Driving Towards IT Hygiene | Challenge #3 Fragmented Workflows

12.27.2019 | Osman Javed

Managing enterprise IT environments is becoming more and more complex. In this series, we’ll take a careful look at the challenges that have stemmed from this growing complexity. Furthermore, we will highlight how focusing on fundamental IT Hygiene can help you overcome these challenges. In this third installment of the blog series, we focus on the challenge of broken and fragmented workflows.

Effectively running IT processes is no easy task. It takes a clear understanding of who, what, why, when and how (and sometimes, where). If any one of these is misaligned, things start to break down.

Misalignment is too often the case. What we’ve started to see is workflows breaking down to the point they have catastrophic consequences (e.g., the knowingly unpatched systems that led to WannaCry). Why is this? It’s not for any shortage of data, tools, or processes. Rather, it’s the result of too many.

In addition to creating gaping visibility gaps, a complex ecosystem of tools makes it harder to build workflows that keep the organization safe and running. Managing processes and integrations quickly becomes a herculean effort. Today, we see security and IT operations teams drowning in data and signals, trying to make sense of what to do and when. These teams build competing views of the environment and as a result, struggle to see eye-to-eye.

The cost of broken workflows

Instead of data and workflows easily flowing across teams, in a way that fosters collaboration, we are seeing the opposite. Each team does what it must and then passes their output to the next. A one way street.

One example is vulnerability results. They may never be patched out of fear of disrupting the business, yet the security team isn’t being told. Similarly, unused licenses may stay active because they reduce cost not risk, but IT operations won’t know until annual budgeting.

The cost of these broken workflows is real. For every vulnerability patched in an enterprise, 12 days are lost to coordinate activities across teams1. As friction in workflows builds, the likelihood of them being completed quickly dwindles.

Additionally, the absence of a coherent, cross-organization workflows creates adversarial relationships between units. A recent study by Forrester Consulting found 67 percent of businesses felt driving collaboration between security and IT operation teams is a major challenge, which not only hampers team relationships, but also leaves organizations open to risk.

So how can your organization build stronger workflows across the IT organization?

  • Identify dependencies: Identify the interdependencies between teams. What are the necessary inputs and expected outputs from each stage of a process?
  • Be honest about data quality: Assign confidence values to results so teams working with the results can make any necessary adjustments.
  • Be agile and communicate frequently: Refrain from throwing results over the wall. Accelerate feedback loops and take a more iterative approach to exchange data and feedback with other teams.
  • Mutual accountability: Find opportunities to build mutual accountability between teams. Examples include mutual SLAs between teams or shared SLAs to the business.

Last but not least, more is not always better. Keep it simple. Unify your tools and data.

Workflows become easier to coordinate and more impactful when teams are aligned around a common set of data and controls. With a truly unified endpoint management and security platform, teams can easily collaborate, share insights, and work toward better IT Hygiene.

Watch for the next installment of the Tanium IT Hygiene blog series. In the meantime, learn more about how Tanium can help your organization drive improved IT Hygiene here:

Interested in seeing Tanium in action? Schedule a one-to-one demo or attend our weekly webinar. Talk to our Tanium experts at our upcoming events.

1Source: Costs and Consequences of Gaps in Vulnerability Response, a report sponsored by ServiceNow, independently conducted by Ponemon Institute LLC.