What We Put At Stake

Murali Krishna K.

Murali Krishna K.

SVP & Group Head CCD, Infosys

Murali Krishna K. is SVP & Group Head CCD at Infosys.

Typically, in the  rush to innovate, many IT teams fail to acknowledge the existence of advanced security threats, even when  these are actually closer than they appear. In response, there is a growing movement among IT security leaders to make security a partner at the innovation table.

Here's the problem: The work profiles of each component of a CIO's team—be it a programmer or an architect—is restricted to a limited view of systems and individual building blocks. This phenomenon coupled with project deadlines and urgent business requirements tend to drive innovation-driven folk to a path of least due-diligence. The approach is: Get it to work! And over time—as long as things work—controls and the security agenda are pushed further back—and sometime become optional.

This approach needs to change if we are going to defend our organizations against increasingly sophisticated attacks from a maturing hacking community. While members of our teams are possibly ignoring infrequent 'border-line' cases, somewhere hacker is busy crafting new ways to exploit our data using multi-dimensional avenues.

The question is: Should CIOs allow their teams to forgo embedding security into new projects for the sake of innovation?

"CIOs need to partner early with the business and help it succeed in an increasingly risky world by shepherding innovation and grooming security effectiveness."

The answer is, IT leaders who are serious about aligning security with the business need to be strong advocates for making security an integral part of business innovation. And it's a tough balancing act! But IT leaders must step-up guidance on the quality of decisions, point out the consequences of people's decisions, and sensitize business owners to the threats out there, to residual risks, to the desired level of controls.

IT needs to bridge and build perspectives, demystify the competitiveness of the choices that are being made, provide guidance on the cost of mitigation, drive process-maturity and highlight possible issues that could affect brand-reputation. The trick is to do this with the finest mastery, weighing internal and external perspectives, and creating alternatives and workarounds.

CIOs need to partner early with the business and help it succeed in an increasingly risky world by shepherding innovation and grooming security effectiveness.

latest mentor columns

IT, the Long Standing Ally of Business

I don’t believe that monetary benefits are a great way to motivate or retain employees, or improve employee productivity and satisfaction.

Beware: Change Ahead

During hard times, old ways of working wont cut it. CIOs need to prepare themselves and their companies to embrace change.

Put Users On the Center Stage

One of the reasons users move up the IT maturity scale slowly is because systems aren’t built—enough—with them in mind.

View all mentor columns
FROM THE NETWORK OF OUR SITES
Follow CIO.in