Trust must be earned every day through consistent operational excellence, which includes leading-edge information protection
Security and privacy are bad words with bad histories, evoking bad connotations with most enterprise stakeholders. For companies to succeed at safeguarding their data, these words must go away. Here's why.
Information security and privacy protections as we know them today are a response to the ills that have befallen enterprises over time. Enterprises experience a problem or incident and don't want it to happen again, so they find the most practical way to eliminate it or mitigate against it. As a result, security and privacy practices tend to be restrictive. Furthermore, there seems to be no natural home for security or privacy in the corporate hierarchy. Every organization uniquely figures out where best to place them — so long as the chief executive doesn't have to be too bothered.
As a consequence, neither security nor privacy has been associated with the positives of most institutions or with their strategically important initiatives. They are clearly not viewed as activities that will help enterprises gain market position, enhance their reputations or provide competitive advantage. Money and investments focused on security and privacy are most often viewed as insurance premiums — to be kept to a minimum consistent with the negative risk experience of each institution. Such spending is certainly not perceived as an investment for winning stakeholders, sustaining excellence or achieving market leadership.
But today's world, where an increasing majority of institutions do business online using telecommunications networks that span the globe, security and privacy protections expressed in negative terms don't make the grade. Enterprises need a positive approach that positions avoidance and mitigation of information security and privacy risks as built-in elements of their business model. They must adopt an approach based on winning the trust of all stakeholders — customers, employees, channel partners, contractors, vendors and shareholders all. Trust means stakeholders feel safe in the hands of these enterprises and are confident in the secure delivery of their products and services along with protection of their private information.
In fact, trust is good business and is a good business practice.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.