Security pros need to adopt a different approach, to become security guides or risk consultants. This requires helping leaders throughout the business to create and enforce security procedures. Consider the following:
Assign owners. Business managers must be encouraged to take ownership of the data that is vital to their area of the business.
Match the owner with the risk. The level of the manager who makes security decisions should be commensurate with the associated risk.
Define risk. Security pros should help data owners understand the security risks associated with their area of the business.
Talk their language. Security pros should speak in terms that are relevant to managers: profit/loss, corporate image, employee productivity.
Develop a roadmap. Long-term data security requires an end goal and a way to measure progress.
Maintain a risk-based, defense-in-depth approach. Layering on additional security solutions that target specific classes of threats makes it much more difficult to breach the security of that organization.
If security pros combine their requisite IT know-how with these new approaches, they can help drive business success, not simply provide course corrections along the way.