Written by Brad Egeland for Axosoft.
This question begs to be answered. Especially in the wake of the recent breaches in digital security across just about every government agency. So, how important is security on the projects that we manage? Well, that depends on several variables:
- Who’s projects are you managing?
- What type of data are you handling?
- Are you working on government or private sector projects?
- If customers are external to your organization, do they care enough to spend money on the risk and security planning?
Security is important no matter the project
The real answer to the question this article asks should always be “yes.” It really shouldn’t matter what type of data you’re managing on your project, you need to protect it. And even if you are managing nothing of any real sensitivity, paying attention to security will only help your organization and your customer. You don’t want your project to be the weak link into sensitive data your company handles or your customer is storing. You never know what window of opportunity your project might open into other sensitive data and information that may have nothing at all to do with the current project.
So, we’ve established that we should care about security…now what do we do?
Plan, plan, plan
To start with, plan like crazy…but don’t take too long. The problem with risk planning – and that is really what I’m talking about here – is something that little, if any, thought is really given to at the project level. And if risk planning is part of the project process and timeline, too often security is given almost no attention at all.
Make sure others are paying attention to your project
Data security…that’s the IT Director’s problem, right? Ummm…could be. But would you trust someone else with your sensitive data? I’m not saying IT directors and security analysts aren’t doing their jobs, but they may not have a vested interest in YOUR project. Your project may get protected by whatever security measures they have taken, but there is no guarantee of that. Meet with them…make your project important to them. Scream loud…if you aren’t heard and nothing is done, then it’s all on you. It’s not about the blame game here – but you do need to consider the consequences as a project manager and as part of your overall risk management.
Educate those on the project about the need for data protection, the potential consequences, and the sensitive nature of what your project is handling. Educate and inform the team, educate and inform the customer, and educate and inform your senior management. You may be overly concerned, you may be blowing it out of proportion, you may be screaming too loud…but the house with the outside lights, locked doors and several cars on the driveway is not the house that is going to get broken into randomly in the middle of the night. The potential perpetrators will move on to the next house. Trust me. Some security can go a long way in thwarting 90% of the threats.
The best thing you can do for your project and for the integrity and safety of your project’s data – sensitive or otherwise – is to plan, be aware, make others aware, and educate. The bottom line is that it’s all about communication. Security is important so you can’t assume these things are happening. I’m sure that these federal agencies didn’t see this huge data breach coming, but it did. Find out what security measures your organization takes for such data breaches and figure out where project dollars need to be spent in order to protect your project. You won’t be sorry.