Smashing Silos and Building Bridges in the IT-Infosec Divide

  /     /     /  
Publicated : 22/11/2024   Category : security


Smashing Silos and Building Bridges in the IT-Infosec Divide


A strong relationship between IT and security leads to strong defense, but its not always easy getting the two to collaborate.



The relationship between IT and information security can be difficult to navigate: there are traditionally conflicting interests and perspectives between IT, which is responsible for making sure tools and systems work, and security, which must make sure theyre protected.
Finding the right balance between accessibility and security is a key part of the modern organizations success, said Juliet Okafor, senior vice president of global security solutions at Fortress Information Security, in an InteropITX presentation on the topic this month. Rigid silos between IT and security have become a clear point of attack leaving organizations vulnerable.
The dynamic between the two groups has changed along with technology. Back in the 1990s, security was considered a function of IT. Corporate networks had a hard perimeter; firewalls were the foundation of security. Modern enterprise computing environments have since become global, borderless, fully mobile, and more complex than ever before.
This evolution has driven new sets of challenges for both groups, said Okafor. IT is worried about data availability while security prioritizes data protection. IT focuses on system uptime; security works on system safety and control.
Culture also varies between the two. IT tends to be more agile, with shorter and more frequent maintenance windows. Operational technology, and sometimes security, typically require more time with longer maintenance periods. They dont want systems down for periods of time, she noted; theyre operating in an environment where things have to stay up and running.
Companies are figuring out how to best position the two. An upcoming Dark Reading study on the relationship between IT and security found 37% of businesses surveyed have a distinct security department, with its own staff, within a larger IT department. Twenty-one percent have one or two security people in IT; 21% said they dont have any people who are dedicated to security full-time. This is just a peek at the study, which will be published in July.
Thirty percent of 120 technology and security professionals report IT and security work well together and their relationship is improving. The majority (38%) says while their dynamic is generally good, it needs some work here and there. About one-quarter say miscommunication between the two has led to continuity or security issues.
Turf Battle
The disparity between how IT operates, and how infosec operates, demands we take a closer look at how theyre working together, Okafor explained. Due to budgets, reporting structure, IT and infosec often have a tough time with competing and sharing turf.
The CISO and security team should be given a seat the table when decisions are being made, she noted. Oftentimes they arent: Only 15% of respondents in Dark Readings study say security is at the table for the beginning of every new project, and their views are always considered critical. Twenty-eight percent say security is brought in at the start of most important projects and they have a strong voice.
However, nearly the same amount (27%) reports security is consulted sometimes and is usually heard if its a legitimate concern.
Technical knowledge is important but its not the only answer to the problem, said Okafor. Whats critical here is communication: the ability to understand and engage with the person youre talking to. The biggest issue with security and technology tends to be people, she pointed out.
A key trend in bridging silos is having different team members work on problems together, she added. Give IT workers a sense of what security projects are like, for example, so they can learn about requirements and needs from the infosec side and apply those skills to other projects.
More and more, Okafor continued, success in security means knowing and understanding the business. Security professionals with business and/or liberal arts backgrounds can and should work with their IT colleagues, who have more technical expertise, to come up with more comprehensive solutions to problems. IT employees may also bring technical contributions to security teams, which may not have the same level of proficiency in Java or C++.
The more we can bring IT people into infosec, the more the IT team, and the entire security department, benefits, said Okafor.

Last News

▸ 27 Million South Koreans Hit by Online Gaming Theft. ◂
Discovered: 23/12/2024
Category: security

▸ Homeland Security Background Checks Breach Raises Concerns. ◂
Discovered: 23/12/2024
Category: security

▸ Fully committed to the future world of technology. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Smashing Silos and Building Bridges in the IT-Infosec Divide