Keeping IT Ops and Security Teams Close Despite Physical Distance

6.10.2020 | Jacob McClean, CIO at Tanium

Efficient and effective collaboration across IT operations and cybersecurity teams remains an ever-present challenge for technology leaders. The silos that so commonly develop around and within these groups result from a variety of factors, with tool proliferation, strategic alignment, culture and many other factors contributing to the problem.

Adding fuel to the fire, the recent and sudden emergence of broad remote work arrangements for vast numbers of technology workers has served to exacerbate and highlight the weaknesses which result from excessively siloed teams.

Success in silo-busting and enabling teams to work better together isn’t likely to result from a single bullet. Given the need for a comprehensive approach, a technology leader may consider unpacking questions which touch on cultural, technological and logistical constraints. For example:

Do my IT operations and cybersecurity teams share a common set of goals?

If security and operations teams lack common goals, they’re going to be less inclined to bridge pre-existing gaps in communication which may have been widened by physical distancing. While it is inevitable that some goals will be team-specific and linked to unique projects or strategic initiatives, success is often also gauged by the continual measurement of broad KPIs – and we can use these to our advantage.

Consider this all-too-common scenario:

KPIs exist for Vulnerability Management and are owned exclusively by the cybersecurity team. Cybersecurity analysts use one (or more) scanning tools which examine corporate networks, test for vulnerabilities and produce some form of actionable report.

In some instances, the cybersecurity team may examine the report for outliers, attempt to qualify and contextualize the situation, and then open tickets for IT operations to address via software and operating system patches. Or worse, and far too often: the report is simply “thrown over the wall” to an IT operations team for presumed analysis and action.

In either case, this is where things begin to break down.

If the IT operations team doesn’t share the KPIs associated with Vulnerability Management or if patching SLAs (if they even exist) don’t align with Vulnerability Management targets, IT will be less inclined to prioritize these requests versus other organizational goals with clear priorities. The result? Frustrated cybersecurity teams who believe IT is incapable or unwilling to do the right thing and frustrated IT teams who think the cybersecurity team carelessly dumps work in their laps without regard for existing priorities.

Unfortunately, the breakdown often doesn’t stop there. When the IT team takes action, are they executing a patching cycle from one or more isolated point solutions which don’t communicate or integrate with the scanning tool leveraged by the cybersecurity team? Inevitably, such situations lead to gaps in patch coverage, weak performance against KPIs and yet more frustration across these teams. And of course, adding extensive work-from-home arrangements into the mix, we’ve lost our ability to haul everyone into a room and hash things out – especially in organizations where collaboration tools aren’t consistently deployed or workplace culture minimizes the way in which such tools can be used.

Thankfully, solutions for scenarios like these aren’t complicated.

First and foremost, IT operations and cybersecurity teams should always share KPIs related to Vulnerability Management, backed up by clear and persistent communication from leadership on roles and responsibilities, as well as the prioritization and importance of these KPIs. As with any strategic initiative, impressing the “why” is often more important than the “what.”

To minimize operational frustration and eliminate information gaps, organizations should employ platform technologies that consolidate security and operations workflows across multiple teams, or at a bare minimum, ensure disparate point solutions are tightly and consistently integrated. There’s a bonus hidden here, as well: driving IT operations and cybersecurity teams to a unified set of tools and a shared source of truth enhances collaboration, operational efficiency and significantly reduces cultural friction due to differing perspectives on the state of enterprise architecture. Implemented correctly, unified tools create unified teams!

Register for the Expert Series webinar “Winning the Tug of War Between IT Ops and Security” with guest speaker Andrew “The Enabler” Hewitt from Forrester Consulting as he discusses the consequences of the friction between IT ops and security and the importance of aligning teams.

Interested in seeing Tanium in action? Schedule a one-to-one demo or talk to our Tanium experts at our upcoming events.