Unified Security Management: The Pain

Creating a unified security function means overcoming challenges from top executives, existing processes and change-resistant employees

By Todd Datz

April 15, 2005 — CSO — For the plus side of unified security management, see The Payoff.

Wednesday, April 21, 9:00 P.M. (EST), All Hands on Deck: The Making of a 21st Century Security Department (made-for-TV movie, 2005):

A new corporate security director takes the reins at a company that has just fired his predecessor for being "old school" and "unable to grasp the future of security." The new director is given a mandate to converge all the security functions, which previously had been stovepiped. Members of the various security departments, who once had minimal interaction with each other and ample levels of distrust, are elated. Staffers are cross-trained in each other's disciplines and never fail to ask how they can lend a hand to their colleagues. Employees share many a libation, as well as the best of that week's security stories, every Friday at O'Brien's, the local watering hole ("Can you believe the look on the face of that guy from finance when we nailed him for leaking our 3Q numbers? I thought his eyes were gonna pop out of their sockets!").

A farcical look at how a strong-willed CSO takes a stovepiped organization and whips it into a tight-knit, newly energized outfit, winning the hearts of grateful staffers along the way (including one enthusiastic but verbally challenged firewall specialist who frequently proclaims to his teammates, "There's no 'I' in security!"). Rating: H

For all of you readers who have either converged or toyed with the idea, the plot line for this movie matches the reality of your experiences or expectations, yes?

Of course not. That's why this cheesy plot sounds as far-fetched as a reality show featuring a woman trying to determine her biological father from a group of eight strangers. The stark reality is, like any corporate restructuring, converging is bang-your-head-against-a-wall tricky. It presents a host of challenges: ticked-off employees, fights over budgets, skeptical executives and enough cultural issues to make a typical, backstabbing Thursday night on The Apprentice look like a game of Candyland.

But, as "The Payoff" (see Page 24) shows, those who believe convergence is a path worth pursuing will find that the benefits can be worth the pain. This story outlines five common challenges that confront CSOs and suggests ways to tackle them head-on. Pain #1 Turf Battles Face it: You'd be a fool to think that the director of infosecurity, an IT department veteran who had developed a great relationship with her ex-boss, the CIO, is going to do a touchdown dance once she finds out she's reporting to the CSO. Same for the head of corporate security who finds himself taking directions from the CISO, or the security manager at a local operation giving up control of a monitoring system to headquarters.