The future of the security manager

September 2012 News & Events

Two experts offer their view of the future role of security managers.

At the recent ASIS conference in Cape Town, Hi-Tech Security Solutions spoke to two of the conference speakers about how they perceived the changing role of the security manager.

Eduard Emde (CPP), keynote speaker and president of ASIS International, believes that security only exists because business needs it. By association, the security manager is often a grudge ‘purchase’ and he or she therefore needs to change with the constant changes taking place within the complex business environment.

Eduard Emde
Eduard Emde

“The business world is volatile and ambiguous, and technology is constantly changing. The risks and risk levels are also constantly in flux. IT and cyber technology in particular have become very important and the question its popularity poses is: ‘How do we deal with these circumstances and how do we equip our teams to best deal with the current and future challenges in a proactive way?’ ” says Emde.

He says that with the advent of cyber risk, one sees attacks on SCADA (supervisory control and data acquisition) systems and accelerated cyber warfare. “Businesses are increasingly asking the security manager how he or she can halt the real and potential onslaught of attacks on sensitive IT systems.”

Benedict Weaver (CPP), managing partner at Zero Foundation, believes that the role of the security manager has remained relatively static over the past four decades. “In essence, this role encompassed managing a protection strategy for property, people, resources and reputation. However, the business environment is changing and is currently strongly affected by five global forces. These are demographics, natural resource demand, globalisation, climate change and technology.

Benedict Weaver
Benedict Weaver

“Smart businesses therefore need to develop a corporate security department that will allow them to adapt to the changing global environment, as well as provide a competitive advantage.”

Weaver highlighted the massive population boom in the past 212 years. “This explosion in the number of humans inhabiting our planet means that more businesses are required to service the needs of this larger consumer base. There is already a war on talent and skills to cater for this growing customer base. As a result, the role of the security manager has become critical and should now be a part of global corporate risk management.

“As the demand for natural resources increases, businesses will come under greater pressure to perform and secure market share. This will, of necessity affect the security of the businesses competing against one another. Likewise, climate change impacts on those companies that are not compliant with green legislation. This results in a higher risk profile, which then becomes a function of the risk/security manager,” says Weaver.

Increasing globalisation will see governments deregulating industry to encourage direct foreign investment. “By moving the wealth around, shareholders and stakeholders will be presented with different responsibilities in terms of compliance with country-specific laws. This will result in greater risk exposure.

“With the rapid development of technology, the demands on intellectual property will increase. The protection of this intellectual property will become a function of security and risk management. However, since data can be delivered from anywhere in the world, technology also creates opportunities to manage this risk.”

Keep it simple

Emde says that it is advisable to keep things simple, yet smart. “The security or risk manager is primarily in place to serve the business efficiently and effectively, so he should not be overburdened with a plethora of solutions. The management and technical systems should be designed with a clear goal in mind and allow the security manager to understand the process. Approaches also need to be future proof and provide the business with cost effectiveness.”

As businesses become more hi-tech, the role of the security manager often seems to overlap with that of the IT and information security functions. “The degree of overlap depends very much on each individual business. In all instances, however, both parties need to respect one another’s expertise, open the lines of communication and consider the possibility of pooling resources and knowledge to provide a comprehensive solution.”

Emde insists that there will remain a role for a separate security function within companies, but that the operational aspects may in the future fall under the IT umbrella and other functions. “Businesses require internal expertise at a very high level. The risk manager will need to have connections within the business environment and have a larger degree of technological and business expertise than previously required.

“However, the functions that will remain within the parameters of the security manager’s portfolio include incident monitoring and response, together with investigation of these incidents or events. He or she will also need to work together with others within the enterprise to shape proactive, intelligence-led security,” adds Emde.

“With the increasing focus on corporate mobile communications, the security manager is being forced to perform out of his comfort zone. Data integrity and information assurance are now vital to the reputation of companies. This is where we will continue to see a convergence between the functionality of IT and security,” says Weaver.

He says that it should not be the responsibility of the security or risk department to monitor data on the cloud or on servers. “They typically do not have the necessary skills to undertake this function and should rather be involved in the security of communications within the organisation. This responsibility includes technical surveillance countermeasures, RF jamming and encryption systems for high-security communications.”

