With business intelligence moving to the top of the priority stack followed by updating legacy systems, we must wonder when the same forward looking view will be applied to security strategies. All too commonly, we see overly complex security controls that have evolved into an ugly kludge, where the same focus is applied generically across the business.
If we can see the value that business intelligence has to focus the business, then surely the same should apply to our business processes and the security controls that enable them. We must be able to define core processes and information and the technology that wraps around them. Then, we must allocate relevant security controls based on the business value of those processes. Typically, security is far from being operationally efficient. If anyone is in the process of reviewing the modernization of legacy systems, then security would be one key aspect that is due for a face lift.