Strategies for Driving Business Advantage in an Economic Crisis
Recent events have challenged businesses to prepare and manage previously unthinkable situations that may threaten an organization’s future. A sound company should be able to manage and survive the crisis and take all appropriate actions to help ensure the organization’s continued viability.
RSA, The Security Division of EMC released, in conjunction with the Security for Business Innovation Council, the results of their third report, ” Driving Fast and Forward: Managing Information Security for Strategic Advantage in a Tough Economy” In this report, top security leaders from around the globe examine the information security challenges created by the current economic crisis, and offer concrete strategies for achieving more with less in 2009.
While the economy is in a downturn, the demands on security programs are escalating. Budgetary and staffing pressures coupled with heightened regulatory requirements, escalating threats and high senior leadership expectations continue to drive up the business stakes on security. In this climate, security teams are facing hard decisions about where to invest their time, money and efforts.
“Driving Fast and Forward: Managing Information Security for Strategic Advantage in a Tough Economy” provides five timely recommendations for managing security programs for business success in 2009:
1. Prioritize Based on Risk/Reward: The Security for Business Innovation Council members call on security professionals to sharpen their ability to make tough judgment calls based on risk.
2. Have the Right Mix of People on Your Team: In lean times, all security team members must have “the right stuff” They should be able to partner with business owners, offer alternative solutions and speak to issues beyond security. In this report, Council members offer detailed advice for managing human resources, using consultants and extending teams through decentralization.
3. Build Repeatable Processes: In most organizations, there are many opportunities to rationalize processes and achieve economies of scale. Council members recommend that security leaders improve efficiencies by applying traditional operational metrics to their security programs. They recommend working to embed security into core business processes to increase organizational productivity and drive down standalone security costs.
4. Create an Optimal Shared Cost Strategy: Costs for security are often shared between the centralized security organization and the various business units and departments that need to protect information assets. While the formula varies from one enterprise to the next, Council members offer insight on how to ensure spending matches objectives and needs.
5. Automate and Outsource Wisely: Using technology to automate manual processes and outsourcing some security functions may provide significant efficiencies and cost reductions, but it’s important to plan and manage these efforts carefully to maximize benefits. Council members share guidance on how to proceed for optimum business impact.
It is always a good procedure to have a plan to identify significant threats to normal operation, and plan mitigation strategies to ensure effective and efficient organizational response to the challenges that surface during and after a crisis.