For years, security teams have been perceived as Policy Enforcers and "The Department of No." Governance and compliance were the watchwords. Our culture was compliance-oriented rather than customer-oriented.
This focus on compliance led marketers and company executives to view security as a necessary evil, rather than a value-driver. Even though security teams only had the company’s best intentions in mind, we did not sell our value to executives and accepted our fate.
Later, security became more focused on risk management. This is a critical aspect of security, but again sells the capabilities short. The security team was still viewed as necessary to help assess and manage risk, but stopped short of realizing its full potential.
Secure more than marketing outcomes
When marketers make decisions about their martech stack, they often think first and foremost about marketing outcomes. Why wouldn’t they? They are marketers after all.
Information security concerns are often an afterthought. Security teams might be brought in for final approval on technology decisions, but are not always deeply involved in the process. This leads to unfortunate situations where the security team discovers an issue that brings the project to a halt right as marketers are excited to implement new technology.
No one is happy with this outcome. Marketers are frustrated they can’t get the technology they want and security professionals are frustrated they weren’t looped in sooner. We need to create a new relationship between marketing and security teams.
The security team is a valuable asset to the sales and marketing teams and can make the difference when selling product or services.
Secure to its core
Security should be a core company differentiator. For example, at Cheetah Digital, we engage early in the client relationship cycle and have become a key member of the success team.
Most senior information security leaders have had extensive client-facing experience over years of presenting and interacting with the board, the executive leadership team, outside certifying agencies, auditors, and yes, many, many clients.
With this experience comes a wealth of knowledge, specifically, how security can improve business and manage acceptable risk levels. We have washed away the perception that security always says no. Instead we have emphasized that we do not have the right to say no. Rather we can only advise of the risk involved and support the business decision made.
Security needs to support business. Any business decision must be based on the determination that the reward outweighs the risk. The security team is the advisor to the business on information risk and the best approach to handling it. Security must ensure that leaders in the company have the best information to make decisions for the good of the business.
Next steps for marketers and executives
Invite your security team to staff meetings to build closer team relationships.
Ask for your security team for presentations to your team on security subjects.
Invite security team leaders to martech vendor meetings and networking events to allow them to meet and build relationships with vendors’ team members.
Ask the security team to help with proposals and presentations to add a sense of security.
This change in perception is an important first step to bringing security into the marketing team and capitalizing on the value it can bring to mitigate risk companywide.
Patrick Benoit is the Deputy Chief Information Security Officer for Cheetah Digital. He previously served as an Executive Business Partner for Experian, Client Delivery Executive for Dell Services, and an IT Director after selling his business, a Dallas-based business and technology consulting firm, which he founded in 1992.