Considering how organizations, especially medium to large enterprises, often address security risks, the number of flaunting security protocols isn’t so surprising. Instead of operating with a comprehensive strategy to protect their cyber resources, many still rely on a patchwork approach with separate IT operations and security teams, who often are at odds with one another.
Plenty of roadblocks keep IT operations and IT security separated.
Their objectives differ. The operations team’s goal is to ensure an organization’s systems are running smoothly to support its daily work. Security professionals are laser-focused on digital threat assessments, addressing vulnerabilities and reducing risk.
They often fight over limited IT resources. While operations staff may see the need for a new software solution to streamline a business process, their security team colleagues may argue that that same pot of money is better spent to safeguard it.
And there may be communication challenges. In the eyes of operations staff, security measures may just slow productivity because of poorly integrated tools or false positives that flag a potential security risk. Meanwhile, security teams may be increasingly frustrated that their colleagues on the operations side aren’t following what they consider to be commonsense security protocols.
But the benefits of bringing the two together far outweigh whatever work is required to overcome those engrained objections. When IT operations and IT security are unified, enterprises can reap big rewards like these:
Greater visibility across the IT enterprise
Enterprises are grappling with any number of IT-related challenges to operate and secure their data. Legacy systems may be difficult to integrate with cybersecurity tools. Organizations may operate with multiple interconnected networks — from cloud environments to remote offices and virtual private networks (VPNs). IT budgets may be limited.
When partnering, IT operations and IT security staff can get on the same page with shared tools and data. With the same information and resources as a foundation, IT teams gain a mutual understanding of each other’s needs and challenges, and that allows them to tackle those issues together.
Improved response and deeper resolution
Whatever the incident, detection, classification and response capabilities all are boosted when security and operations teams collaborate. That’s because each group brings their own expertise to the table.
During a breach, for example, while the security team responds to an attack, operations team members can ensure impacted systems are isolated and prepare for a swift return to normal activity. Once it’s resolved, they can work together to update security patches and conduct a forensic analysis of what happened and why.
Finally, when their work is aligned, IT teams can start speaking the same language. And that means less confusion as network concerns, security issues and questions about the rate of false positives pop up. With that greater visibility and understanding, each team realizes the importance and interconnectivity of the other’s responsibilities and objectives. Now, they’re working in partnership to ensure that organizations have both the systems and security they need.
Collaborative, cooperative, coordinated IT
Of course, all of this is easier said than done. Moving away from the traditional siloed approach to IT operations and security management requires deliberate work and a top-down approach. Senior leadership must support the cooperative effort and create governance structures that monitor it.
From there, other tasks include policy and planning changes. A cross-functional team with representatives from both IT operations and IT security teams is the first critical step. Defining the clear roles, common goals and responsibilities of each team and documenting those policies and procedures will bridge gaps. To ensure coordinated responses to incidents, collaborative incident response plans that involve both teams are also crucial.
Relationships should be forged. Regular meetings and workshops between operations and security staff to discuss questions and concerns will foster open communication. Cross-training opportunities for IT and operations staff support mutual understanding. Shared threat intelligence from IT security teams to IT operations teams can build trust.
The right tools are vital as well. Integrated solutions that provide visibility into both operational and security concerns, in particular, can help teams more effectively monitor and manage an enterprise’s IT environment.
Systems and attitudes can be slow to change; this coordinated effort may take time to perfect. But, as the walls between IT security and IT operations come down, enterprises will start building up a collaborative and cooperative culture that supports business goals and safeguards its operations. And that will only pay large dividends in the future.
Author – Patrick Hayes
