Considered by many as "the department that says 'no'", it is evident that customers and partners need to better engage with security teams. The key to this is to think like a security expert and you'll be far more likely to make headway with them, rather than receiving push back from those trying to manage the risk to the business.
The challenge for security teams is that they are battling on a number of fronts. With application proliferation, they need to work with multiple vendors in order to protect on all fronts. The cloud has increased the number of environments which need to be managed, while internal users also make mistakes and don't always follow the agreed protocols. Set against this backdrop are the challenges of ensuring the business has measures in place to protects data and applications between them and the user, on a session by session basis. This increased complexity, and often cost, can lead to a tricky environment when you approach the team asking for another application or tool to be delivered to the business or customers, securely.
It's important to stress and to always remember that everyone's in it together. Information security is, of course, a common concern for companies across the globe; and the most effective way of keeping ahead of those trying to do harm is to collaborate. With new threats appearing on a daily basis, regulations changing at an increased pace and billions of new devices coming online, it's no wonder that the security team has often developed a cautious tone - one which the wider business can interpret as a 'no' mentality. So how can we get past this and ensure that the business has access to the right tools at the right time and ensure that productivity is balanced with security?
One piece of advice is putting yourself in the security expert's shoes. By getting to know them and understanding whether their number one focus is on the network, applications, data or infrastructure, you'll be equipped to kick off the conversation in a way which will engage them effectively.
But it's not just down to the wider business to engage with the security team more effectively. Security personnel should also ensure that they use facts, not fear, when outlining policies to the wider business. Yes, security tools and their deployment can be complex, but businesses also want to be able to innovate, without security holding them up. By meeting in the middle, both security teams and the wider business can stay on the same page and ensure the best possible outcome for all. So in conclusion, the key is to "collaborate, collaborate, collaborate" both within organisations and across businesses and industries.