More streamlined IT and security collaboration is something the industry has been moving toward for the better part of the past decade, but thanks to some recent changes in organizational reporting structures (i.e., the CIO emerging as the de facto leader for IT and cybersecurity) and a convergence of in-demand IT/security skills, the relationship between IT and security teams is tighter than ever before.
For organizations still struggling with security and IT alignment, communication silos and misaligned priorities present a lot more risk for business than failing to keep pace with modern technology shifts. We know that the ramifications of these two teams not working together can be detrimental at best and catastrophic at worst. Here are a few tips as you look to overcome communication barriers, align objectives, and streamline collaboration to drive the business forward.
Communication is key
Communication breakdowns are a constant in technology. Though as an industry, we have made a lot of progress on this front, the struggles that I see most often center around hazy expectations. While communication difficulties have less to do with IT vs. security today (as was once the case), the main challenge instead centers around having clear objective milestones, understanding each other’s roles and responsibilities, and ensuring stakeholders are aware of those respective roles.
This is why activities like tabletop exercises are so valuable. Combined with clear documentation and reporting, tabletop exercises highlight overlaps and gaps in IT and security coverage for specific scenarios. These exercises can help the team clearly prioritize, raise awareness of what they are working on, and gain budgetary buy-in to advance shared objectives.
Ensure IT leadership is aligned
IT and security team challenges can also emanate from the top down, with CISOs often reporting to a variety of different stakeholders (i.e., the Chief Digital Officer, Chief Trust Officer, or Chief Information Officer, depending on the organization). A lot of the challenges that we see between CISOs, and CIOs are because, by design, they have competing interests and goals. Historically, CISOs are reported on security posture and incidents, while CIOs are concerned with productivity, innovation, and cost efficiencies.
Reporting on these goals is important, with its leaders at the top responsible for simplifying work across the organization and consolidating challenges into a common strategy. Now with CISOs increasingly rolling up to CIO’s, we are seeing closer alignment on goals and increased collaboration.
Having a single IT leader makes it easier to effectively communicate objectives and ensure folks are aligned on the pieces they need to deliver. After all, marching bands play best with a single conductor. On top of that, providing a set of metrics and measurable goals your teams are tracking toward can ensure all major pieces are moving forward in concert with one another.
Leverage shared skill sets
One of the reasons we are seeing IT and security alignment tighten is due to cost efficiencies and overlapping skill sets. With the economy still dotted with uncertainty and the IT skills gap widening, organizations are looking for individuals with skills that lend themselves to both IT and security.
When you think about technical incidents in a company today, they are typically related to an employee’s laptop or desktop or a production-related system (in fact 77 percent of organizations have experienced a cyberattack that started via the exploit of an unknown, unmanaged, or poorly managed endpoint). And the individuals responsible for managing those endpoints are also the ones responsible for investigating security breaches and forensics. It’s all complementary.
Lean into those shared skill sets to streamline costs and collaboration amongst teams. Additionally, think about where you can consolidate IT and security tools to help curb burnout while also reducing business risk. And with more expectations on both IT and security teams today, ensure your employees are enabled, empowered, and set up for success.
One team, one dream
The threat landscape is more punishing than ever, and if your IT and security teams aren’t working closely together already, odds are your organization is even further behind in terms of what you need to be doing to stay secure.
Cybersecurity incidents are the new normal. The true metric for success isn’t preventing breaches from happening, but quickly containing them once they do occur. The closer these two teams work together, the more likely they are to be able to make quick containment (and business consistency) a reality.
Though we’ve made major strides in streamlining the way that IT and security teams collaborate, the ground is always moving. New challenges and threats are certain to arise, but the more these two teams can work together, communicate, and track toward aligned objectives, the better equipped they’ll be to further innovation and productivity while scaling business securely.