about control. That’s a big change from my first encounter with Al the security instructor. And it gets better.

Further exploration of the data shows that even the respondents who view themselves as “Controllers” may not be as disconnected from the business teams they serve as you might think. Both Controllers and Enablers set their priorities nearly identically for areas such as identity protection, API security, protecting against data breaches and improving the mobile customer experience. In fact, slightly more of the Controllers rated improving the mobile customer experience as a high priority than did the Enablers (44 percent vs. 42 percent). If they see things so similarly, why do they appear to be so disconnected?

Thinking aloud

The answer may lie in the word “appear”. In “The Innovative CIO” I wrote about a life-changing 360-degree review where I learned of behavior I referred to as “thinking aloud”. In brief, when I became excited about an opportunity someone presented I would immediately begin thinking about how to make it happen. As I mentally spun off thinking through the execution, I would encounter obstacles and would often be working through those when someone asked, “George, what do you think?” Caught in mid-thought I would often blurt out the obstacle I was working through when my heartfelt answer to the question was really, “I think it’s a great idea. I’m so excited about it I’m already working through the details in my head.” The latter would have made for a much more productive conversation.

Soft skills matter

I mention this one potential cause for the sake of illustration. (I discuss many others in the book and other articles.) My belief is that much of the tension between these people may be the result of communication and soft skill issues resulting in negative perceptions, as opposed to being the result of how those IT personnel actually think and feel. In this case, perception may be even more important than reality, and it must be addressed head-on.

Here are a few ways to begin:

• Manage your “thinking aloud”: Think before you speak. Consider your audience and the reason and timing of the question. There will be a time to address potential obstacles, but it may not be “now”.
• Adopt a collaborative posture, even if you disagree with a proposal.
• Think about how obstacles can be removed, not only about discovering them.
• Ask others to tell you how you are being perceived. This can be frightening, but it is well worth it. You will be as positively surprised as you will learn about things you can do to improve.
• Ensure the people you work with understand that you are genuinely motivated by their success, and that you will do whatever you can to help them succeed. Do not fake this. If you don’t truly feel this way, it is likely time to reconsider your career path.

There are many other things we can do to help resolve this disconnect. Please share some of your ideas in the comments.

George is co-author of “The Innovative CIO.”
This blog is cross-posted at “Highlight”.
Follow @GeorgeDWatt