Robert Wortmann, Head of Strategic Security Consulting, Proact Germany
As digital services become enterprise necessities, the attack surface that IT must defend is ever-widening. The IT department plays a pivotal role in shaping the organisation’s response to emerging threats, building awareness of risks and responsibilities, and enabling a safe environment for doing business.
No matter how great your IT team is, it can be hard to consistently deliver the IT services your organisation needs.
Broadening the security perspective
The challenge that many IT departments often have when it comes to security isn’t knowledge or technology, but actually having the resource to implement their security plans on a company-wide scale. They know the common attack vectors across their IT estate and their existing security software picks up the most obvious threats (such as malware). However, the team simply doesn’t have the time or numbers to provide ‘big company’ security.
Many lack a complete picture of security practices across the company; how different departments use applications, what shadow IT exists, and the habits staff have that can influence data protection. This lack of visibility limits IT’s capacity to take preventative action should unanticipated threats emerge.
To lead a more unified approach towards security, IT needs a broad understanding of the organisation’s security baseline. This includes where their company stands in terms of security understanding and preparedness, how they should be measuring security performance, and what level of budget is required to raise security to the necessary levels.
For example, let’s say the marketing department has had longstanding issues with managing data storage. With growing international collaboration, they have requested IT’s assistance to build a scalable cloud storage solution. While there are now effective data management solutions, the IT manager has great concerns about how to securely deliver storage in the cloud. How can an IT manager fulfil this request without specific security knowledge?
In such cases, we work with our partner NetApp to ensure that customers are able to integrate new data management capabilities without sacrificing security. We combine NetApp’s industry-leading cloud first data storage and management products with our vast experience in security and managed services. Together we align the objectives and expectations of IT and different departments for the benefit of the entire organisation.
How mature is your business?
Security is a round-the-clock business, so no matter how much of a handle your team has on the threat landscape, the rest of the business must be on the same page. This is why we recommend conducting a security maturity assessment to get an accurate read on the state of your organisation’s security.
A security maturity assessment brings together different people from across the business to assess their current approach. These assessments create measurable goals and identify any gaps that must be resolved. As a managed service provider, we regularly conduct these workshops with customers of varying sizes and security experience. From the assessment, we provide an in-depth report on the discussions that took place. We analyse the security practices of different departments and provide recommendations on what they should do next. For instance, we may advise on creating security standards for suppliers or help outline a processes for staff departures to reduce the risk of data theft.
We usually find that the assessment not only helps to give IT a broader view on what’s happening across the organisation, but also helps other departments to gain better awareness as to why IT is relevant to their role. It helps them see IT security in a wider business context and, most importantly, realise they are in charge of IT security for their own department. They need to take responsibility for enforcing safe practices.
Securing superhero status
For IT to become the business’ security superhero, you need to bring the business together and help lead the transition towards a more inclusive, organisation-wide security approach. This involves raising awareness of the threats that exist and showing that IT security is more than just about technology, but also about culture and behaviour.
A security maturity assessment can help you change the wider organisation’s view of IT and lays the groundwork for greater alignment. It helps every department to understand the importance of maintaining safe data practices, and gives each a share in the responsibility for keeping the business secure.
Brought to you in partnership with