To Thrive in the Everywhere Workplace, IT and Security Teams Need to Work Together
It’s Cybersecurity Awareness Month. For a CIO, this is like the holidays, and there’s lots to celebrate and lots to do. By reading this, you’re helping me check something off my list: I want everyone in the IT and security landscape to know how these two teams can work together for a more efficient, productive and secure enterprise.
To those outside the departments, IT and security teams are often conflated. (“Don’t they both deal with technical stuff?”)
And yet, IT and security have very different roles and objectives, and those objectives are often in direct conflict with one another. At the risk of oversimplification, IT is under a lot of pressure to move quickly, adjusting and rolling out DevOps with relentless speed.
Meanwhile, security is tasked with mitigating threats to existing products and making sure new releases are as secure as possible.
Fast or secure – do you have to pick one?
IT’s focus on speed doesn’t play well with security’s focus on security.
The solution isn’t to compromise on speed or security.
The solution is to enable IT and security to work together.
As CIO at Ivanti, I have the privilege of being involved in the incredible work of the IT and security teams.
A CIO perspective has allowed me insights into how these teams can leverage each other’s skills and knowledge to be even greater than the sum of their parts. With the two skilled teams we have here at Ivanti, this is saying a lot.
How to foster collaboration between IT and security
Strategy #1: IT and security teams need a single – and shared – source of truth
That seems obvious enough, right? But you’d be shocked how many IT and security teams rely on multiple, disparate, potentially conflicting sources of truth. Conflicting sources add fuel to the fire that’s already smoldering, given conflicting objectives.
Even though both teams have different tasks, they can inform those tasks with the same data points. Automating data gathering and processing can help mitigate human error and role-based biases.
Relying on the same, single source of truth also means less rework and unnecessary replication – a critical part of helping both teams be more efficient. Ivanti Neurons for ITSM delivers a single source of truth for assets, security and events.
Strategy #2: Embrace DevSecOps
DevSecOps isn’t simply about tossing security into DevOps. It’s a fundamental shift wherein security is an integral part of the DevOps processed and integrated from the very beginning – helping to align priorities.
Embracing DevSecOps also benefits IT by ensuring security isn’t slowing development by weighing in late in the game. It also benefits security by helping to ensure that the IT team isn’t rolling out products that may have security gaps that impact the security team’s objectives.
Strategy #3: Create context
Patching is an overwhelming task for even the strongest IT team. But patching without security context is nothing more than busy work. Risk-based vulnerability management makes a massive difference in threat detection and remediation, ensuring that teams are focused on the right threats at the right time.
Even better, automated risk-based intelligence creates context without creating more work for your team. And when risk-based intelligence solutions can integrate with other security and IT management tools, all key stakeholders get visibility to the same context and information so they can attack the problem together.
Strategy #4: Become customer zero
Have you prioritized security at the expense of access and usability? Have you prioritized features over security?
At Ivanti, we embrace the concept of “Customer Zero” we make ourselves the first customer for any solution before we release that solution publicly. Being customer zero can help you understand any IT and security solutions with significantly greater depth.
Adopt solutions and embrace real-world usage and feedback before you finalize any DevSecOps effort. It’s one thing to assume how a solution will affect IT, security and other teams in your enterprise – it’s another thing to know the impact and hear feedback directly from stakeholders.
The bottom line
Rather than conflict, IT and security can elevate each other. Both teams just need the right support and strategies in place.
Here’s to creating a more efficient, secure enterprise – together. Learn more about how the Ivanti Neurons hyperautomation platform can help.