Secure Value
Consideration for protecting company information in all business decisions builds and protects value.
Information security protects and builds value for businesses of all sizes. Yet, executives, entrepreneurs and business leaders who make business decisions about the information in their business do not have the tools to include information security into their decision making. This blog will detail information security topics at an executive level to assist business leaders, executives and entreprenuers in making decisions that build value.
As an entrepreneur I understand how critical trust is to success. People aren’t going to do business with organization’s they don’t trust. As president of an information security solution provider, Jacadis (www.jacadis.com), Columbus, Ohio, I work with business leaders and executives nervous that their company's critical data might be exposed and who are scared they are not compliant with the layers of government rules and regulations. Taking it one step further they should concern themselves with building a trustable business. Most executives and entrepreneurs don’t have enough working knowledge of information security to include it planning. The field is highly technical filled with jargon, complicated technologies, rules and regulations all supported by an alphabet soup of acronyms. And so great business ideas get built and launched with little to no practical information security protections. Value is limited or exposed. We don't build buildings without locks. Decisions about how we collect, store, process and protect data impact customer trust. Yet, we do build technology solutions, information driven processes and innovative products without "locks". Why? Is trust important in your business? Do you extend a trustable network to your customers? Do you have the tools to answer?
The reason why technology solutions are built without "locks" is simple... most folks don't understand it or see the value in taking the time to understand it.
As for trust in my business, it is everything.
Posted by: Bryan Driscoll | 06/26/2009 at 09:07 AM
Doug,
Your comments hit home with me mostly because my job relates to data and information security and I've found that many senior stakeholders are unaware of the risks they allow their companies to take and how to close those gaps. Your point about not doing business with companies they don't trust also hit home. I get a number of newsletters relating to information security and have stopped using vendors (of mine) when I find they have had data breaches or any other flaw in their information protection. Furthermore, I recently switched to a vendor that put us though an intense and structured security audit because they earned my trust through that experience. Security was clearly driven from the top and part of their culture.
Posted by: Jeff Buell | 06/26/2009 at 02:11 PM
To Bryan:
We've met prospects in the past year who have lost tremeendous value, in one case a start up closed its doors, because security wasn't considered in business planning. After an incident the recovery costs were too high to continue.
We have a number of clients who have implemented stronger information security, have no qualms about marketing their effort as an advantage and actually have measured sales gains because of the investment.
As this blog develops we'll discuss how there are winners and losers including details of the two stories above... firms that post value gains because of information security investments and firms that post losses (or die) because information security wasn't considered adequately. We want to simplify the discussion at a level where business and technical security can engage on securing value.
To Jeff:
Do some of your deals hinge or how well your firm secures its processes that expose your customer? How do your customers communicate that concern? Do you know what to listen for? Does your management?
Posted by: Douglas Davidson | 06/26/2009 at 03:03 PM
Doug,
Yes, our deals almost always hinge on our security policies and our ability to safeguard their data. We will walk away from RFP's that do not have requirements relating to information security unless we can engage in strategic discussions to help them understand the need for it. We walked away from an RFP for Northrop Grumman and a recent PBS expose (http://www.pbs.org/frontlineworld/stories/ghana804/video/video_index.html ) suggests they paid a price for failing to appreciate the need for information security as a factor in their evaluation.
I've been well trained on what to look for and communicate relating to security simply because it's a core differentiator for my employer and I've been through security audits initiated by clients. I'm rather surprised, though, at how many of my prospects that don't place security as a top priority. (or don't have any security related standards when selecting a vendor)
Posted by: Jeff Buell | 07/09/2009 at 11:39 AM
You speak to why I started blogging about Secure Value. I want to promote a conversaston focused on the business level information security needs of entrepreneurs, emerging small businesses in start up and growth phases and others in positions that require secure value in their technical implementations.
In 8 years with Jacadis, we've encountered:
1. Small businesses that have closed their doors after discovering that the cost of recovering from a computer break in was too great.
2. Businesses that have been distracted, slowed down or damaged as they have to divert investments to recover from an information theft.
3 Businesses attempting to sell products and services to larger companies who are hampered by the bigger company's expectations of security.
4 Businesses attempting to sell products and services to larger companies who have created a competitive advantage and won deals because they could assure the bigger firms they were good stewards.
The losers in this game didn’t have to lose.
My aim is to give non-technical business people --- entrepreneurs, investors, executives, top level managers -- a non-technical introduction to information security so they can properly consider how to apply it intentionally to their businesses.
This isn’t a site for geeks. There are great blogs about viruses, hackers, vulnerabilities, new technologies, old technologies, privacy and the like. There is not much conversation of any sort that speaks to information security as a business discipline or information security as a business requirement.
I appreciate your perspective. And desire to see more business people like yourself add to the conversation.
As you continue to stay connected:
Would you mind exploring what has been shared already, commenting as you feel fit?
Am I on target? Feel free to course correct me.
What else needs to be added to the conversation?
Thanks for your time and support!
Doug
Posted by: Doug Davidson | 07/10/2009 at 04:20 PM