I stumbled upon an article on LinkedIn that illustrates the need for IT Security Professionals to be mindful of today's world. There are many schools of thought when it comes to information security. What it comes down to is IT vs Business as far a security goes. It is my belief that a healthy security program will demonstrate some push back from business users. When there is some tension, we know that it's working. However, that doesn't mean that a business should suffer because of security. If a security policy is created that banns unapproved "Shadow IT" applications, that means that IT Security needs to consider approving some. What good is great IT security, if there is no business to use it?