I was looking at a Horses for Sources blog post titled: It’s a miracle we’re yet to see any BPO/ITO security disasters that focused on the effect of having the Chief Security Officer show up at an outsourcing meeting and it got me wondering why the security officer would be viewed as such an innovation barrier.
The constraints of security could actually provide the framework to focus innovation. There is no doubt that security is a business expectation. It should not be a choice between having security and having innovative solutions, it is about having both. For example a well-designed single sign-on solution improves the security as well as the ease of use. Standards like security allow organization to focus their creativity.
Sure the security requirements may be viewed as “onerous” but it takes effort for everyone to work together and develop common goals and reaching an understanding of that “third right answer” that no one could have come up with on their own.
The post points out quite effectively that security can’t be bolted on but must be built in. If there is anything we learned from the 1990s, it is that perimeter based security just doesn’t work. As outsourcing and cloud contracts are written, the security needs of the enterprise need to be thought out and documented – not ignored.