Security 500 conference     

 Don’t miss the networking event of the year for security executives!
Register today for the Security 500 Conference.

Cyber Security News

How IT is Evolving from Controlling to Enabling

IT and Security Play Catch-Up with the Latest Technology and Requirements

Like a lot of CIOs, my world is changing quickly. You don’t have to look further than the ubiquity of Software-as-a-Service to appreciate just how fundamental these changes actually are. With the ability to access applications using nothing more than a Web browser, lines of business are starting to drive their own technology agendas. While this may be good for business, the big challenge for IT is they’re often the last to know.

The cloud is affecting more than just how applications and computing muscle are delivered to organizations. Easily the biggest change in my mind is in the realm of expectation. These days what end-users care about and – more importantly – expect is access: to applications, pictures, video – anywhere, anytime and on any device. And they no longer require IT’s help to get what they want.

Delivering value at a time when anyone with a browser can ‘deploy’ the next great piece of software is complex. Adopting new tools and processes is only part of the solution. To stay relevant, IT workers require different skills, and in many ways, a different mindset.

The illusion of control

One of the biggest shifts for me was appreciating that my role is no longer about controlling and managing a collection of infrastructure. More and more it’s about enabling applications. The challenge is the lines between applications can blur rather quickly. That has significant implications for the management processes required to support them.

Classifying software used to be easy because things were so static: First, we have what I call ‘mission critical’ applications like our ERP system, which are highly customized and have a heavy workload. These are tightly managed by IT. Second, we have ‘core’ applications like email. These may not define a company they way an ERP system does, but the business still looks to IT to ensure high levels of security and reliability. Lastly, we have ‘non-core’ applications that are used by one department, or perhaps infrequently by the whole company. This is the realm of SaaS and an area in which we historically invested little time, because IT had never been required to provide much support.

A changing dynamic

Here’s the rub: as SaaS applications proliferate, what starts as a ‘non-core’ application can quickly become ‘core.’ About 18 months ago, one of our marketing managers signed his team up to Yammer (essentially Twitter for the corporate world). As the CIO, this barely registered. Fast-forward three months, and we had over 400 employees using it, including our CEO, who had taken to ‘yamming’ our corporate strategy.

A closer look at our environment revealed we didn’t just have a few SaaS applications, either. We had dozens. We also had very little knowledge about the purpose of these applications. Who was using them? Who controlled access? How did we know we were getting value from these investments?

Becoming enablers

One of the first steps we took was creating a SaaS management system that centralizes procurement, end-user provisioning, reporting and support. But when the core issue is behavior, even the most comprehensive platform is at best a partial solution, especially when users can choose to go around it. The real challenge is making the business feel like it’s in their interest to work with IT on technology decisions. That starts with thinking about the role IT wants to create for itself.

With the cloud and the consumerization of technology, attempting to exert control is looking more and more like a losing proposition – not just in keeping IT relevant, but because it risks squelching business innovation. Instead, IT has to focus on becoming a partner – one committed to supporting the needs and expectations of a growing number of stakeholders. That requires a new level of engagement with the organization. Change management, communications and even marketing new innovations within the organization are a big part of this. Above all, it means using these skill sets to strike a balance between enabling the convenience and flexibility that SaaS provides, with the governance and support businesses need now more than ever.                                                               

Did you enjoy this article? Click here to subscribe to Security Magazine. 

You must login or register in order to post a comment.



Image Galleries

ASIS 2013 Product Preview

ASIS International 59th Annual Seminar and Exhibits, September 24-27 in Chicago, Illinois, will include an exhibit hall packed with innovative security solutions. Here are some of the products that will be shown at ASIS this year.


Virtualization and Data Center Security: What You Need to Know for 2014

Data centers are increasingly becoming the center of the enterprise, and data center and cyber security is following the same path for security departments. According to Justin Flynn, a consultant at the Burwood Group, the virtualization of data centers allows enterprises to scale more easily and faster, with a smaller footprint.

However, hosting enterprise data in the cloud can make intrusion detection more difficult – how can enterprise security leaders team up with other departments to keep aware of cyber risks and traffic, and physical and data compliance during the virtual transition? How can CISOs and CSOs discuss cyber threats with the C-Suite to get the resources they need? And how can the proper infrastructure test and verify possible malicious attacks? 

More Podcasts

Security Magazine

Security Magazine 2014 September cover

2014 October

Security takes a look at safety and preparedness for the harshest of weather phenomena in this October 2014 edition of the magazine. Also, we investigate supply chain security and the many benefits of PSIM. 

Table Of Contents Subscribe

Travel & the Ebola Risk

Are you and your enterprise restricting travel due to Ebola risks?
View Results Poll Archive


CompTIA Security+ Certification Study Guide
CompTIA's Security+ certification is a globally-recognized, vendor neutral exam that has helped over 60,000 IT professionals reach further and higher in their careers. The current Security+ exam (SY0-201) focuses more on being able to deal with security issues rather than just identifying them.
More Products

Clear Seas Research

Clear Seas ResearchWith access to over one million professionals and more than 60 industry-specific publications,Clear Seas Research offers relevant insights from those who know your industry best. Let us customize a market research solution that exceeds your marketing goals.


Facebook 40px 2-12-13 Twitter logo 40px 2-12-13  YouTube  LinkedIn logo 40px 2-12-13Google+

Vertical Sector Focus: Critical Infrastructures

criticalhomepagethumbFrom terrorism to vandalism, it’s preparedness, response, training and partnerships. Learn about some of the critical security issues facing this sector.

Visit the Critical Infrastructure page to read more.