The borderless enterprise is here so IT policies need to accommodate more devices, more networks, and more applications (opens in new tab) in more places than ever before. A successful IT strategy is centered around enablement and supported by agile and flexible security. This need has led to a merging of IT and Security team goals and a closer working relationship.
Linh Lam, SVP & Chief Information Officer, Jamf (opens in new tab).
Historically, the tension between IT and Security teams is caused by a disconnect in each team’s goals. The IT team was focused on delivery and availability of digital services for customers (opens in new tab) and employees, while the Security team was focused on finding security and privacy risks in those same services. This misalignment between goals inevitably led to tension between the two teams.
However, in today’s businesses, there are three driving forces that are bringing the goals of IT and Security teams into closer alignment.
The roles of CIOs and CISOs are becoming more strategic
Organizations’ IT and Security teams have more in common than you might think. There's been a fundamental shift away from the silos that used to keep these teams from working together, as well as a new approach to what constitutes an IT or Security responsibility.
The CIO’s traditional responsibilities of assisting with back-end infrastructure and supporting employee devices are becoming more automated, and CIOs have shifted their focus onto enterprise strategic initiatives. Increasingly, you see CIOs driving digital and operational transformations because of the breadth of ITs coverage, knowledge and delivery. All of this means CIOs need more awareness and accountability of security rather than leaving it to another team.
While the CIO’s role is becoming broader and more security-aware, CISOs are playing a more active role in risk management. Security used to be about using technology to build a moat around the castle - aka the network perimeter - to safeguard against attacks and vulnerabilities.
When the Security team’s mindset shifts from technology to risk management, it becomes a strategic business function, bringing the security team into critical executive-level conversations.
When IT and security work together early and collaborate on building security into the foundation of IT strategy, the due diligence around vulnerabilities and threats has already been done so when it’s time to deploy an application, security is not an after-thought or late reaction.
Coming together to give employees what they need
In recent years we have learned that employees (opens in new tab) are more productive when they are allowed to work from their preferred device, and that might mean using their personal device. We’ve come a long way since former iterations of BYOD (bring your own device), where devices were either left unprotected or burdened with intensive management and security tools that violate user privacy (opens in new tab), leading to poor adoption or rejection by employees. Security solutions are only effective if they achieve widespread adoption.
To solve this complex challenge, IT and Security teams both need to operate with a respect for employee choice and an awareness of their preferred technologies. Especially in a virtual environment, when a healthy culture and working environment depends on the performance of technology to keep people connected to each other and to the corporate resources they need.
IT admins do not need to resort to the “iron-fist” approach of yesterday to maintain their environments at the cost of bullying end-users into doing things a set way. Rather, there are nuanced approaches that see IT working with their users to protect data in a way that secures devices while allowing users access to only the resources they need to perform their jobs.
Making joint decisions on modernizing tools to enable hybrid work
The hybrid workforce has surfaced new requirements, especially around user experience and decentralized security. Investment should be made in IT tools that are built with speed and security at the forefront.
Users and IT teams alike have felt the sting of VPN's limitations during the global pandemic. All users have to receive access to the entire network to access anything, and all users have to share the often very limited VPN (opens in new tab) gateways into the corporate network. This leads to latency issues and productivity interruptions, not to mention the financial burden of maintaining antiquated hardware requirements of VPN.
Now organizations are beginning to make investments in ZTNA to solve these issues. ZTNA allows organizations to secure access to their corporate resources in a granular fashion while drastically simplifying the user experience. ZTNA is the ideal solution for preserving user privacy while providing robust security of corporate applications. Personal communications and data (opens in new tab) (i.e., non-corporate) are not governed by ZTNA policies, this makes ZTNA ideal for BYOD and hybrid work environments.
IT and Security teams are becoming close partners at a time when the “workplace” is becoming more virtual than ever. Innovation happens when teams with diverse thoughts and experience and a willingness to embrace change, and when each team is successful, the whole organization benefits. As we look at the successful transition of many organizations to a sustainable hybrid work model, one thing is clear, it wouldn’t have been possible without a close partnership and alignment between IT and Security teams to deliver the best, secured employee experience for the virtual enterprise.