Security needs to be a part of innovation


Organisations need to make sure that security teams are true partners in business innovation.

An RSA report from the Security for Business Innovation Council', which included discussions between security officers from JP Morgan, eBay and EMC, said that security involvement would help their organisations achieve better results.

Paul Dorey, ex-chief security officer for BP, was in agreement and added that chief security officers and chief executives needed to be in partnership with each other.

This is an old message, but previously this didn't happen as much as it should have, with information security not being as high on the boardroom agenda as it is now.

"Information security has become important. In the past it didn't impact all businesses to the same extent," Dorey said. "It didn't matter to the top level of the board as much as other things they may be dealing with."

He added: "Now, it has become mission critical and the chief executives may now use the technology themselves and actually may have seen some security impacts personally."

Chief security officers may have come from a technology background rather than a business background, he added.

"They are used to dealing with technology issues, and talking technology, not business," he said.

Security-engaged businesses would make business decisions in a proactive rather than a reactive way, he claimed.

"What this means is that businesses won't wait until there is an incident to rush around a patch problems," Dorey said. "It is always easier and more cost-effective to fix something ahead of time."

Security could also be an enabler, with distributed and cloud computing able to be used in a trustworthy manner.