Home » Security Leadership » Strategic Planning

Next Stop for Security: Business Intelligence and Business Services

CSO Editor in Chief Derek Slater looks at how security can build on today's (relatively) high appreciation of risk management

By Derek Slater

June 12, 2009 — CSO —

Congratulations. You're doing magnificent work. Don't let up.

Sure, you're getting a pretty good tailwind from the economy. Rotten times seem to increase everyone's appreciation for security. Poorly managed risk (thinking of mortgage-backed securities here) increases everyone's desire for well-managed risk.

Nevertheless, I don't think the sour economy accounts for all the positive results in our 2009 State of the CSO survey. The upshot is that security is very well regarded at this point in American corporate history, which means you've come a long way in less than a decade. The CSO, in many places, has become an important participant in effective organizational governance. More than ever, you're regarded not just as the person who bars the doors, but as a person who safeguards the value of the company.

See Senior Editor Joan Goodchild's recent look at this evolution of the CSO. There is great value in taking stock and recognizing achievements from time to time. After all, who doesn't need an occasional pat on the back? But as always, it's the future that interests me more than the past.

What happens to the CSO position in three years? In 10? And what should you be doing now in order to deliver a positive future, rather than simply waiting to react to whatever circumstances should befall you?

To repeat a point made in this space before, I think the future of the security department is about using the sensors you have in place (cameras, log files, card readers, investigations) to deliver actionable business intelligence back to the company.

Not just security intelligence. Business intelligence.

David Kent, Genzyme's CSO, hints at this in Goodchild's article when he says, "The interesting work will be in discovering the new connections and building the resulting services that we don't know about today."

Some of these services that security may offer in the future presumably will be relatively direct extensions of today's expertise. An example: brand protection. Tim Williams at Caterpillar sits on a new working group focusing on the challenge of brand protection. This brings security's expertise (search and investigation, for instance) together with legal and marketing and other departments. It's a broader application of the concept of security. (Goodchild explored this specific path forward in Brand Protection: The Expanding CSO Portfolio.)

Other services may utilize the security group's capabilities for nonsecurity purposes. Some security groups today manage all corporate air travel. Some handle all logistics for off-site executive meetings. Those aren't pure security tasks, but the capabilities developed by the security function are a great match.