How to Achieve and Sustain Secure Agility

The long-term success if a business depends on its agility – the ability to sense and adapt to changes within the industry in order to stay competitive. The same can be said for your IT operation, but it’s not as daunting as it sounds.

Start at the bottom—and at the top

An agile enterprise requires agile, user-centered, comprehensive, integrated security. If security at your enterprise isn’t already all of those things, start making it all of those things.

For most of you, that effort can and should begin with patching your key applications, operating systems, client systems, and servers more consistently and regularly than you are now. As you and your colleagues get patch management sorted, you should be looking for other opportunities to establish, improve, and extend security policies, practices, and technologies that improve agility across the enterprise.

As you and your colleagues get patch management sorted, you should be looking for other opportunities to establish, improve, and extend security policies, practices, and technologies that improve agility across the enterprise.

Secure agility can be built from the ground up, but the will and commitment to become and remain securely agile must come from enterprise leadership. That means executives, IT, security, and business unit leaders must be visibly and demonstrably behind security- and agility-enhancing initiatives.

Walk the talk

Declared commitments to secure agility must extend beyond platitudes and media quotes. Every strategic plan, every set of operational practices and principles, and every solution chosen for deployment must reflect and support that commitment for it to mean anything to your enterprise. This means that every such resource must incorporate processes for regular review and the opportunity for revision in response to corporate, marketplace, or regulatory changes.

Every strategic plan, every set of operational practices and principles, and every solution chosen for deployment must reflect and support that commitment for it to mean anything to your enterprise.

This means that every such resource must incorporate processes for regular review and the opportunity for revision in response to corporate, marketplace, or regulatory changes.

Build it in

Every process and control upon which your enterprise’s competitiveness depends must incorporate security- and agility-enhancing elements.

This means those processes and controls must be driven by and measured against your enterprise’s performance requirements and goals. They must also incorporate specific features for integration with and support of efforts to achieve and sustain user-centered security.

Controls and processes that do not include these characteristics will likely contribute little to your organization’s agility, and might even impede it. (This means all controls and processes must be reviewed and tested regularly and designed to be easily modified or retired as changes demand.)

Show your work

It’s not enough to preach the gospel of secure agility. It’s not even enough to achieve a sustainable level of secure agility. For your efforts to have maximum business value, you must show and tell all of your most important stakeholders the details of those efforts and their effects. This means that consolidated, integrated, timely, business-driven reporting of all things related to security and agility should be a critical element of your secure agility efforts.

Be securely agile everywhere

Pursuit of secure agility may begin in one or more departments or business units, but for maximum business benefit, it must be pervasive.

For many enterprises, the best way to make this happen is to start with IT. IT powers most of the services that run an enterprise’s business and is already focused on (if not preoccupied with) security. Secure agility initiatives that prove successful within IT can therefore likely be incorporated into the delivery and management of other business services.

This means that a single, integrated, process-driven platform for service management and security management can be a powerful enabler of enterprise agility.

Secure agility is an operational and competitive requirement for every successful enterprise. By taking concrete steps toward inculcating a culture that is focused on user-centered security and enterprise agility, you can accelerate your enterprise’s journey to true, sustainable, secure agility.

If you choose or are forced to remain focused on reactive firefighting as an operational approach to security, neither secure agility nor your career are likely to advance much further at your enterprise.

Moving to a proactive, holistic approach to user-centered security and enterprise agility, however, will have salutary effects on your enterprise and your career.