The CFO: IT Security Team's Key Player
A key player in securing IT is the chief financial officer. It makes sense, of course. IT security costs money.
But IT security isn't just an expense. It's a business enabler. Today, any organization of consequence of any size - be it a government, bank or hospital - cannot survive without its IT systems and networks functioning properly and securely.
It's a point made in an interview by Phyllis Schneck, chief technology officer/public sector for the IT security provider McAfee :
"Typically, you want your security budget to be strong enough to support your investment that will enable you and sustain you to build a resilient infrastructure forward. And, sometimes those budgets are just low enough they can't afford to buy what they really need, and just high enough they have to go buy something, so if companies invest in what I call mediocre security infrastructure, they'll have to keep spending that money over and over every year."
The alternative is to develop a team consisting of the CFO, chief information and chief information security officers and the business managers who own the systems who together can - must - build a business case for an IT security spending plan.
No doubt, Schneck would want government agencies, businesses and not-for-profits to invest in McAfee products rather than piecemeal a middling solution. But the underlying point taken from Schneck's observation is that the amount of money a company invests in IT security must be placed in the broader context of the enterprise's well-being. IT security isn't an add on; it's strategic. And, it's crucial to get CFOs, CIOs and CISOs and the business-side users of IT engaged with one another, especially in a world where others seek to do harm. As Schneck says:
"Communications is very important because security has to be a business enabler at the same time we fight this giant adversary."
The interview with Schneck is the first of a continuing series of conversation we'll have in the coming months with CTOs and research and development executives of leading IT and IT security providers.