Usually when the topics of security and coffee are raised in the same sentence, one of two thoughts comes to mind:

1. Very late nights in the past resolving a security incident
2. Stalking (i.e. hackers breaching free Wi-Fi hot spot services at local coffee shops)

I strongly believe there should be a third:

3. Leveraging a simple cup of coffee as a mechanism for breaking the ice and building a relationship with the leaders of business units within your organizations

Too many times I’ve walked in early to a customer meeting to find the IT Security group introducing themselves to the leaders of other departments within their own organizations for the first time.

This event is typically driven by an upcoming project to secure item “XYZ” which involves a new application or process.  Although this is a less than perfect situation, it is better than the alternative where the business does not consult IT security until the organization suffers a breach, possibly from this new project.

With the explosive growth of new technologies such as mobile devices and the Cloud, for example, the likelihood that your organization is introducing new processes, applications, and devices without the security team’s knowledge is rapidly becoming a reality. The value of the Cloud itself provides the business benefit of easy migration of applications and seamless sharing of data. This seamless infrastructure has an imminent impact on the risk to your organization’s information.  The ease of adding cloud computing and/or storage makes their introduction into an organization’s IT infrastructure without IT security’s knowledge a distinct possibility. In fact, recent research from the IT Policy Compliance Group notes that 54 percent of organizations do not know how many cloud computing projects are underway in their organization.

In regards to mobile devices, many organizations are rewarding employees for their loyalty and hard work with tablets and upgraded smartphones. This class of device is presenting new challenges to IT and their adoption adds another attack vector within your environments.  So how do you protect or manage a device that you are not aware of?

This is where leveraging a simple cup of coffee can have a great impact on the security posture within your environment.

Most organizations recognize at some level that the impact of a breach or data loss both from a financial and corporate reputation perspective is traditionally more costly than initially implementing controls and processes to manage the exposure and risk. However, early discussions revolving around securing future and upcoming projects rarely occur in the pre-planning stages.  This is where the price of coffee comes into play.  Something as a simple invite of a colleague to share a cup of coffee can forge cohesive business relationships. This can have a long term impact on the notification and inclusion of IT security being aware of new projects, applications and devices being stood up in the organization.

So the next time you are considering a run to Starbucks, recognize a simple invite could make a difference between being included or excluded from key conversations that affect the security posture of your organization all for only a few dollars over their choice of coffee.