Part two of a two-part series
As threats from cyberattacks increase by the day, the need to defend and protect vital assets and network systems also grows more urgent. Unfortunately, friction between IT and security teams can hamper efforts to put an effective strategy in place. With today’s rapidly expanding threat landscape, it is critical to align IT and security teams to ensure better communication and cooperation.
For example, creating integrated IT and security operations teams can be instrumental in ensuring complete alignment and accountability. Such teams can review and vet policies to be certain security is deployed seamlessly and collectively.
With today’s rapidly expanding threat landscape, it is critical to align IT and security teams to ensure better communications and cooperation. - Read more at @NETSCOUTIn the recent WSJ Pro Cybersecurity webinar “Aligning IT and Cybersecurity,” sponsored by NETSCOUT, several industry experts shared suggestions on how to improve IT and security cooperation to achieve better security results.
5 Steps to Improve IT and Security Team Effectiveness
- Create a security ambassador or champion program. According to Sanjay Macwan, chief information officer (CIO) and chief information security officer (CISO) at Vonage, “By bringing in experts from different functional areas of the organization—such as security, IT, operations, engineering, etcetera—who have an understanding of the complexity of security, it becomes possible to create a sounding board for the organization.” Macwan suggests that when new tools, technologies, or controls are being considered, stakeholders can examine the additions from varying perspectives to ensure the organization makes the optimum decision.
- Don’t let security be a fortress. It’s important for the security organization to foster an open-door policy that encourages anybody in the company to come in and share ideas, problems, and concerns. The security team should be easily approachable. Having transparency and trust throughout the organization is key to advancing the mission of security while balancing the need for agility around service and product delivery.
- The business is security’s business. The entire security organization needs a solid understanding of the business, as well as the technology stack used to deliver services and products. When discussing a technology, control, or security solution with engineering and IT teams, security teams will work smarter when they have a deeper understanding of the implications to the business, rather than simply seeing things through a security lens.
- Collaboration between CIO and CISO is vital. Alvina Antar, CIO for Okta, stated that “CIOs and CISOs need to collaborate effectively in order to gain alignment and achieve clarity around roles and responsibilities, as well as to reduce budget friction. By working together, and making major decisions around priorities with a collective voice, IT and security considerations can be more affectively tackled.” Antar believes such alignment makes it easier to view the bigger picture and make adjustments as needed to achieve the best outcome for the organization.
- Align IT and security when presenting to the board. “IT and security teams need to be aligned when presenting challenges, progress, and needs to technology committees or audit committees, as well as to the board,” Macwan concluded. “It is crucial to be able to share the right level of details and information in order to align with company objectives and ensure support from the top of the organization.”
Escoute Consulting President Mark Thomas pointed out that it is important for CIOs and CISOs to consider their mutual roles as interdependent. “A lot of CIOs and CISOs think ‘If something goes wrong, how am I going to keep from having the finger pointed at me?’ Instead, I believe they should be more focused on building alignment and a relationship structure between the two roles that is founded on trust and cooperation.”