Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

How to Cross the Divide with Your IT Operations Colleagues

The modern enterprise IT environment is extremely complex. A myriad of smartphones, tablets, applications and network devices, along with the growing use of virtualization and cloud services, all present an increasing volume of management and security concerns.

The modern enterprise IT environment is extremely complex. A myriad of smartphones, tablets, applications and network devices, along with the growing use of virtualization and cloud services, all present an increasing volume of management and security concerns.

Next-generation security devices present new, more granular controls, but add to the complexity. Both IT Security and IT Operations teams are strained with managing, supporting and securing these environments, often clamoring for more resources to get the job done. As the work piles up, each organization hunkers down and focuses primarily on their specific roles and responsibilities.

Firewalls

What sometimes gets lost in the shuffle is the bigger picture, which is to make the business run more smoothly and efficiently. 

IT operations and security groups are ultimately responsible for making sure an organization’s systems are functioning so that business goals are met. However these teams approach business continuity from different perspectives. The security department’s number one goal is to protect the company, whereas the IT operations team is focused on keeping systems up and running. Oftentimes, IT operations and security teams must work together and be on the same page because both have an ownership stake.

This is easier said than done.

To achieve this alignment, organizations must re-examine current IT and security processes and identify areas where to add or enhance the necessary checks and balances, without impeding productivity.

Here are 5 Tips to Improve Communication and Alignment with Your IT Operations Colleagues

1. Re-examine the roles and responsibilities within the Information Security team as well as with the IT Operations team and identify areas – such as change management and audits – where both teams play a significant role.

2. Set up a taskforce with stakeholders from both departments and develop or enhance a standard operating procedure (SOP) for how the teams will work together on a typical day and when crisis hits. This SOP should take into account the concerns of both teams and address day-to-day situations. You can’t predict when users will make requests to add new devices to the network, but you can prepare for dealing with those requests.

By designing plans with your counterparts that address these situations (or other ‘knowns’ such as network upgrades, change freezes, and audits), you can minimize security risk from poor change our out-of-band change processes. Communicate the agreed upon SOP with both teams and ensure continuous training of these procedures. This proactive approach will ensure a proper response during high pressure situations.

3. Work with your management and colleagues to define management by objectives (MBOs) and performance targets that include both individual and higher level targets. If security is compromised due to poorly configured change, everyone loses. And if security requirements are so stringent that SLAs cannot be met, the business also loses.

4. Build relationships and force over-communication. Encourage team building outings such as lunch and learns, retreats and off-site events to build relationships amongst the departments. Plan some fun, IT organizational events to break down the silos and build relationships amongst the staff. Additionally, set up weekly/monthly/quarterly review sessions between the two groups that focus on internal process improvements (poor internal security processes were identified in a State of Network Security 2012 survey as the greatest security risk). Not only do these activities create awareness and enable joint decision-making, but people generally respond better to friendly faces.

5. Support both teams by implementing technology in addition to the newly developed or refined processes to facilitate collaboration and make their lives easier – having holistic visibility will lead to improved network availability and security.

At the end of the business day, it’s about finding the right balance for each organization between security and productivity. One should not have to come at the expense of the other.

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Management & Strategy

SecurityWeek examines how a layoff-induced influx of experienced professionals into the job seeker market is affecting or might affect, the skills gap and recruitment...

Management & Strategy

Tens of cybersecurity companies have announced cutting staff over the past year, in some cases significant portions of their global workforce.

Funding/M&A

Twenty-one cybersecurity-related M&A deals were announced in December 2022.