Problem #4: Believing the Customer Is Clueless

So, here you are with that annoying client. You've thought it through and concluded that the business team doesn't understand computer security. They don't realize the risks they are taking. They just want to check the box quickly and move on. They won't pay for the controls, and you're being forced to try to convince the auditors that you're in compliance.

Worse than that, you've now concluded that the business team will never get it. You've emotionally checked out. This has led to an unspoken us-versus-them mentality at project meetings. Problem is, they've got the money, influence and power to make things happen.

Key #4: Improve Customer Relations by Separating the People from the Security. One industry expert who has successfully completed dozens of major integration efforts told me this: "True, we always need to overcome people, process and technology issues, but they are not even close to being equal in difficulty. Over 90 percent of the problems are really people issues."

For starters, the business is made up of people. These people have families, play golf (or another game) and cheer for local sports teams. Remembering this will help you resist the urge to demonize them or write them off. More than that, it will help you separate the tough issue you're addressing from the person you disagree with. Remember that the relationship will usually last longer than the current challenge. Get to know the business, one person at a time. Build trust. If you listen to your customers over lunch, you will naturally build relationships that outlive the bad things that happen. The customer is (usually) not clueless--so figure out want you don't know that he or she does.