For years now, we as security practitioners have been perceived as a road block to project timelines and overall efficiency of the business. Many security shops carried around a giant stick and typically said "no" to almost anything that came along. On top of this, we've had such a narrow focus about what we feel is important to "securing the enterprise" that we have been reporting things that have little to no meaning to the decision makers.
We must change this and begin recognizing the real value we add to the business -- that we aid the decision makers in making educated business decisions.
Security teams must make a decision in their current environment. We can stick to outdated methodologies and find ourselves sitting on the curb, or we can redefine how we exist in the business. The first place to start is measuring things that are meaningful and treat security as a business enabler rather than a business expense. "What do I as a security professional worry about?" is not relevant. "What does the business worry about?" is the question that really matters.
Senior management does not care how many spam messages the organization received last month. They don't care how many workstations are missing the latest Microsoft patches, and they certainly don't care that the organization had 23,000 "high" vulnerabilities reported from the VA scanner. They care about the goal of the business, which is usually making money.
However, you can't manage what you don't measure.
The right metrics come from asking the right questions. Questions like, what business are you in? Or are we about efficiency or efficacy?
Read the rest at Enterprise IT Planet.
One of the ways around the issues of security and control that make some businesses wary of cloud computing is to build a private cloud -- one that remains within the corporate firewall and is wholly controlled internally. Private clouds also increase the agility of IT an organization's IT infrastructure and make it easier to roll out new technology projects. Download this eBook to get the facts behind the private cloud and learn how your organization can get started.