Winning over the hearts and minds of employees is pivotal in the battle for information security.  They can be the greatest threat or the most powerful asset in the fight to keep a company's business secure.   A recent report from Webroot, showed promising attitude changes of employees for security.  Ninety-five percent of those surveyed agree that compliance with company security policies is important.  This is hugely significant.  When employees believe security is important, it promotes a community of common sense and fosters peer reinforcement of securing corporate assets.

 

Only one-quarter of people admitted they had attempted to bypass company security policies while at work.  While at first glance, one in every four people actively trying to get around policy might seem high.  But not too many years ago, these numbers were inverted.  Most people held beliefs that security policies were overly burdensome, ineffective, and not important.  Subsequently, most workers occasionally side-stepped policy while striving to meet corporate objectives.

 

So what happened?  What were the catalysts which changed the situation to a more security friendly environment?  Three things occurred in the industry which drove the behavioral changes.  The relevance of security increased, better communication and training, and maybe most importantly, IT/Information Security departments became more sensitive to users work needs.

Information security has become more relevant to all employees, both at work and at home.  Attacks targeting personal information, finances, privacy, and social reputation have become commonplace.  The threat of identity theft, email break-ins, social media harassment, location tracking, and even the harvesting of pictures from phones and personal online storage sites is causing concerns to grow.  People are worried at home and it translates to a healthy paranoia when they come to work.   Overall, this is good for corporate security.

 

Over the past few years, companies have spent more time and effort in communicating and training employees on the security risks, problems, and controls.   Security professionals have grasped the fact the vulnerabilities are not just technical.  Behavioral aspects contribute and must be addressed at the user level.  Beyond the new-hire or annual security training and notices, many organizations have spent time and effort in raising the awareness of security with their flock.  A very good investment against a broad swath of attacks.

 

Arguably the most important behavioral change has been on the IT and Information Security side.  In the past, some organizations applied iron-fisted security programs and policies which were just as impactful as the problems they were designed to protect against. These organizations have largely matured in how they present risks, design controls, and respond to problems.  They have strived to understand the business and how employees work in order to reduce the overall impact of security.  They find a healthy balance between risk and controls and do so in a manner which purposefully minimizes impacts to employees.  The survey found sixty-one percent of employees reported that their employer's security policies never or rarely made it more difficult for them to do their jobs.  This kind of partnership fosters teamwork instead of contempt.    

 

These are valuable lessons to every security organization.  Employee support is crucial to every good security plan.  Communicate, partner, and keep security relevant in order to win the hearts and minds of employees.

Yes, in fact I believe that some failure is required to enhance IT business value and enable a competitive advantage. 

 

To meet evolving business needs, IT must innovate.  With the rate and pace of business increasing faster than ever before, IT is being asked to partner with business leaders, drive innovation that improves employee productivity, enables business growth, creates business efficiencies and delivers resilient solutions.

 

So where does failure fit into this discussion?  Obviously, the business does not want solutions that don’t work… they demand solutions that are easy, fast, mobile and secure.  However, they do need new solutions and new processes which implies invention.  This means creating business solutions that do not yet exist and often times with technologies and usages that have never been done before.

 

By definition, innovation, invention and scientific discovery are all processes that require trial and error, and have a degree of failure associated with them.  In fact, some of the best inventors experience a tremendous amount of failure, before succeeding.  I always think of the old videos showing Orville and Wilbur Wright crashing plane after plane before achieving flight in Kitty Hawk, North Carolina. Thankfully, we remember and appreciate them for their successes, and not their failures.

 

The value of the innovation process is clearly not centered around the failure itself, but what you do next. 

Failure without learning is waste, but failure with learning is fundamental to progress.

 

These themes were reinforced for me at both CIO Magazine’s annual CIO 100 Award Symposium and Intel IT’s annual Technology Leaders Conference held earlier this week.  At both conferences, senior leaders were encouraging their IT teams and their peers to push the envelope on innovation, challenge the status quo, and invent a new normal.

 

This level of bold innovation will result in some failure and does represent the price of admission for creation, change and business value.  The challenge for the inventor is to maximize learning, minimize risk, and accelerate the pace of the innovation cycle.  Someone told that a key to successful innovation is to fail fast and fail often.

 

The question is what will drive your actions tomorrow --- the fear of failure or the benefits of bold innovation?

 

Intel IT is passionate about driving business value through innovation and sharing IT best practices with our industry peers.

