Embracing Change: The Key to the Future of Security

Over the last two decades, the security business has evolved at a pace never before seen. We all seem to have more and more of thosedays when NOTHING works as planned.

We wonder why all the standard operating procedures, methods and processes that worked yesterday seem so inadequate today. We find ourselves feeling like Wile E. Coyote after the Roadrunner’s speed has left him in the dust – or falling off a cliff.

Wouldn’t it be great to change things so that those days happen less frequently?

As Ghandi said – that’s entirely our call: “We must be the change we wish to see in the world.”

Let’s take a look at some of the developments in our world in recent years and the changes we need to make in our own businesses if we are to succeed.

According to a report by Goldman Sachs released last spring, over the last decade, BRIC (Brazil, Russia, India and China) have contributed over a third of world’s gross domestic product (GDP). A short 10 years ago, these countries combined represented only a sixth of the world economy. Now, they represent almost a quarter!

This trend is expected to continue. By 2020, experts predict that these countries will represent a third of global economy, and contribute nearly half of the growth of the world’s GDP.

The metrics tell the story: more companies are investing in those economies, thus expanding our own security concerns.

Meanwhile, we remain in an era of tight resources. The resources companies have at their disposal will be invested in critical business strategies and processes; cost centers -- traditional security organizations -- will find additional funding for their own investments harder to come by

Nevertheless, the challenges – and changes – will keep coming; turmoil in the Middle East, a continuing drug war in Mexico and Latin America and the continued wars in Afghanistan and Iraq.

Furthermore, the most feared enemy, Al Qaeda, has morphed from an organization that had a command and control function into splinter groups with a mutual affinity for global jihad. As a result, it is now harder than ever to identify, target and destroy threats. Traditional security issues, like theft and facility protection, are more complicated than ever.

Fortunately, our tools are changing too, spurred on in large part by advances in technology.

We are fast moving into the cloud, where the combined resources of massive computing power can be put in the hands of businesses large and small, and to individuals. And our workforce is ever younger, inhabited by new generations raised in the world of technology and who find new and more effective ways to communicate through social media.

All of this creates even more challenges.

At Microsoft, Global (physical) Security works closely with Information Security as our respective security worlds are inextricably linked. The safety and soundness of each of our spheres of influence depends mightily upon the other.

We work together to enable users to take charge of their own security through education and awareness of security best practices, we are partners in ensuring business continuity, we work together to protect assets that contain secure data, and we actively seek new and better ways to ensure that only authorized people gain access to our network and our facilities.

Yet we must continue to look for new ways to work in collaboration as the world and the technology around us advances.

More broadly, there are more fundamental forces at work that touch us every day and will eventually touch all in the security industry. To keep up with the challenges and serve as successful security leaders, we have two choices: ignore change and cling to the status quo and run the risk of being marginalized and underfunded, or embrace change and revel in the opportunities change presents.

Clearly, there is only one viable choice – embrace change.

Security acumen will always be important both tactically and strategically, but the successful security leader will possess more business knowledge and understand geopolitical and business trends. Security organizations will need to be viewed not only as business protectors, but also as business enablers.

For the last decade, having a seat at the table might have been enough. Now, it is more important to have a “Decision Maker” sitting in that seat.

In short, security organizations will need people well versed in business as opposed to traditional security disciplines in order to add depth to their larger organization. They will need awareness and training of geopolitics and a deep understanding of differing cultures.

We – security professionals and the larger organizations we serve -- must navigate change together.

In summary, there are three realities facing the security leader of tomorrow:

Change is here; embrace it or get left behindin the dust.
Define your value proposition to the enterprise: We make business possible.
Know the world and the trends that shape it: geopolitical, business, demographic, technological.

Remember, to be successful, you must be the change you wish to see in the world.

Mike Howard is General Manager, CSO of Microsoft Global Security, Microsoft Corporation

Editor's note: The ASIS Information Technology Security Council (ITSC), chaired by Shayne P. Bates, CPP, Director - Security Cloud Strategy, LMC Consulting Group - Microsoft Global Security, has taken a proactive pose in addressing some of these challenges and seeming barriers to change. “Quality education and training is one of our primary goals in 2011,” stated Bates, adding, “In addition to a webinar series focused on cyber security and cloud computing, we’ll release several white papers, and deliver programs across the country, including a session at ASIS 2011 in Orlando.”

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.