Every size and type of business is faced with IT and security challenges of ever-increasing variety and complexity. As IT departments scramble to find enough budget, skilled staff and time to address all the intrusions that could negatively impact their organization, internal pressures build. Especially in larger enterprises, the IT team is actually several teams: network, data, security, compliance, and so on. Piling on, each team works with several vendors, which are definitely not set up to work with each other. Obviously, there’s enough to grapple with technology-wise to keep everyone busy forever.
These “politics” in and around IT departments, especially in larger organizations, play a significant role in the overall security of the company. Even within the typical security department, there are islands of responsibility, budgets, and data. The network team doesn’t share resources or ideas with the endpoint team, and so on. Those who get data first often hide it in hopes it will make them look good or provide justification to request more funding. Veterans of the game know that dividing security work into sub-teams often means a bigger overall budget. If you simply consolidate teams, you stand to lose resources as redundancies are discovered and eliminated. In that sense, it may be beneficial to maintain some silos with distinct funding sources.
The real problem with silos is lack of collaboration. Without a strong web of communication stretching across all subdivisions, the security profile of an organization is incomplete. Gaps in security can go undetected, overlaps create inefficiencies, and data never makes it to the teams that do something important with it. Security staff and vendors must share data for the betterment of IT security systems, and for the protection of the enterprise as a whole.
In order for this sharing to become an integral part of a company’s culture and operations, upper level management must engage with their security teams. Executives and managers can look beyond IT fiefdoms to compile a holistic view of the people, processes and technology that serve to protect their infrastructure and their brand. Stepping back from interdepartmental politics will allow leaders to start intelligent conversations about shared priorities and risks. A big picture view will also highlight gaps in security that often occur when distinct solutions are deployed within silos and sub-teams.
This two-way communication breakdown clearly needs to be addressed within organizations, but also by security vendors. Not only do we need to better relay importance to upper management, we also need to better collaborate with boots-on-the-ground IT professionals to implement solutions in a way that benefits the entire business.
Recent high-profile incidents like the Target credit card breach have been widely publicized enough to reach the ears of executives. After all was said and done, very high-level executives lost their jobs and Target’s stellar brand was tarnished. It has become apparent that security (or lack of it) can make a big impact on the bottom line. Negative brand impact can potentially equal millions of dollars lost. On the other hand, a strong security profile can protect a brand and provide competitive advantage. The speed and thoroughness with which you can anticipate, detect and remediate security issues is certainly a competitive factor, and increasingly a condition of doing business with partners and the public.
Comprehensive security solutions can bridge political divides within IT organizations by providing visibility and a common set of data points. If every sub-team responsible for some piece of an organization’s cybersecurity can see easily the whole picture, including vulnerabilities and risks, it is possible to plan an integrated solution from a common understanding. Streamlining data gathering and sharing means teams can speak a common language when collaborating instead of being stuck with conflicting sets of terminology or reporting tools. A security solution that continuously scans every endpoint in the enterprise can provide objective, verifiable, repeatable and portable analyses.
This approach was the topic of much discussion at the recent Gartner Security & Risk Management Summit in Washington D.C., with speakers calling for organizations to become more proactive and hands-on about endpoint security through increased visibility throughout the enterprise network. This single view of security data becomes the trusted foundation for efficient work in service to the brand and the bottom line. The frantic games around the need for control, covering one’s derriere, and hoarding financial and staffing resources arise from the fear of the unknown. No security team wants the breach to happen on their watch, or through their piece of the network. An end-to-end continuous monitoring solution that addresses the headaches of Bring Your Own Device (BYOD), patch updates, configuration states, incomplete network registries and the like can build up enough peace of mind to alleviate the pressure cooker effect and encourage clear-headed planning and faster response times.
Politics are a part of every workplace, but powerful, comprehensive tools make a tough job easier and mitigate the causes of tiresome fire drills. The pointing of fingers becomes a moot point if everyone knows they are operating off the same data-driven understanding of security infrastructure. The job of the security team is challenging enough without internal complications. Leadership must align and inspire teams with the united goals of customer service, brand protection and competitive advantage and empower them with the right tools to get the job done.