A few years back, I was the party pooper when it came to anything wireless. I had lots of examples, plenty of security articles, and even a few three-letter agencies in Washington D.C. to back me up. I would easily win the technical debates at key meetings. Over time, people started going around our security office. My intelligence network reported that we weren't being invited to key meetings.
The hard part was learning how I was being viewed by the business. After a few tough lunch discussions, it became clear that security was seen as "stifling innovation." Initially, I was defensive. What about all the times we saved the enterprise from viruses, worms and hackers? Whether it was true or not, I knew perception was reality. We needed a different approach.
Looking back, I realize that I not only won the battle, but lost the war. I was actually fighting for the wrong side. Mobile computing is everywhere and growing. I had backed the wrong horse. Now, I'm for secure wireless. The debate on mobile computing may be over, but there are always plenty of new projects that cross our desks.
So how can we say yes and still maintain our integrity (not to mention sensitive information and legal compliance) at the same time? The first step is the most humbling — recognize the problem and the need for a new approach. Believe me, there are plenty of business-side colleagues willing to provide personal advice on this topic. Do lunch.
Second, ask how others in the Fortune 500 or similar size companies are implementing (whatever it is) securely. Find examples of success and copy solutions that work.
Third, get involved much earlier in technical discussions and processes. Build security into all phases of project lifecycles, but focus on enabling not disabling.
I'm still learning to say yes. I'm constantly reminding myself that we can't help if we're not at the table. The implications are vast, and the resistance from security staff often gets complicated. Still, it's worth the effort to resist saying no. Business executives are watching.