Charles Leaver – Environments That Are Not Managed Correctly Will Not Be Secure And Vice Versa

Written by Charles Leaver Ziften CEO

 

If your business computing environment is not effectively managed there is no way that it can be completely protected. And you cannot efficiently manage those complicated enterprise systems unless there’s a strong feeling that they are safe and secure.

Some may call this a chicken-and-egg circumstance, where you do not know where to start. Should you start with security? Or should you start with system management? That is the incorrect approach. Think of this instead like Reese’s Peanut Butter Cups: It’s not chocolate initially. It’s not peanut butter first. Instead, both are blended together – and treated as a single delicious treat.

Many organizations, I would argue too many companies, are structured with an IT management department reporting to a CIO, and with a security management group reporting to a CISO. The CIO group and the CISO team do not know each other, talk to each other just when definitely essential, have distinct budget plans, definitely have separate concerns, read various reports, and utilize different management platforms. On an everyday basis, what constitutes a job, a problem or an alert for one team flies entirely under the other team’s radar.

That’s bad, because both the IT and security teams must make assumptions. The IT team thinks that all assets are secure, unless somebody notifies them otherwise. For example, they assume that devices and applications have actually not been compromised, users have not escalated their privileges, and so-on. Likewise, the security group presumes that the servers, desktops, and mobiles are working correctly, operating systems and apps fully updated, patches have been used, etc

Given that the CIO and CISO teams aren’t speaking with each other, do not understand each others’ functions and goals, and aren’t using the very same tools, those assumptions may not be right.

And again, you can’t have a safe and secure environment unless that environment is appropriately managed – and you cannot manage that environment unless it’s protected. Or to put it another way: An unsecure environment makes anything you perform in the IT organization suspect and unimportant, and means that you cannot know whether the details you are seeing are appropriate or controlled. It may all be fake news.

How to Bridge the IT / Security Gap

Ways to bridge that gap? It sounds easy however it can be difficult: Guarantee that there is an umbrella covering both the IT and security groups. Both IT and security report to the exact same individual or structure someplace. It might be the CIO, it might be the CFO, it might be the CEO. For the sake of argument here, let’s state it’s the CFO.

If the company doesn’t have a safe and secure environment, and there’s a breach, the worth of the brand and the business can be reduced to absolutely nothing. Similarly, if the users, devices, infrastructure, application, and data aren’t managed well, the company cannot work effectively, and the value drops. As we’ve discussed, if it’s not properly managed, it cannot be secured, and if it’s not protected, it cannot be well managed.

The fiduciary obligation of senior executives (like the CFO) is to safeguard the worth of business assets, which implies making certain IT and security talk to each other, comprehend each other’s concerns, and if possible, can see the very same reports and data – filtered and shown to be significant to their specific areas of duty.

That’s the thinking that we adopted with the development of our Zenith platform. It’s not a security management tool with IT abilities, and it’s not an IT management tool with security abilities. No, it’s a Peanut Butter Cup, designed equally around chocolate and peanut butter. To be less confectionery, Zenith is an umbrella that gives IT teams exactly what they require to do their jobs, and provides security teams exactly what they need too – without coverage gaps that might weaken presumptions about the state of enterprise security and IT management.

We have to ensure that our organization’s IT infrastructure is built on a safe and secure structure – and also that our security is executed on a well managed base of hardware, infrastructure, software and users. We cannot run at peak efficiency, and with full fiduciary obligation, otherwise.