The Importance of Buy-In


A regional oil and gas magazine recently shared this remark from Tolar Systems’ founder, Lance Tolar, on the topic of I.T. security: “I think people fail to ask the right questions early. Organizational security, I.T. security, is about establishing and practicing good processes as much as it is about investing in good solutions. If you don’t have corporate buy-in and a good culture not only to create good I.T. policies, but also practice them, users are going to find ways to circumvent. That’s what you want to avoid.”

In this article that was published in October 2014, Tolar observed that the task of maintaining cyber security requires a mindset that must extend to all the company’s employees, from the C-suite on down to entry level workers. Cyber security is a function that needs to be part of the corporate culture. It cannot be a mere add-on technology or a plug-and-play remedy—cannot, that is, if it must be counted on to succeed.

Sometimes the challenge for companies wanting to protect their data and their intellectual property is as much a matter of internal lapses as it is external threats. Protocols must be established to ensure that the systems that are in place will function as they should. If employees who work inside the company’s firewall do not observe the necessary protocols, security breaches can result, and disaster can strike.

“When users operate outside of a process they increase the risk of a breakdown or failure,” Tolar said in the published report. “The consequence depends on the process that was circumvented. First, users within an organization are going to try to find ways to shortcut it. If they can find shortcuts, it’s a bad policy. But worse than that—if a user can circumvent a system, then hackers will have done so already… they’re already there.”

Tolar urged that businesses implement policies that will protect them, and then practice those policies and instill them within the corporate culture. “The organization has to have buy-in and has to believe in your process, so that they will use it [instead of] trying to circumvent it. It’s as much about having a vision and selling your users on a good solution as it is about buying a piece of technology.”

For the full article, go to this site: