Skip to content

The Circus Act of Balancing Business Optimization & Security Risk Mitigation

by Bob Giguere | December 13, 2024

Illustration by GCA showing a diagonal column of blue boxes in varying sizes and shades.

Juggling security risk mitigation and optimization

As an information technology leader, your job is equal parts of security risk mitigation and circus juggler. Not only is it your job to mitigate the ever-present threat of a data breach, but you’re also responsible for managing continuously evolving risk and the explosion of users, applications, and data. In case that wasn’t enough, add to your plate the business expectation to maintain efficiencies that optimize your competitive advantage while simultaneously ensuring an exceptional end-user experience. Now that’s some acrobatics that not even Barnum & Bailey would touch. So how do you balance business optimization and risk mitigation?

To answer this question, there must first be an understanding of the problem areas in your environment that could hinder your goals in both areas. On the risk mitigation side, one of the number one threats to an organization is quite simple: people. While employees are an organization’s greatest asset, they are also the greatest risk. And despite basic security knowledge being commonplace, there is a surprising trend towards standard security habits not only remaining consistent but, in some cases, worsening. Take for example passwords. In 2018, it was reported that organizations faced a 19% increase in poor password etiquette from their employees which includes:

  • Re-using passwords across multiple accounts
  • Utilizing the same passwords in both personal and work accounts
  • Lack of communication to the IT department if a user felt like their password or account had been compromised
  • How IT transformation helps with security risk mitigation

If this sounds like jumping through flaming hoops with a blindfold, you’re right. While security risk mitigation training and enablement is becoming more commonplace in organizations, the execution of these habits are not always realized and companies are struggling to maintain even basic security habits amongst increasingly sophisticated attacks. Meanwhile, hacked user credentials remain the primary method of data breaches. Adding fuel to the flame is the fact that many users would be reluctant to notify their IT department, likely a contributing factor to the 197 days it takes on average for an organization to discover a data breach. Establishing good security habits across your most widespread assets, your users lays the foundation for the ability to optimize business performance through IT transformation.

Amidst the ominous presence of security threats is the business-driven need to create digital transformation in order to maintain relevance and a competitive advantage in the evolving marketplace. Organizations are turning to information security leaders to drive contributing efficiencies and ensure that breaches are avoided to preserve a brand image. One of the largest driving agents behind these changes is the rapid shift to cloud technology. While cloud solution has provided a flexible and collaborative way for users to work across the environment, it also exposes the company to a variety of compliance and security risks. It’s a delicate walk across the tight rope balancing overly strict security policies that limit employee access to systems versus too lax of policies leaving data at risk of breaches and/or noncompliance. While it’s safe to assume that most companies should fall towards the middle with their security posture, the first hurdle to overcome is the fact that most employees are still demonstrating poor security hygiene. So how does a leader sufficiently enable its organization while overcoming the daunting challenges associated with keeping information secure?

The big picture when it comes to security risk mitigation

When building a house, engineers don’t start by building the walls or installing the appliances – there must first be a strong foundation laid. It can be easy to get consumed into the ‘big picture’ of what an organization is trying to accomplish in regards to their security posture and operational business efficiencies, but if the basics are overlooked, then the organization is still left with exposures. Let’s start with the human factor: recent years of market research have proven that, despite our best efforts to invest in security education, employees are still practicing poor habits. While we can’t make a human user demonstrate good habits, we can implement technologies that combat their tendencies and limit the fallout of their poor cyber hygiene – making sure to choose a solution that also avoids adding tedious extra processes and policies for the user. Once the groundwork is laid to protect basic, internal security processes using automated technologies, IT leaders can begin establishing the framework of a competitive and disruptive organization. One of the quickest ways to establish this forward-thinking standard is via the cloud. Cloud allows organizations to harness the power of speed and convenience – enabling rapid growth and optimal efficiencies while maintaining stringent compliance standards. Coupled with innovating new technologies like Identity & Access Management tools and conditional access (i.e. Zero Trust), an organization can get the best of both worlds in terms of Business Optimization and Risk Mitigation. What’s more, cloud services from Microsoft or Amazon make it incredibly easy to tack on additional services for nominal fees that nearly instantly empower you to accomplish total privileged admin management, Encryption Key Management, SSH Certification Management, and more. For the first time in history, you have the ability to make your organization’s IT environment wholly unrecognizable (in a good way) almost overnight!

In summary, whether your organization is just starting out or has been conducting business for decades, technological advancements have created a significant opportunity for you to evolve your IT environment tremendously in a short amount of time without sacrificing your entire budget and resources. By harnessing the power of these advancements and targeting the less exhaustive projects, you’ll be surprised with how quickly your organization can evolve far ahead of your industry competitors.