Wednesday, April 16

IT Security Risk = Lost Business Opps

In Art Coviello's key note last week, he reported that 80% of executives surveyed have avoided real opportunities for business advancement because of IT security risk.

It was probably the most powerful statement I heard all week. It means that enterprise IT security is falling short in a critical way.

When I present on the business drivers of a security solution, I always include three areas: risk reduction, enhanced ability to respond to audits, and creation of business opportunities. The first two generally resonate pretty well but the last one usually gets blank stares and I call myself an optimist and move on. So, I'm glad Mr. Coviello brought this into the spotlight. And honestly, I didn't know if I was right. But RSA has now collected the hard data to confirm that businesses are actually losing opportunities because they don't have a handle on IT risk. Art went on to say that security not only needs to be a business enabler, but should be transparent to the business, and should act as an accelerator of innovation. It was probably my favorite key note of the week (that honor might have gone to Malcom Gladwell, but having read the book I already knew the punchline to his stories).

I got into an elevator with Art two days later and took the opportunity to tell him that I liked his address. He seemed to have other things on his mind so it wasn't much of a conversation. I might have also told Art that I liked John Thompson's key note as well. And it would've been relevant because in my opinion, Thompson just reiterated the same message that Coviello's RSA has been articulating since I worked there more than a year ago. I agreed with most of what Thompson said and considered it a testament to the leadership of RSA. (and no - I don't own stock and I'm not waiting on any final pay checks - just giving credit where due)

1 comment:

Anonymous said...

In case it is of interest to any of your readers, a full copy of the report that Art Coviello referenced in his RSA Conference speech can be found at http://www.rsa.com/node.aspx?id=3001