Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Management & Strategy

How to Cross the Divide with Your IT Operations Colleagues

The modern enterprise IT environment is extremely complex. A myriad of smartphones, tablets, applications and network devices, along with the growing use of virtualization and cloud services, all present an increasing volume of management and security concerns.

The modern enterprise IT environment is extremely complex. A myriad of smartphones, tablets, applications and network devices, along with the growing use of virtualization and cloud services, all present an increasing volume of management and security concerns.

Next-generation security devices present new, more granular controls, but add to the complexity. Both IT Security and IT Operations teams are strained with managing, supporting and securing these environments, often clamoring for more resources to get the job done. As the work piles up, each organization hunkers down and focuses primarily on their specific roles and responsibilities.

Firewalls

What sometimes gets lost in the shuffle is the bigger picture, which is to make the business run more smoothly and efficiently. 

IT operations and security groups are ultimately responsible for making sure an organization’s systems are functioning so that business goals are met. However these teams approach business continuity from different perspectives. The security department’s number one goal is to protect the company, whereas the IT operations team is focused on keeping systems up and running. Oftentimes, IT operations and security teams must work together and be on the same page because both have an ownership stake.

This is easier said than done.

To achieve this alignment, organizations must re-examine current IT and security processes and identify areas where to add or enhance the necessary checks and balances, without impeding productivity.

Here are 5 Tips to Improve Communication and Alignment with Your IT Operations Colleagues

1. Re-examine the roles and responsibilities within the Information Security team as well as with the IT Operations team and identify areas – such as change management and audits – where both teams play a significant role.

Advertisement. Scroll to continue reading.

2. Set up a taskforce with stakeholders from both departments and develop or enhance a standard operating procedure (SOP) for how the teams will work together on a typical day and when crisis hits. This SOP should take into account the concerns of both teams and address day-to-day situations. You can’t predict when users will make requests to add new devices to the network, but you can prepare for dealing with those requests.

By designing plans with your counterparts that address these situations (or other ‘knowns’ such as network upgrades, change freezes, and audits), you can minimize security risk from poor change our out-of-band change processes. Communicate the agreed upon SOP with both teams and ensure continuous training of these procedures. This proactive approach will ensure a proper response during high pressure situations.

3. Work with your management and colleagues to define management by objectives (MBOs) and performance targets that include both individual and higher level targets. If security is compromised due to poorly configured change, everyone loses. And if security requirements are so stringent that SLAs cannot be met, the business also loses.

4. Build relationships and force over-communication. Encourage team building outings such as lunch and learns, retreats and off-site events to build relationships amongst the departments. Plan some fun, IT organizational events to break down the silos and build relationships amongst the staff. Additionally, set up weekly/monthly/quarterly review sessions between the two groups that focus on internal process improvements (poor internal security processes were identified in a State of Network Security 2012 survey as the greatest security risk). Not only do these activities create awareness and enable joint decision-making, but people generally respond better to friendly faces.

5. Support both teams by implementing technology in addition to the newly developed or refined processes to facilitate collaboration and make their lives easier – having holistic visibility will lead to improved network availability and security.

At the end of the business day, it’s about finding the right balance for each organization between security and productivity. One should not have to come at the expense of the other.

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Discover strategies for vendor selection, integration to minimize redundancies, and maximizing ROI from your cybersecurity investments. Gain actionable insights to ensure your stack is ready for tomorrow’s challenges.

Register

Dive into critical topics such as incident response, threat intelligence, and attack surface management. Learn how to align cyber resilience plans with business objectives to reduce potential impacts and secure your organization in an ever-evolving threat landscape.

Register

People on the Move

Gigamon has promoted Tony Jarjoura to CFO and Ram Bhide has been hired as Senior VP of engineering.

Cloud security firm Mitiga has appointed Charlie Thomas as Chief Executive Officer.

Cynet announced the appointment of Jason Magee as Chief Executive Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.