At RSA, we believe the path to more effective digital risk management lies in helping security and business teams better understand the risks they face, and that a closer relationship and integration of these teams make a positive difference in risk posture and security effectiveness. We have built our business around this idea – business-driven security,
A new report from Ovum Ltd., “Business-Driven Security: An Essential Approach to Enterprise Protection and Compliance” reinforces the idea of business-driven security and provides added perspective and evidence to the discussion.
Penned by Alan Rodger, Senior Analyst, Infrastructure Solutions for Ovum, this report describes the practicality of the situation facing many digitally enabled organizations:
“In some of the most established industries, digitally enabled change is causing large waves, rather than ripples, in terms of consequences.”
We need only look at the headlines to see the waves of consequences related to cyber threats and compliance failures. The answer to more effectively managing these digital risks, according to the report’s author, is a security strategy that is, at the least, informed by the business, and “ideally, driven by the business.”
With novel threat vectors and new, more stringent mandates facing them, organizations of all sizes and from all industries may need to adjust their business and security strategies to better understand what is most valuable to their organization.
“Taking into account all the relevant factors relating to a risk, from across different areas of the organization, enables the avoidance of siloed or partially valid decision-making.”
Breaking silos and enabling a contextual view of risk and security is the core idea behind RSA® Business-Driven Security. Ovum’s report underscores this need, by highlighting how such an approach is necessary to effectively manage digital risk. The alternative, according to Ovum, could be “severe operational and financial damage from their inability to deal with increasing risks, compliance responsibilities, and cybersecurity threats”.