Q&A

Ram Charan: The Business of Security

By Sarah D. Scalet

October 11, 2007CSO — What happens when you bring together one of the business worlds luminariesRam Charan, whom Fortune magazine calls the most influential business consultant alive­and one of the countrys top CSOs, Lynn Mattice of Boston Scientific?

Still a fair amount of disconnect. It turns out that even the most business savvy of CSOs (Mattice won a 2007 CSO Compass award for his work on business alignment) still looks at things on a profoundly different level than a globe-trotting consultant who spends most of his time with CEOs and boards of directors. That much became clear during a ground-breaking teleconference between the two men, moderated by CSO magazines Sarah D. Scalet.

Mattice, for instance, seemed to take it as a given that information-technology leaders have made their way into the executive suite, serving as something of a role model for security leaders. Charan, on the other hand, cited IT as an example of a function that needs to do a better job of rotating its people into other business areas, to get better business savvy. Likewise, some broad, big-picture initiatives for strategic CSOssuch as the work of the Council on Competitiveness on business resiliencyare not even on Charans radar.

Nevertheless, the two men found plenty to chew on, as the conversation made its way from how boards of directors view security (peripherally), to how CSOs can evolve (by leaving security behind), to how to implement change (without just latching onto the business fad of the day). Below are excerpts from the call.

Mattice: One of the failures identified in your book Execution resulted from the inability of individuals within an organization to envision where they needed to go. One of the things that security departments have been trying to do is evolve away from the corporate cop image. What are the expectations, as you see them, from the executive suite on the corporate security function today?

Charan: The most important part is the expectation about the reputation of the company. How does lack of security help or hurt the reputation of the company? Reputational risk is very important to companies today, so the security people, in addition to compliance, need to consider the appropriate focus on reputation. That should be a part of the annual report to the board on risk: how they are linking with the reputational risk assessment and what they are doing. Very clear, very simple, very direct. Thats the key.

Mattice: Weve seen other organizations throughout the years evolve and gain a more critical position within corporations, elevating up the levels of corporation to join the executive suite. We have seen this happen with IT, with audit, and in the old days with finance. What are your recommendations on how security leaders should change their focus to be able to move up the ranks?

RESOURCE CENTER
Loading...
VIRTUAL CONFERENCE
Data Center Directions Virtual Conference

Data Center VCAttend this free, 100% online event exploring tools and techniques for making your data center deliver for today and tomorrow.

» Learn more and register here

WHITE PAPER
Discover whether hosting is your smartest choice for enterprise messaging.

GoogleTo host or not to host? Thats the question for many CIOs as the volume and complexity of enterprise messaging continues to skyrocket.

» Read the Paper

Featured Sponsors