“If they think so alike, why do IT teams and the business teams they serve appear to be so disconnected on security?!” I thought this over and over again as I recently reviewed a Vanson Bourne study on security in the application economy. (You can obtain a free copy of the study here.) The study includes some encouraging data.
According to the survey just less than half (47 percent) of the respondents view security as a means to enable the business (“Enablers”). A further 36 percent view it as “mostly” about providing a means of control, while 17 percent feel security is “entirely” about control. I’m an optimist, so I like what I see: 83 percent of those surveyed no longer believe IT security is “Entirely” about control. That’s a big change from my first encounter with Al the security instructor. And it gets better.
Further exploration of the data shows that even the respondents who view themselves as “Controllers” may not be as disconnected from the business teams they serve as you might think. Both Controllers and Enablers set their priorities nearly identically for areas such as identity protection, API security, protecting against data breaches and improving the mobile customer experience. In fact, slightly more of the Controllers rated improving the mobile customer experience as a high priority than did the Enablers (44 percent vs. 42 percent). If they see things so similarly, why do they appear to be so disconnected?
The answer may lie in the word “appear”. In “The Innovative CIO” I wrote about a life-changing 360-degree review where I learned of behavior I referred to as “thinking aloud”. In brief, when I became excited about an opportunity someone presented I would immediately begin thinking about how to make it happen. As I mentally spun off thinking through the execution, I would encounter obstacles and would often be working through those when someone asked, “George, what do you think?” Caught in mid-thought I would often blurt out the obstacle I was working through when my heartfelt answer to the question was really, “I think it’s a great idea. I’m so excited about it I’m already working through the details in my head.” The latter would have made for a much more productive conversation.
I mention this one potential cause for the sake of illustration. (I discuss many others in the book and other articles.) My belief is that much of the tension between these people may be the result of communication and soft skill issues resulting in negative perceptions, as opposed to being the result of how those IT personnel actually think and feel. In this case, perception may be even more important than reality, and it must be addressed head-on.
Here are a few ways to begin:
There are many other things we can do to help resolve this disconnect. Please share some of your ideas in the comments.