We use cookies and other similar technologies (Cookies) to enhance your experience and to provide you with relevant content and ads. By using our website, you are agreeing to the use of Cookies. You can change your settings at any time. Cookie Policy.

Anne Stuart’s BPM in Action

Michael Dortch

BPM and Security: Inextricably Intertwined

Vote 0 Votes

So I've gotten my first spam blog comment, and it reminded me that I've been thinking a lot lately about the connections between BPM and security. In a lot of ways, security is one of the most process-intensive IT-related areas in an enterprise. After all, there are processes, both implicit and explicit, for identifying, then authorizing or denying access to everything in the IT infrastructure, for everyone who tries to gain access.

Another BPM-security connection: both must be woven tightly into IT infrastructures, to be as pervasive and ubiquitous as necessary to provide enterprise-wide coverage. In addition, each needs to be non-disruptive to the point of invisibility.

Of course, security includes many important elements and "moving parts," not all of which are equally well managed by clearly defined and comprehensively enforced processes and policies. For example, spam is a threat to enterprise security, or at least to worker productivity. However, as my ebizQ colleague and "blog buddy" Elizabeth Book wrote a few days ago, truly effective enterprise-wide spam and malware management is, to say the least, a process-intensive set of challenges. Ditto for other security-related issues such as identity and access management (IAM) and network access control (NAC). Add in the triple threats of compliance, governance, and risk, and security becomes even more critical and challenging – as do the processes that define and enable it.

So, how best to address and perhaps take advantage of the various things that connect BPM to security? Here are a few high-level ideas and suggestions.

1. Assess current security practices and solutions for their effectiveness and pervasiveness.
2. Where successful security practices and solutions are identified, ensure that the processes used to define, deploy, and govern those practices and solutions are clearly defined and well documented.
3. Use these as elemental templates and models for other processes, in security and in other business and technology areas.
4. Ensure that all BPM efforts and supporting information are themselves adequately protected from IT and business threats.

Every BPM initiative should include comprehensive and detailed security features. In addition, every security initiative should be based on consistent, enforceable, and well documented processes which are aligned with those that support other critical IT-enabled business initiatives.

Everyone involved in BPM should forge a good working relationship with the chief security officer, chief risk officer, or equivalent person in their enterprise. Good security requires good processes, and good BPM requires good security.

For more, check out "Best Practices for IT Infrastructure Management and Business Alignment," "Managing and Measuring Security in the Enterprise," "The Business Drivers Behind IT Initiatives," and "Top 10 Tips to Minimize Risk" in the RFG section of the ebizQ Analyst Corner. And for goodness' sake, if you don't already, subscribe to the ebizQ weekly security update. And please let me know how BPM and security are aligned – or not – at your enterprise or your customers' sites.

Leave a comment

Business process management and optimization -- philosophies, policies, practices, and punditry.

Anne Stuart

I am the editor of ebizQ.

Recently Commented On

Monthly Archives