Over the past few years, mass adoption of new technologies and digital devices has created an even more fraught digital landscape for IT and security teams to co-manage. Work from anywhere (WFA) remains the norm – with employees choosing to regularly do business from a wide variety of locations across an even wider range of devices, and the threat landscape grows more relentless by the day.
This makes IT’s job more complicated and securing the organization even more difficult. Now more than ever, IT and security teams have to balance priorities, so employees have both the technology and IT support to work where and how they want, while also doing so securely.
Historically, IT and security teams have operated as separate entities within their organization, only sharing information or collaborating when required. However, with more riding on digitalization, employee productivity, and business resilience today, collaboration between these two critical branches of business isn’t optional, it’s essential.
Businesses should consider where they can strengthen IT and security collaboration to maximize their opportunity to scale thoughtfully and resiliently from the start. Here’s what that looks like in practice.
Chief Trust Officer at NinjaOne.
Simplify internal communication
While many organizations have made strides in aligning IT and security, communication breakdowns can remain a challenge. Historically, friction between these two departments was driven by a lack of communication and competing priorities.
For the CISO or head of the security team, reducing the company’s attack surface, limiting access privileges, or banning apps that might open their organization up to unnecessary, additional risks are likely to be core focus areas.
While for the CIO or head of IT, ensuring employee productivity and finding new ways to drive innovation (often by adopting new tools and technologies) are typically top priorities.
But today, with more employees opting to operate outside of office walls and with a custom mix of device, application, and other OS preferences, gaps between IT and security teams have the potential to significantly hamper operations.
With the stakes so high and the digital landscape so wide, it’s essential to have more proactive alignment between IT and security teams in setting milestones, communicating roles and responsibilities, and maintaining communication across stakeholders.
The good news is, there are more opportunities now than ever before for IT and security operations to naturally converge – in endpoint management, patch deployment, identity and access management, you name it. It can help to clearly document IT and security’s roles and responsibilities and practice scenarios with tabletop exercises to get everyone on the same page and identify coverage gaps.
As the UK National Cyber Security Centre (NCSC) testifies, tabletop exercises are critical for enhancing organizational preparedness and making sure each team knows where responsibilities and priorities lie when it comes to shared initiatives. In other words, practice makes perfect when it comes to keeping both teams in sync.
Cultivating cross department knowledge
Economic uncertainties and a widening skills gap only amplify the need for stronger IT-security alignment. As Tech UK highlighted, businesses are increasingly looking for professionals who possess both IT and security skills – to streamline joint IT and security operations.
Technical incidents, which often stem from endpoints (think: a remote employee falling victim to a phishing attack that puts the whole organization at risk), highlight this overlap. ESG found that 77% of organizations experienced cyberattacks originating from inadequate, unknown, unmanaged, or poorly managed endpoints.
Often, the same individuals responsible for managing those endpoints are the ones investigating security breaches, making cross-functional expertise critical. Understanding whether the issue came from an unmanaged device or security vulnerability is essential to quickly diagnosing and resolving threats – both present and future.
Organizations who can recognize, retain, and help upskill candidates with transferrable skills in these areas will be the ones with the most closely aligned IT and security teams.
Holistic visibility
In addition to building versatile teams, organizations should focus on consolidating IT and security toolkits by prioritizing solutions that expedite time to value and boost visibility. We’ve said this in security for a long time: you can’t protect (or defend against) what you can’t see.
With shared visibility through integrated platforms and consolidated toolkits, both IT and security teams can gain real-time insights into infrastructure, threats, vulnerabilities, and risks before they can impact business.
Solutions that help IT and security teams rapidly exchange critical information, accelerate response to incidents, and document the triaging process will make it easier to address similar instances in the future.
Today, automation is also critical for reducing cumbersome, manual work and information sharing between IT and security teams, allowing both teams to focus human effort on furthering strategic objectives rather than addressing routine tasks like patching or vulnerability scanning.
Enhanced analytics and reporting capabilities can also enable deeper insights, better decision-making, and improve performance across both disciplines.
By leveraging unified platforms, organizations can foster greater alignment across priorities, ensuring IT practices consistently align with security standards and evolving compliance requirements.
Ultimately, centralized tools empower IT and security teams to be more agile and proactive by strengthening resilience, improving efficiency and collaboration (while cutting down on tool sprawl), and driving a more cohesive, strategic (and less burnout prone) approach to technology management.
Bringing together your teams
Cyberattacks are an inevitable part of the digital landscape, and the ability to detect and mitigate them quickly is crucial. While many organizations have taken meaningful steps to streamline collaboration between IT and security teams today, the threat landscape continues to evolve.
Strengthening incident response and speeding up threat detection in the face of a rapidly evolving threat landscape, while also prioritizing employee productivity and individual workplace preferences, requires an ongoing investment in alignment.
Organizations that lean into open communication, unified leadership, complementary expertise, and cohesive solutions will be far more resilient and better positioned to adapt to change as a result.
We've featured the best online cybersecurity course.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.