Security Infrastructure: More Than Managing Risk
Some of the most severe data breaches in recent history have compromised as many as 500,000 email accounts. In 2010, according to The New York Times, multiple technology companies were hit by a cyberattack that saw consequences of this size.
These companies are wise enough to make investments in security infrastructure — hiring a new chief information security officer (CISO) or investing in encryption technology, for example — but they may still need extra guidance when these security executives pursue new security measures. It’s tempting to focus spend on updating the design of mobile, email and related web properties, or developing new products to generate revenue for the company, especially if the company doesn’t have a history of high risk.
Nonetheless, security breaches pose an ongoing risk to businesses, and they don’t come home to roost at convenient times.
Security Infrastructure and Competitive Advantage
Security, convenience and privacy are a constant balancing act for both consumers and employees. According to The New York Times, some executives of the firms affected in 2010 chose not to invest in common security infrastructure tools and processes, like end-to-end encryption, because it meant no longer being able to mine search and messaging data to deliver new services and improve existing products. Not feeling vulnerable can go as far as to discourage enterprise email providers from instituting universal safeguards, such as automatically resetting email user passwords after a certain period of time, especially if they fear requiring users to reset passwords would drive them to other platforms.
Yet ensuring security can also be a competitive differentiator for many companies, according Malcolm Marshall, global head of cyber security for KPMG. “The most innovative companies have recognized that cyber security is a customer experience and revenue opportunity, not just a risk that needs to be managed or a line item in the budget,” Marshall said. “They are finding ways to turn cyber preparedness into a competitive advantage.”
Lance Hayden, managing director at Berkeley Research Group, sees cybersecurity as a “strategic intangible.” As with talent management or innovation cultivation, it’s tough to numerically measure the ROI of effective security infrastructure, but it’s impossible to deny its importance. “Boards that get ahead of that curve and figure out how to leverage it as an asset are going to see themselves…pulling ahead of their competitors, because they’re going to use cybersecurity as part of their portfolio of strategic assets,” Hayden told BankInfoSecurity. “Other folks will struggle just to keep those operational fires burning and [not know] how to turn it into something of more value.”
It’s Not Just About Keeping People Out
Despite fears surrounding the security of big public clouds, these environments may hold the key to merging security with boosting business. Strategy+Business suggests merging security (keeping bad actors out) with collecting data about how customers behave on a company website — letting customers in.
Public clouds provide low-cost resources for extensive security monitoring and analytics, which can help companies detect attackers in action and shut down unauthorized configuration changes. At the same time, they can apply monitoring to understand customer behavior, fine-tune conversion paths and develop predictive models for shopping and similar activity.
The key insight to remember is to centralize tracking within the public cloud, not only for security, but also for customers, suppliers and others who need to access company data. Cloud infrastructure can respond to analytic inputs, improving architecture, performance and security over time.
Finding an Edge
Thought leadership about how to link security infrastructure to competitive advantage is in its earliest stages, but businesses can create synergy by combining risk management, innovation and customer satisfaction. One thing’s for sure: If companies ignore security, it could come back to haunt them.