Taking Enterprise Security to the Next LevelBy Alexis Langagne Fasén | Wed, 08/04/2021 - 13:00
Taking world-class enterprise security to the next level nowadays requires a 360-degree scope in terms of managing risk. We now talk about protecting assets (physical security), protecting people (safety), protecting business processes (business continuity), protecting information (cybersecurity) and even protecting the company’s reputation. More and more, companies are appointing chief security officers (CSO) to address this wider scope, which provides a unified way to manage risk across organizations but requires fundamental changes across many business processes and in some cases even a new perspective regarding the required leadership profile for the role.
Let’s explore how, during the post-pandemic reactivation, the protection of assets, people, processes, information and reputation is evolving.
Protecting assets (physical security), such as raw material, equipment, machinery, offices and manufacturing plants, is traditionally done with elements of physical security, including guards and electronic security systems. Electronic security systems include CCTV cameras, access control, systems, fire detection and drones among many others. All these physical security elements are key to ensure assets are protected according to the organization’s expectations.
Protecting people (safety) is about protecting employees and, where applicable, business partners and customers. In addition to the traditional physical security elements mentioned before, there are new ways to take enterprise safety to the next level, including the incorporation of a variety of Internet-Of-Things (IoT) devices that can detect room temperature, air quality, the proximity of people, whether people are wearing masks, safety equipment and so forth. It is all about ensuring the health and well-being of people.
Protecting business processes (business continuity) is now — sometimes — doable in a remote way by leveraging IoT devices, including IP cameras, to monitor proper execution of business processes, all the way from manufacturing and supply chain operations, such as storing raw materials, loading/unloading components and final products, proper machine operation, continuity of operations and, eventually, proactive detection of potential failures.
The good news is that the protection — security — of the assets, the protection — safety — of people and the protection of business processes — business continuity — can all be remotely managed from a Security Operations Center (SOC), which can provide a reactive, proactive and/or preventive approach to taking action and minimizing risk.
Protecting information — cybersecurity — includes software and specialized services designed to protect networks, IoT devices, including computers and servers, and data, ensuring protection against phishing, ransomware, and other cyberattacks. A comprehensive and proactive cybersecurity approach is required to address information security. The concept of a “Cyber SOC” is also available to ensure cohesive physical and information security.
Finally, protecting the company’s reputation is the hardest challenge, as it has to do with everything that we do as a company — internally and externally; what we do regarding assets, people, business processes and information. We must also assume that relevant matters and incidents will eventually become public domain. Therefore, this is a good opportunity to ask ourselves some fundamental questions: What are our core company values? Do we live day in and day out aligned to them? What is our social responsibility and environmental agenda and, ultimately, what is our intended contribution to the communities where we are present? Are we an asset to the community? It is not enough to hire a solid public relations agency to protect our reputation. My view is that we all can make mistakes, but we can’t confuse our value system.