Fall Conference: Tech Managers Struggle To Show Value Of Security
Convincing companies to invest in security is easier after last Sept. 11, but still takes work.
Last year's terrorist attacks made information-security issues a hot topic. But IT managers still struggle with the dilemma of how to make less tech-savvy company officers understand the demands of solid security and how to convince them to make the proper investments. A panel of tech professionals wrestled with solutions to that problem Tuesday at the InformationWeek fall conference in Tucson, Ariz., in a session titled "Smart Investing for a Solid Security Initiative."
The good news is that IT managers don't have as tough a task as they used to. If last year's events served as a wake-up call for business-security vulnerabilities, it also made it that much easier to ask company executives to invest in a solution. "I can say that it probably scared people enough that it's not a sell job," said Karlin Bohnert, chief technology officer at energy company PacifiCorp.
Financial-services company ABN Amro North America kicked its security efforts into high gear after the Nimda and Code Red viruses ran their course, senior VP and chief information security officer Sharon O'Bryan said. Her position was created following those infestations, and she has direct access to the board of directors, so it's easier for her to make a direct business case and promote security, she said.
Nonetheless, many IT execs still face an uphill battle convincing their bosses to invest properly in security, since the returns are largely hypothetical. "You're not going to get the ROI of the classic IT investment; it's a different business case," Bohnert said. Instead, managers need to find real-world examples of companies that weren't secure and got burned, helping execs understand that their return on investment is avoiding that unpleasant scenario. "You cannot sit there and say, 'it's a defensive posture,'" she said. "You have to say, 'here's what could happen to us.'"
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.