EVENT FILMING | FEATURES | RESEARCH | HEAD TO HEAD | CASE STUDIES | ROUNDTABLE | BOOKSTORE
ONLINE BOOKSTORE
CUSTOMER FEEDBACK
TECHNOLOGY NEWS
ITSM
 IPTV
 Publications

Ken Turbitt Blog
Aidan Lawes Blog
Paul Gostick Blog
Dr Jenny Dugmore Blog
Shirley Lacy Blog
Alim Ozcan Blog
Juan Jimenez Blog
Ian Clayton Blog
Nas Ozcan Blog
Aidan Mills Blog



ITSM
The General Data Protection Regulation Benchmarking Survey
How are organisations facing the challenge of complying with the most radical overhaul of data protection laws in a generation?...
ITSM

Ten Strategic Technology Trends for Government
Technologies that enable new service models for digital government must be at the top of the list for government organizations as they prioritize technology investments...

ITSM

The Robots are Coming: Are CEOs Ready for the Era of Automation?
CEOs agree that robotics is going to make their companies more efficient, with 94% of those who've already adopted robotics saying that it's increased productivity in their business...

ITSM

The 2015 Chief Digital Officer Study
More companies are appointing a Chief Digital Officer to join their C-suite - but are they doing it quickly enough?...

ITSM

18th Annual Global CEO Survey
The United States has overtaken China as top target for growth for the first time in five years...




 News
8 June 2018 | ITSM
Send to a colleague | Add to MY ITP

Five Steps Security Leaders Can Implement to Create A Better Customer Experience for Their Business Executives
Gartner analysts share five steps that security leaders can implement to help improve a better customer experience...

While IT, and most businesses, have been focused on operational excellence for the past 20-30 years, Gartner analysts said it’s time security leaders put the focus on customer experience.

"Today, the battle ground for the digital industrial revolution is the customer experience," said Leigh McMullen, research vice president at Gartner. "It's not about cost; it's not about efficiency; it's not even about product. It's about experience."

Everyone is a big digital consumer, and in this digital world, users expect customization to all their preferences. For security leaders, this means giving up some control, and it is resulting in the nexus of the cultural clash. This clash is taking place when risk issues are passed from the business department to the security department, with the expectation that the security team will deal with the problem. Gartner analysts said the key to changing this relationship is engagement.

"We as security people want things to be controlled," said Mr. McMullen. "We want them stable, but people's expectations are being set by forces outside our control. Which means we (security leaders) need to change how we engage if we want to be successful. We have to give up control to gain influence."

Create an Effortless Experience

The experience that customers are looking for is an effortless experience. The analysts pointed out that effort, not satisfaction or net promoter score, is the best predictor of future buying behavior.

"Security should not wreck the customer experience, but it often does," Mr. McMullen said. "Customers, and that is everyone in your enterprise, want the effort they put in to match the value they expect to get. If you deliver the wrong experience, they’ll just tune you out."

Gartner has identified five things security and risk leaders can work on now to create a better experience for their executives. They include:

Actually Speak to Executives About Things That Matter to Them.

Gartner analysts said studies have shown that fear of risk and security is materially impacting innovation.

"Organizations are slowing down because they fear this issue," said Paul Proctor, vice president and distinguished analyst at Gartner. "If you can improve their comfort and understanding of risk and security, you can help your company move faster. That is truly a business value of security."

Mr. Proctor said it’s important for security leaders to talk to business leaders about what matter to them. Show them how their business outcomes are directly dependent on technology. He said security leaders need to engage with business executives over things those executives think are important.

Help Executives With Their Decisions Through Operationally Focused Risk Assessments.

To help business executives, Gartner recommends that security leaders start with a business process and conduct interviews with the people who execute that process.

Gartner analysts shared an example of a police department that has created an operationally-focused risk assessment process that takes two weeks, delivers summary recommendations in a business-focused context, and requires a non-IT executive decision maker to act on the results.

"Offering executives decision-making in the context of operational outcomes makes these engagements more than interesting to them. It directly impacts the decisions they make," Mr. Proctor said. "You are now helping them do their job."

Create Defensibility for Your Executives.

Executives do not directly control technology risk and security. However, when an organization gets hacked, the public wants executives to face consequences for the security breach.

"We have treated security like a dark art for so long that when an organization gets hacked, people don’t understand," Mr. McMullen said. "So, the primary question is, ‘Who screwed up?’ You can’t guarantee the organization won’t get hacked, so stop selling your executives protection, and start selling something they truly need, defensibility."

Take Tech Out of Your Conversations.

The ability of security leaders to abstract out technology and put decisions in terms of business outcomes is critical to their success in a modern risk-based world. Gartner analysts said security leaders need to understand their company’s business model.

"When we talk about technology risk and security, primarily in technology terms, stakeholders treat us like wizards who cast spells and protect the organization," Mr. Proctor said. "Making risk and security more transparent and business-aligned is an absolute requirement to get you out of the wizarding world."

Move From Project to Product Management.

Project management is something security leaders have always done. They prioritize and fund activities. For example, there are start times, execution gates, implementation, acceptance testing, integration, and deployments included in project management. There is a beginning and an end.

In product management, everything is continuous. Typically, it’s organized around a business process, and the IT requirements to support that business process. For example, in an insurance company, a product line could be underwriting, and in a risk and security context, underwriting needs access to control, perimeter protection, threat and vulnerability management, handling and treatment of sensitive data continuously. There is no end date.

"Doing these five things will improve executive experience, their perceived value, and result in a better, more appropriately protected organization," Mr. Proctor said.


Gartner Email to a colleague | Add to MY ITP

LOG IN
terms & conditions





MICROSOFT SEARCH ENGINES