Stay secure, stay innovative
Most enterprises simply do not have a handle on what applications are running within their networks. Thus the first step I would recommend to take in order to bridge the security gap between IT and the business is to understand what users are already doing.
Companies can do this by running a business risk assessment based on the analysis of application traffic traversing the network, taking into account the different types of applications, how they are being used and the relative security risk.
By looking at the associated risks along with how the applications are being used, IT administrators can get a clear understanding of what applications employees are using on the network in a clear and non-technical format.
Doing this will not only highlight any existing risk but also determine where to start a conversation about what unauthorised applications are in fact necessary and even needed by the business.
This leads to a much more productive security policy discussion and administrators making more informed decisions on how consumer applications can be brought back under the governance of IT and implemented in a safe and effective manner.
Productive network security
The emphasis of this conversation changes the tone from a debate with a "yes" or more likely a "no" outcome to a collaboration that allows employees to maximise the benefit of these applications while ensuring overall security.
Rather than opening the security's discussion with a "no," taking this approach demonstrates to the business that IT is there to enable innovation and assist, not simply be a roadblock. While pointing out the risks is important, demonstrating the willingness and ability to understand the requirements of the business and then safely enable innovation will make IT the leader in security that employees are willing to follow.
Sharat Sinha is Vice President, Asia Pacific, of Palo Alto Networks.
Sign up for Computerworld eNewsletters.