Security is a team sport, or at least it should be. Given the constant behavior evolution we see from attackers and the vast IT footprint attackers can target, IT and security teams clearly face an uphill battle. Whereas attackers only have to be right once to succeed, defenders must be right 100 percent of the time. To reach that level of success, prioritizing the right people, processes, and technology is critical.
To determine how well IT and security are working together, we commissioned Forrester Consulting to explore the current state of the IT / security relationship dynamics (from the C-level to practitioners) and how these dynamics will evolve. Below are excerpts from the results:
Expectations vs. Reality & Existing Tension
An initial positive sign is that strategic priorities between IT and security are fairly aligned, with preventing breaches, efficiency, and incident resolution among the top goals for today’s teams.
A more comprehensive look at organizational priorities provides a deeper look. According to the study, “driving collaboration and alignment between security and IT teams” topped the list with 55 percent of respondents listing it as a top organizational priority over the next 12 months. Given this clear prioritization, there’s potential cause for concern when looking at the data surrounding the existing relationships between IT and security teams and leaders.
According to the study, 77.4 percent of respondents noted that IT and security had a negative overall relationship. Among senior leaders, 53.7 percent noted the relationship between the CIO and CISO was negative, suggesting existing tension. The rest of the numbers are equally as sobering as the only relationships with majority positive numbers were “CIO with VP and below” and “IT with audit” within the IT organization. According to the data, there’s some work to be done.
Existing IT / security challenges extend beyond personnel relationships. Maintaining IT hygiene, integrating security products and maintaining technology integrations contribute to potential issues and topped the study’s list as some of the most concerning issues for survey respondents.
Staffing & Resource Concerns
Staffing resources and structure may be playing a role in the IT / security tension. Nearly 50 percent of both IT and security respondents reported being understaffed with security respondents noting their specific teams are, on average, 48 percent understaffed and IT teams are, on average, 26 percent understaffed.
Of course, IT and security talent is often hard to come by, with security being a bit more challenging, according to the study results. 79 percent of respondents said finding the right security talent is either “very challenging” or “extremely challenging” and 70 percent reported the same for IT talent.
Be a Team
Executing a consolidated IT management and security strategy will help break down silos and empower respective teams to tackle security as a team sport. With respective priorities well aligned, the desire to reduce risk travels all the way up to the board of directors.
Paramount to risk reduction and better alignment is the ability to drive collaboration and share decision making. More often than not, both security and IT will share responsibility for areas like endpoint security, security architecture, and identity and access management over the next three to five years. This is a positive sign for the near future. IT and security professionals alike are optimistic that shared responsibility will become the norm and, perhaps, drive better alignment across many critical areas of the business.
Take a look back at recent blog posts about how malware [link] changed the threat landscape in 2019, as well as how ransomware [link] became a pervasive threat to state and local governments.
To learn more about how to be the best defender in 2020 check out VMware Carbon Black’s 2020 Cybersecurity Outlook Report.