Contrary to popular belief, security and IT operations have more in common than they think when it comes to business objectives – differences usually arise when it comes to strategic processes. This article highlights those commonalities and explores avenues for collaboration between these two teams.
Table of contents
Conflict Where There Should Be Accord
For years, security and operations teams have coexisted in unhealthy environments. At times overlapping objectives with strategically different processes have created unnecessary friction between two teams that should be working together in lockstep.
This friction led many IT ops and security teams to purchase overlapping point solutions that do not integrate or share information, establish misaligned processes riddled with inefficiencies, and engage in unproductive interactions. This misalignment ultimately hurts the business through increased spending and duplicated work, visibility and accountability gaps between teams, and reduced business agility and resilience.
Both the IT ops and security organizations operate as secondary business functions, meaning they are oftentimes seen as cost centres and not revenue-generating business units, and neither is safe from budget cuts or efforts to optimize business operations. Years of operating in silos have resulted in the polar opposite of their charters: Businesses are no more secure today than at any time in the past and service disruptions still cause significant impact to core business operations.
Winning the Constant Tug of War
It doesn’t have to be this way: Security and Operations have more in common than meets the eye and according to Gartner, “By 2022, 30% of network operations and security operations teams will have aligned security and performance goals and incentives, up from 1% in 2019.” At a foundational layer, both teams share a need for accurate and comprehensive enterprise visibility, with accurate and comprehensive data, no matter the type. If a team’s view of an environment is based on incomplete or inaccurate information, then any process, be it operations or security falls victim to this gap in visibility and becomes fundamentally flawed.
IT processes are rarely run in a silo but disparate systems not only slow down these processes by an average of 2 weeks but also lead to gaps in accountability and finger-pointing between the two teams. Think of the common scenario of vulnerability management, for example, where IT ops and security teams operate with different bespoke and outdated datasets. On the one hand, security teams want everything patched quickly to be compliant, yet on the other hand, IT operations teams are more interested in stability and not making any changes that might impact them, such as ticketing and the service desk. Inevitably, the teams will be arguing back and forth about whose data is more accurate and whose task takes priority, with the operations team having to prove that they have recently remediated a set of vulnerabilities. If the organization’s security and operations teams each had the same, accurate view of the data, the process would be smoother, there would be less friction, the teams could focus on the task at hand and ultimately, the organization would save resources and manpower.
Computing resources, such as CPU, Memory and IO, are finite, and security and operations teams often disagree over how these resources should be allocated. Every time a new point solution promising a “lightweight” agent is purchased, the deployment, management and resource tug of war begin, even though both teams’ priorities should be the same: Maximizing operation and security efficiency by minimizing agent bloat and maximizing shared resources.
Unifying Teams with a Common Toolset
Rather than accumulating a myriad of point solutions, both teams should look to leverage enterprise platforms to the greatest extent. Tanium’s Unified Endpoint Management and Security solution closes the gaps between IT ops and security teams and provides a common and comprehensive view of the IT environment. Additionally, by eliminating the need for point solutions, organizations can reduce their infrastructure costs and reduce the complexity of the IT environment.
Tanium customers who have adopted our unified solution experience a significant reduction in complexity within their teams and improvements in device performance as, in some cases, a single platform can replace over 30 different point solutions. Upon deployment of Tanium, a number of customers determined that around 20% of their assets were “unmanaged” – something they are now able to remediate with the help of Tanium, resulting in a reduction of malware outbreaks and an increase in overall compliance. Additionally, organizations who used a multitude of tools to patch vulnerabilities would previously need up to or even more than 48 hours to deploy the patches to their endpoints. With Tanium, our customers consistently see a 95% patch rate of machines within one hour, regardless of the size of the environment.
With a platform approach, organizations see the big IT picture across their networks, including remote end-user, cloud, and server endpoints in real-time. A unified platform will also serve as the administrative console for both security and IT operations and can swiftly solve common issues and remediate disruptions in hours for cloud and on-premises assets.
Getting Teams to March In Lockstep
When each organization has established processes for daily functions, friction points are created when these processes overlap and teams disagree on the data, fixes, timelines, ownership and accountability. Generally, the overlap is good as it allows for strong collaboration but the question becomes how security and operations teams can maximize the overlap and collaboration while minimizing unhealthy friction and disagreement.
Aside from operating with a common tool that provides shared visibility across the environment, both teams should establish playbooks for various scenarios that require close collaboration, such as actions to take and responsibilities in case of an organization-wide outage, a breach or other crisis that disrupt business operations and processes. These playbooks should be agreed upon before the scenario occurs to establish expectations and determine each team’s responsibilities and accountability.
The marching order is clear but how do you start the process of closing the IT gaps and getting the team to march in lockstep? Use a phased approach:
- Coordinate performance goals and objectives
- Adopt a shared toolset that creates a common data set
- Align processes and develop shared playbooks
- Create a team with shared skills sets
The goal should not be to eliminate friction. Friction can and should be healthy, but adopting a unified approach to endpoint management and security with a common toolset for IT ops and security teams will close the gaps in visibility, accountability and resilience, and empower the teams and the organization to perform at their highest level. An end result is a unified approach, achieved through strong collaboration, proper IT hygiene and a common toolset and view of the source data.