Why Data Security is a One Size Fits All Organization Strategy
Efforts to secure data suffer from roller-coaster attention cycles. When a big new data breach hits the news executive team members act to avoid being the next news story by declaring data security as a top priority or some such act. Then the news dies down and data security slips. Then budgets tighten and data security slips again. Finally, rounding out the cycle, the next bigger data breach hits the news, and the cycle starts all over again. This is operational data security management at its finest. However, data security is strategic, period, no matter the size of your organization.
To avoid a roller-coaster data breach cycle, your executives need to know and be comfortable with the knowledge that most data breaches happen where security is a bolt-on operational afterthought rather than part of organization strategy. Elevating data security to the strategic component level, and keeping it there, requires more than headline news about data breaches at other organizations, especially given the frequency of those stories today. I would speculate that a breach the size and scope of the ever-famous Target data breach of 2013 would barely make the news today because we have become accustomed to that level of data breach.
Building data security into your organization strategy allows your executives to skip the data breach headlines, because they know your organization is covered. Data security as a strategy allows your executives to focus on the future by removing the fear of being sucked into the past because they ignored security. This is important no matter your organization size or scale. It is urgent if your organization is small or medium sized because as you grow the data security foundation you create today must support your strategic vision of tomorrow.
So how do you add data security to your organization’s strategic vision? There are as many answers to the question as there are organizations. Each organization’s culture, funding, customer base, product offering, etc. will refine the two approaches I suggest here.
Two Data Security Approaches
First – it’s about the customers.
If you collect any customer data, losing that data will create an immediate and meaningful negative impact on revenue from the minute your data loss hits the news. If your organization cannot afford to lose six to 12 months of revenue while you rebuild your reputation and acquire new customers, data security must be a strategic component.
Second – it’s about the dollars.
As an IT leader trying to convince others that data security is strategic, you must walk the talk. In other words, you must demonstrate the strategic value of data security by moving it to the top line in your annual budget. After all, if data security is not top of the list for you, why should it be for anyone else? Combining customer loss with your financial commitment demonstrates the shift from operational thinking toward strategic thinking. Moreover, this combination of actions also shows ownership of the need, removes any “do as I say, not as I do” mindset, and creates a path for executives to follow rather than trying to find their own path or worse, paths.
Combining knowledge, customer loss of trust as well as revenue, and your commitment to security first, supports the data security move from an operational bolt-on into an organizational strategy. Notice this path does not include generating fear for your executives, threats of imminent doom, or other end-of-the-world thinking. That is not strategy. To make data security a part of your organization’s strategy, you will find more success by focusing on the positive outcomes such as retaining customer trust, and the comfort that your executives will not be sucked into the past by the next bigger data breach news story.
If you’re looking for IT solutions or help with your data security, contact iT1 today to learn more about our infrastructure optimization, cybersecurity, and Cloud services.
Dr. Mike Lewis serves as Chief Information Officer, EVP of Informatics, Security & Technology for Trillium Health Resources, a managed-care organization serving more than 350,000 members in North Carolina. He earned his Doctor of Management degree from George Fox University and is a former MBA adjunct professor at Maryhurst University. Mike has worked in the IT field for more than 25 years with stints at IBM, Merisel, and Dell.
<< Back to Resources