Three ways to collaborate to improve cybersecurity
The stakes are high in enterprise security. Data breaches can damage your organization’s reputation and result in significant costs (USD 3.86 million for every breach on average according to this Ponemon Cost of a Data Breach study). They can also destroy customer trust. Recent research has found that more than 78 percent of customers would not automatically return to a business following a data breach.[i] In short, data breaches are just bad for business.
You’re likely aware that data breaches impact the whole organization. All enterprise systems are potential cyberattack targets, and the negative impact of a breach can reverberate throughout the business. Whether you’re in security, IT, or operations, data security is your concern.
Collaboration enhances data security
When it comes to enterprise data security, you may find it challenging at times to connect the dots. If you’re in security, you need information about the IT solutions required to secure the data perimeter. If you’re in IT or operations, you need insights from your security counterparts to inform technology development and deployment.
Collaboration can bridge this gap. IT and security groups can work together to ensure that security needs are baked into IT initiatives, and that security issues are optimally addressed by technology. By collaborating closely, your two groups can maximize transparency and make the best security and IT decisions.
Here are three ways security and IT can collaborate to enhance cybersecurity.
1. Consider security needs in technology development
If you’re a security practitioner, you’re plugged into the most urgent and relevant security concerns. You also understand how these concerns impact the enterprise. If you’re an IT practitioner, you’re aware of these issues and that they may impact applications you build. You can incorporate security peers’ insights into your IT projects to ensure your initiatives address all potential data-security risks and mandates.
For example, the recently enacted GDPR standards apply to virtually any personal data gathered by an enterprise that does business with or in the European Union. Before developing a new program that will use or request customer data, you must ensure that the program complies with GDPR mandates. Involve your security peers as early as possible here. Their early insights will help ensure that GDPR compliance is built into the application, not tacked on as an afterthought. A little collaboration at the start can save you a lot of headaches later.
2. Use IT to solve security challenges
The solution for an enterprise data-security challenge is often technology. This creates a natural synergy between security and IT practitioners. If you’re looking to address a data-security concern, one of your first conversations should be with your counterparts in IT. Often they will have the hammer for your nail, or they will be able to build the hammer.
Say you’re a security practitioner and your CISO has informed you that only a small portion of your enterprise data is encrypted. You probably both know, as the Breach Level Index has detailed, that unencrypted data is significantly more likely to be stolen by cybercriminals. Since expanding data encryption will likely require technology, you should then meet with your IT counterparts to discuss a solution. Perhaps they can find a way to devote more computing power to encryption so that a larger percentage of data – or at least the most sensitive data – can be encrypted. Ideally, they will be able to efficiently encrypt all database, application and cloud enterprise data through the mainframe.
When pondering your most vexing security challenges, make a discussion with your IT and operations counterparts a priority. They’ll often have just the tool you need to get the job done.
3. Reframe security conversations
It can be tempting to view security as the naysayer of the business, always warning about what could happen or what should not be done. Such a view may steer some IT practitioners away from engaging with the security team as they should.
Security conversations don’t have to be negative. You and your security counterparts are responsible for making them productive and positive. Discussions should focus less on how security concerns are holding business back, and more on understanding risks and alternatives. For instance, as mentioned earlier, in the age of GDPR security practitioners will likely raise a red flag about any application that collects and uses customer data. This doesn’t mean that the application can’t be developed or even has to be drastically changed. The developer simply needs to make sure that processes for collecting, using and storing this data comply with the mandate. IT and security practitioners should work together before development begins to outline a process that is compliant without compromising user experience.
A final thought: Stay informed
Enterprise security is everyone’s job. Accounting for security in technology development, and the other way around, will create an ongoing positive feedback loop in which security is woven into the enterprise needs and solutions.
If you’re a security practitioner, you’re already living and breathing security, but some time with your IT counterparts can help inform your security strategies. If you’re in IT, consider investing some time in cybersecurity education. You don’t have to become an expert. But you should be plugged in on the latest security issues, from the most recent high-profile data breach to any new data regulations. SecurityIntelligence.com provides news and insights that keep you in the loop on today’s critical data security issues.
Collaboration, supported by a base of security and IT knowledge, will help ensure an engaged team, improving cyber security for your enterprise.