Rowing the Same Direction: 6 Tips for Stronger IT and Security Collaboration
Published 10/16/2024
Originally published by Dazz.
The Olympians make it look easy, but make no mistake: rowing is a more difficult sport than meets the eye.
Changing conditions in the water and weather, exhaustion, and even a head tilt in the wrong direction can send the boat off course or cause the team to lose time. And perhaps the biggest (and first) lesson a team can learn is that no one person can control the boat single handedly. It requires a team fully focused and in unison to win.
The correlation between the experience for rowers and that of IT and security teams is clear. Differing priorities (protecting data and systems vs. UX, and availability), inadequate communication and context amidst the complexity and rapid pace of day to day operations, and lack of understanding of the other group’s roles and goals all hinder teams from rowing in the same direction.
Other common top-of-mind challenges both teams are experience today are:
- Secure use of GenAI
- Continued shift to cloud
- Supply chain risks
- Zero-day vulnerabilities
So how do we get our posture straight, our vision aligned, and our paddles stroking in unison?
We recently had a conversation with cybersecurity expert John Boyle, former Director of Platform and Portfolio Strategy - Cybersecurity, Manageability, Supply Chain Security at Dell (who happens to be very passionate about this topic), to get his vision of how IT and security can work better together.
We’re here to share the top 6 tips he gave us with you, complete with video clips from the conversation.
Tip #1: Know what’s in your environment
Whether you’re a small, medium, or large business, you need to get leaders together from different groups to see what the mission for cybersecurity is across the organization. Then you need to assess what you have in your environment—from devices to licenses to software to people and roles in place. We all know that IT environments and fleets have a mix of Chromebooks, Linux flavors, and Apple devices. So your weakest endpoint is your worst defense posture. Knowing what's in your environment helps security and IT collaborate to achieve zero trust—that can’t happen in silos.
Tip #2: Align on policies
Once you know what you have, you can create policies based on expectations of how technology will be used and secured, creating “red lines” on policies such as types of devices that must have security agents on them, firewall rules, infrastructure as code, and default configurations for cloud resources (and monitoring around that), and then adjust policies as time goes on and needs change.
Policies are ingrained and embedded in many solutions we all know and use for zero trust. Getting security and IT groups together to talk about what will protect your mission and not just your PNL inside the company is very important. What is IT’s policy on performance?
Align your policies but do it together. Focus on the mission first—the people and data you’re protecting— then align on policies that provide sustainability, performance, and all the pieces teams want in their fleet.
Tip #3: Measure and improve MTTD
Improving mean time to detection (MTTD) is a major focus for IT and security.
Whether it’s detecting potential attacks or IT failures, reducing MTTD is essential. For instance, if a switch goes down, it impacts the business—whether it’s an attack or just a bad switch. Lowering MTTD is a key metric that IT and security can work on together to ensure quick response to threats and issues. Ask about capabilities to detect known bad actor behavior, but also things that can lead up to a kill chain concluding successfully.
Note: This is not a one and done; there should be a security review every quarter with the company where IT and security assess events that happened, and how fast they were detected.
Tip #4: Measure and improve MTTR
Equally important to MTTD is improving mean time to respond or remediate (MTTR). These metrics are critical, and you likely don’t want to focus on improving both simultaneously if aiming for meaningful gains. MTTD is heavily reliant on technology for real-time detection and flagging, while MTTR involves both technology and processes. Enhancing MTTR offers significant benefits, like reducing downtime and risk exposure. Being able to quickly close out vulnerabilities means less chance of impact on the organization, highlighting the importance of fast and efficient response processes.
Tip #5: Continuously review ownership
Here’s a warning: This might be the biggest challenge to overcome in rowing the boat together.
The concept of ownership is seldom 100% accurate, especially when it comes to cloud workloads, cloud systems, and things that are ephemeral, making this process extremely hard. You can get data from many different places to infer ownership: directories, cloud systems, and source code management systems.—but actually confirming it is different.
Nonetheless, reviewing ownership in both the IT and security context is also extremely important. It’s an ongoing dialogue that IT and security teams need to have—even holding a biweekly meeting on new assets, new applications, or new code repos that we found, and who owns them wouldn’t be overkill. Upleveling the accuracy on ownership will trickle down into those meantime to detect and meantime to respond metrics from tips 3 and 4.
On the flip side of ownership, teams—especially during challenging times at companies—should not turtle and stay in survival mode. Ownership can be a bad thing too, like saying, "I own this, you don't." That’s where collaborative ownership comes into play.
According to John:
“I know who my go-tos are for federal fleet management as well as the commercial part of fleet management. I know what they own. However, I am a stakeholder there and keep their mission in mind for what they’re trying to accomplish. Sometimes we get so caught up in our little fiefdoms, goals, objectives, org structure, and P&L. But you have to understand, people need to have ownership of things for the good of the company because the company serves your customers.”
“When we talk about critical infrastructure, energy, healthcare, financial services, transportation, and food, those are important outcomes to people in this world. Everybody has ownership of security in the sense that we need to be up to speed on policies, take part in training and awareness, and report anything suspicious.”
It's also important to make it clear who in IT and security owns the choices for the partner ecosystem. It doesn't help to have five fragmented divisions with everyone using a different XDR.
Ownership should mean knowing who's the primary driver—but not to the point of creating silos for the wrong reasons.
Tip #6: Continuously assess your tech stack
We’re in an industry replete with great technology at your fingertips, but you need to size up your objectives, mission, common goals, and long-term strategy for the company and customer. Regularly assess this stack particularly when it comes to the possibility of introducing new “shiny objects” like GenAI. Get IT and security teams together to talk through the benefits and risks and ripple effect of adding in new technology.
Keeping with the AI example, introducing more automation brings greater scalability for your organization. But guess who else gets greater automation and scalability? The bad actors. This is where IT and security teams need to respect each other. IT is trying to ensure users in the organization can work effectively and efficiently while security simultaneously is trying to match that pace in protecting the organization and the organization’s data. All while delivering critical services to customers.
It's vital to balance enabling innovation with safeguarding the organization and its services. Regular tech stack assessments with candid team input ensure everyone feels invested in the technologies that enhance security and overall success.
Conclusion
The TL;DR of all of this? Collaboration. Go back to that rowboat. If someone looks sideways instead of focusing on the primary objective, it upsets the boat enough to lose a tenth of a second. In racing, and for your customers, that matters.
Related Articles:
How AI Changes End-User Experience Optimization and Can Reinvent IT
Published: 11/15/2024
6 Top Benefits of Managed Cloud Security
Published: 11/14/2024
Non-Human Identity Management Program: Guide Step-by-Step
Published: 11/14/2024
What Do the New NIST Password Guidelines Mean for Cloud Security?
Published: 11/13/2024