Emde believes that the risk/security manager will have to increase their understanding of the business in terms of its profitability drivers and markets. “In addition, it will be expected that security/risk managers will have a comprehensive understanding of relevant security standards as they apply to the business. This will be complemented by the relevant procedures applicable to human resources and legal issues pertaining to the business environment.

“Increasingly, the security/risk manager will fulfil a consulting and advisory role within the business. This will entail supporting the business in decision-taking and finding sustainable ways of reducing risks. Security, crisis and continuity management must now fit within the overall risk management strategy of an organisation as well as within the business strategies,” Emde says.

With regard to the instilling of basic security standards in employees, Emde feels that the security/risk manager will play a subtle, but strategic, role. “However, it is crucial that management participates in the transference and adoption of these basic skills and knowledge for the overall benefit of the business.”

Adapt or die

“It is common knowledge that many of the people previously appointed as security managers were drawn from the military or police forces. More recently, there has been a strategic move away from this trend. The new profile fulfilled by the security or risk manager requires a keen interest in organisational strategies in order to encapsulate the demands of the increasingly competitive business environment. Interestingly, more women, with their inherent attention to detail, are becoming involved in driving the benefits of a corporate security department,” says Weaver.

He is adamant that the traditional security manager needs to mimic the company’s philosophies and intent if he wishes to maintain his own survival and growth. “In essence, security managers will become responsible for re-engineering their own job profile. There needs to be a move away from security being viewed as a cost centre in the company to becoming a profit centre in the business. This can be achieved by aligning security with the company’s business objectives and finding creative ways of charging fees for services rendered, that is, vetting, risk assessments, technical countermeasures and competitive intelligence.”


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Pentagon appointed as Milestone distributor
Elvey Security Technologies News & Events Surveillance
Milestone Systems appointed Pentagon Distribution (an Elvey Group company within the Hudaco Group of Companies) as a distributor. XProtect’s open architecture means no lock-in and the ability to customise the connected video solution that will accomplish the job.

Integrated, mobile access control
SA Technologies Entry Pro Technews Publishing Access Control & Identity Management
SMART Security Solutions spoke to SA Technologies to learn more about what is happening in the estate access world and what the company offers the residential estate market.

New ransomware using BitLocker to encrypt data
Technews Publishing Information Security Residential Estate (Industry)
Kaspersky has identified ransomware attacks using Microsoft’s BitLocker to attempt encryption of corporate files. It can detect specific Windows versions and enable BitLocker according to those versions.

SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

Creating employment through entrepreneurship
Technews Publishing Marathon Consulting Editor's Choice Integrated Solutions Residential Estate (Industry)
Eduardo Takacs’s journey is a testament to bona fide entrepreneurial resilience, making him stand out in a country desperate for resilient businesses in the small and medium enterprise space that can create employment opportunities.

From the editor's desk: Just gooi a cable
Technews Publishing News & Events
      Welcome to the 2024 edition of the SMART Estate Security Handbook. We focus on a host of topics, and this year’s issue also has a larger-than-normal Product Showcase section. Perhaps the vendors are ...

Secutel wins OSPA Award for Outstanding New Security Product
Secutel Technologies News & Events Access Control & Identity Management
[Sponsored] Secutel Technologies’ NoKey Access Control solution won the Outstanding New Security Product category at the 2024 OSPAs in South Africa. The awards were presented at Securex 2024 where all category finalists were recognised for their contribution to the security industry.

ONVIF launches new working groups for cloud, metadata and audio
News & Events Surveillance
ONVIF, the global standardisation initiative for IP-based physical security products, is announcing the formation of three new working groups to tackle standardisation work in cloud connectivity, audio, and advanced metadata.

Inaugural Gallagher Security Johannesburg networking roadshow
Gallagher News & Events
Held at Johannesburg’s Foghound Coffee Company in Midrand from 11 to 12 June, security industry professionals gather at the inaugural Gallagher Security Johannesburg Networking Roadshow.

Trend Micro launches first security solutions for consumer AI PCs
Information Security News & Events
Trend Micro unveiled its first consumer security solutions tailored to safeguard against emerging threats in the era of AI PCs. Trend will bring these advanced capabilities to consumers in late 2024.