Suddenly I've arrived at that age where many stories I share begin with, "When I was a kid." I remember my parents had a few of those old filing cabinets where they stored all of their important paperwork. My siblings and I were fascinated by this mini monster that housed banking information, tax forms, and household bills.
Even more exciting for us, was when one of my parents left the keys in the lock, and we were able to open the drawers and examine all that rest protected in this large metal box.
My parents weren't alone. Virtually every office building was loaded with these storage units, and many of these structures contained critical information that needed to be kept under lock and key. Someone was responsible for keeping those keys, but certainly it wasn't the security guard at the front door of the building, right?
In the digital enterprise, security works much like the days of old except those filing cabinets have been converted to digital files stored on a network. Why then, does everyone in the enterprise presume that all of those keys have been turned over to the security team?
Ryan Stolte, CTO at Bay Dynamics said, "In large organizations, there is the overall security team who is in charge of managing risk across the board. However, there are also different lines-of-business such as the HR department, marketing, legal, and others. Each of those departments has its own manager, application owners and IT experts; however, none of them are part of the security team."
In many respects, the way security worked "back in the day" was a lot easier for folks. If I worked in human resources, and a stranger came in and started rummaging through the filing cabinet in my desk, I would know right away that something was amiss. Most likely, I'd call security and have him escorted out.
In the digital enterprise, protecting critical data has changed. Communication is the missing ingredient because security teams don't have the information they need for or from the other business leaders who are focused on different objectives, like sales goals or the customer experience.
"Those department heads are so concerned about keeping their own systems up so that they can continue bringing in revenue, that they overlook security. For example, the managers of a POS system do not want to have their IT guy take the system offline for an hour to fix a patch during Black Friday," Stolte said.
Whether you are a health care provider responsible for making sure a portal is available to patients or you are a business executive who is responsible for making sure your ecommerce is available, you need to become more security savvy. Stolte said, "Communicate with security by telling them, 'Hey, I manage valuable information. You need to tell me where my vulnerabilities are to insider threats and malware so that I can fix them.'"
Sign up for CIO Asia eNewsletters.