 

Learn more about the Intel IT organization at www.intel.com/IT

 

Chris (follow me on twitter @Chris_P_Intel)

Many times IT is focused in enabling new capabilities and adding more tool kits to the ever burgeoning list. We also find that many of these tools have similar capabilities differing in some features only. So combining multiple tools in a way that leverage the best capabilities of each one, we can get an efficient business workflow, without the need to buy or deploy new tools. With the advent of Web 2.0 and using mashups, widgets and Webservices, it is easy to create a portal with a mashups of different capabiltieis/ content. Understanding the information needs and building the information architecture is the key.

 

In my earlier post, we had seen how we can utilize Enterprise 2.0 (Social Computing) tools for better project management and collaboration. This is one instance of information architecture, where we study the workflow of a project manager, and create a project management model by combining the default PM tools with the enterprise social computing tools.

 

Similar exercise can be done for different usage scenarios. For example, in an organization, there are several operational processes. Most of these will involve sharing of information with the employees, 2-way engagements, and multi-point discussions. The management team depends on the dashboards and other status updates to track the progress of, issues faced by the organization and organization health check. The employees have a need to roll up their project status, operational health status and progress towards milestones to higher up to keep them updated. By understanding these information sharing needs, we can combine the traditional reporting tools and E2.0 tools to create a one-stop shop to the organizational team.

 

We are right now experimenting with a similar model for one of our IT organizations. We are in the process of information architecture. The idea is to start small with status updates, roadmap sharing and prioritization information. As the teams adopt the process, we will add more data there.

 

I would like to hear from you on how you are managing organizational information needs. Do you rely on traditional methods, manager pass-downs or face-to-face meetings?

Inside Intel IT we focus heavily on business partnership as an IT best practice for creating business value.  Yesterday, I was discussing the topic of IT leadership with a couple of Intel’s CIO staff members.


During this discussion I was reminded of two active discussion forums on LinkedIn that have been exploring industry opinions on what skills are required to be successful as a CIO in today’s world. Both discussion threads explore the value and importance of business vs technical acumen for IT leaders. While the discussions explore the topic from different sides, they are stimulating the same debate among participants – what makes a good IT leader? – what skills should you look for when hiring? - what experience is required for success?

 

 

During my early career as a Navy officer and engineer, it was impressed upon me to understand the functional workings of the entire engine room as well as the topside shipboard functions that I was supporting while managing the reactor plants.  Later in my career as a manufacturing supervisor and material planner, it was critical to understand the supply chain and line of business dynamics (new product introductions, promotions, new customer and distribution channels) as they impacted daily decisions on scheduling and production.  This focus on the end consumer is simply a rule of business - understanding your customer helps you deliver the highest levels of value.


So for IT professionals, I come to a similar conclusion; Business acumen is a pre-requisite for a successful IT career.  If we as technologists do not understand the business objectives, processes and user requirements, then how can we expect to enable the business with highly competitive, efficient technology solutions which add business value.


Yesterday, as we explored the techniques Intel IT staff use to align our own efforts to the business initiatives, we informally ran down some of the career backgrounds for many of the current CIO staff members - and I saw a very similar theme. Many of our IT leaders and senior engineers have worked inside Intel’s business units or had experience in business units at other companies.  The head of IT Customer Capability division worked in sales and marketing, the head of IT’s supply network capability division worked in manufacturing before IT and Diane Bryant (our CIO) came to Intel IT from Intel Architecture Group - one of Intel's core business groups.  The list went on and on.

 

In some cases, their career paths started in IT, moved into a business unit and returning to IT.  In other cases, IT hired them directly out of the business units.  The common thread was that each person had a diverse skill set that included both technology coupled with an integral knowledge of the business they support.

 

At Intel IT, we actively create a culture of development and growth for our employees.  One of these ways is by actively supporting job rotations, ongoing training and development and hiring for a breadth of diverse skills which includes business experience.  Creating an organization with a better understanding of business and our role as IT professionals to drive business value through IT innovation make us a better, healthier and stronger IT organization. This in turn enables better business solutions.


In conclusion there is a simple formula for success:
Better IT = Business Acumen + Technical Acumen = Better Business.

 

As chance would have it I am attending Intel IT’s annual Technical Leadership Conference today and Intel's CIO told Intel's technical leaders in the audience this morning that there are three things required for their success as well as the success of our organization, reinforcing and expanding my formula.

 

  1. Technical Expertise and Experience – this represents is the price of entry for IT professionals
  2. Business Acumen – this is where the big impact  is made which delights our business peers
  3. Collaboration and Partnership – working together through shared goals is what yields results

 

I welcome your comments and insights below.


Chris – follow me @Chris_P_Intel



Filter Blog

By author:
By date:
By tag: