The main purpose of business dpt. is to develop business and earn money.
The main purpose of Security dpt. is to secure the core business by spending money.
Every time business hopes low cost and easy use, while the security hopes secure enough no matter how trouble it takes.
Business always breaks rules while the security defines strict rules.
Business is the core of the company which earn money. Security is just the internal supporting which spend endless money without obvious profit.
So the high level managers like business and hate security. Without high level support, security lacks the power to fight with business. Without good security protection, business get affected in several security incidents. Company’s reputation becomes worse and the business goes down. So that less incoming money makes even worse security protection. Security incidents again and again… That’s the bad loop.
It is quite clear, the conflict or the gap can be fixed.
Business should understand the important of security and accept security’s advice.
Security should balance the security requirement VS. cost effect and try to make security methods easy to use.