A growing set of essential business processes, involving both security and IT operations teams, has highlighted the need for improved collaboration and automation. These teams often face challenges due to conflicting priorities, cultural differences, and blind spots in their processes. As a result, inefficiencies and IT risks have emerged, sometimes leading to friction between the two teams. However, given their shared responsibilities, it is crucial for them to work together and foster collaboration, utilizing automation to create a common ground.
One of the main causes of friction between security and IT operations teams lies in their respective roles and responsibilities. While security is responsible for establishing policies for risk management and compliance, IT operations teams are tasked with implementing these policies and thus indirectly own policy enforcement. This underscores the importance of collaboration, particularly for complex use cases that span multiple organizational silos and technology stacks.
Secure employee offboarding is a prime example of a critical business process that requires cooperation between IT, security, and HR. This process has been under strain since the COVID-19 pandemic began, as layoffs, increased employee turnover, and remote work policies continue to create challenges. Implementing automation in offboarding processes can help reduce manual overhead, errors, and security gaps, even for companies with established processes in place.
Recent breaches have demonstrated the consequences of inadequate offboarding processes. For example, Block, the owner of the Square payments system, experienced a breach in which a former employee used still-active access credentials to steal data on millions of users. Morgan Stanley also faced a major data breach due to improper decommissioning of data center equipment. These examples highlight the impact broken offboarding processes can have on a company’s bottom line.
Collaboration between IT ops and security is crucial in ensuring that all necessary controls are enforced during employee offboarding. This includes deprovisioning accounts, applications, and access, placing data on legal hold, and preserving data for data retention mandates. Additionally, managing the operational tasks and security aspects related to reclaiming and reassigning assets is becoming increasingly challenging.
IT audit and compliance readiness is another area where collaboration is essential. Conducting accurate and efficient IT audits requires effective asset management, which can be challenging given the highly distributed IT footprints of most companies. For example, security teams may set policies requiring the installation and updating of specific security software on remote laptops, but it is IT ops who must enforce these policies through application deployment and patch management. However, IT ops may have competing priorities, leading to noncompliance and potential security incidents.
The management of growing Software as a Service (SaaS) portfolios presents another challenge. Business units often make quick decisions to invest in SaaS solutions without involvement from IT ops. This decentralized purchasing creates issues such as accurately forecasting renewals, identifying inefficiencies with unused licenses, and finding consolidation opportunities for negotiation leverage and cost savings. Collaboration between IT and security is necessary to identify compliance requirements, data storage considerations, and appropriate policies for the SaaS portfolio.
Effective operations for both IT ops and security teams require a strategic alignment of goals and processes. Once this alignment is established, the teams can work together to co-create and implement automated workflows that serve their long-term objectives. By improving collaboration and leveraging automation, these teams can evolve from operating in separate lanes to achieving a harmonious partnership that benefits the entire enterprise.