This past year there has been a breakthrough in the transition to the digital world. It has certainly been a time of many changes and there have often been tensions between different departments. In that sense, it has never been more important that diverse digital technology leaders like CIOs, CISOs, and more work together as they plan for the future of their companies. Here we are going to explain how to improve the relationship between security and IT so that they work in unison in the same direction.
Relationships between IT and corporate security departments are often complicated. Next, we will explain why friction occurs between these groups. Next, we will provide solutions to improve the relationship between security and IT.
The causes of tensions between security and IT
For too long, in too many companies, IT and security have seen themselves as two different disciplines with fundamentally opposite missions that have found it necessary to work together.
Thus, in organizations where this tension exists, it is due to the conflict generated between the CIO ( Chief Information Officer ) and the CISO ( Chief Information Security Officer) . The problems on the one hand come from the CIO’s focus on the delivery and availability of digital services to obtain a competitive advantage and customer satisfaction. On the other hand, the conflict of interest comes when the CISO is dedicated to finding security and privacy risks in those same services.
When it comes to security and IT (Information Technology), IT professionals tend to think of security teams as the ‘no’ department . On the other hand, security professionals believe that IT teams always put speed before security . Now we are going to see what we can do to reduce these frictions so that everyone works in the same direction.
Shift to a partner culture
The first step should be a change of mind, abandoning the culture of division. Thus, the security and IT functions must stop treating each other as “the others” and begin to think that both teams are partners who must work together for the good of the company. The goal is that when one succeeds, both end up standing out. While it is also important to develop and deploy applications quickly, IT needs security because you have to make sure they are protected. In that sense, CIOs and CISOs must decide that their departments work together rather than in teams that operate separately.
Collaboration and communication from the early stages
If everyone works together from the beginning, the relationship between security and IT can be much better. Thus, in the ideas stages of the application, design and revision of the architecture, by all working together, conflicts will be avoided later on.
The advantage you get when IT and security work together from the start is that they collaborate to integrate security into everything. Thus, with the work of both, vulnerabilities and threats are avoided when launching an application. In addition, it also prevents the security department from ending up saying “no” and starting arguments for not having planned things together from the beginning.
The different organization charts that we can have
A common thing widespread in the business sector is that, having both the CIO and the CISO reporting to the CEO, automatically encourages collaboration and reduces conflicts. Sometimes this may be true, but every business is different and there is no one-size-fits-all solution.
A PwC report found that now 40% of CISOs reported to a CEO, while 24% reported to the CIO and the other 27% reported directly to the board. In that sense, it is okay for the reporting structure to vary by company size and industry. If a particular CIO establishes himself as a strategic business leader who truly understands the crucial role of security in risk management, the CISO reporting to the CIO can be a valid solution.
Lastly, the relationship between security and IT is sometimes complicated due to the relationship between different departments. However, they must find a way to work together on projects from the beginning to avoid problems later.