What I mean by "productivity does not require security" is that most organizations are guilty of deploying networking technologies without consideration of the security risks involved. Anyone can setup a productive Apache server, but properly locking it down, setting permissions and associated firewall and routing policies, etc., is something that should be considered, but is often devolved down to a set of so-called best practices, if followed at all. You can stand up a wireless AP, but setting one up securely is something beyond most people (I can walk around my neighborhood and remain connected with the number of open APs available). When you look at convergence technologies, such as VoIP, everyone sees the benefits, but no one factors the risk mitigating costs, such as ensuring that your routed infrastructure's reliability matches that expected of your phone system.
We are so often blinded by the fact that something works, that we fail to examine if it is secure until it is too late.