Digital Transformation
cancel
Showing results for 
Search instead for 
Did you mean: 

Are turf wars wasting your money and jeopardizing enterprise security?

HPE-SW-Guest

HP20140317152-city.jpgBy Gerben Verstraete

 

Gerben Verstraete works in the CTO office of HP Software Professional Services, focusing on BSM and the transformation of IT operations.

 

Cyber attacks have shifted from denial of service events to the theft of corporate data and intellectual property. This means that organizations need to move from traditional, non-dynamic policy-based frameworks to actively finding threats and protecting their data. To achieve this in the most cost-effective way, security and IT operations
 need to overcome turf wars and share information and processes. One of my customers, a financial institution, has been struggling to clear this organizational hurdle. Only a top-down mandate for the departments to collaborate has enabled them to move toward converged security.

                                                                                                                                                                 

Take the area of IT configuration management. This Ops-owned discipline tracks software and infrastructure across the network. If security can leverage Ops’s configuration management systems, it can better protect the enterprise, because now it’s able to answer questions like:

 

  • How do my components and applications connect?
  • How do I prioritize security events against business impact and exposure?
  • What’s the security risk profile of my service?

 

I've written previously about the advantages of converged security. As much as an enterprise may recognize those advantages, though, the problem is you're still dealing with two totally different authorities: Security and Operations. And often when it comes to transforming culture and changing the way people work, people just don't want to share. So making converged security a reality really becomes a Management of Organizational Change issue.

                                                                                    

Want to discover how converged security can better protect your enterprise? Come talk to our HP Software Professional Services experts at HP Protect.

 

Dealing with a chain of silos

Security has traditionally been a silo within organizations, running their own operations and incident management process and setting policies, which are quickly forgotten by other departments, especially during the application development lifecycle.

 

At our financial institution, people who worked in IT operations and the security operations center (SOC) tried to hold onto their traditional strongholds. They didn't like it when people outside their departments started nosing into their areas. There was also a lack of understanding. Each group felt that what it needed was slightly different but the reality was, the required information sources were similar.

 

The financial institution’s SOC didn't participate in the change management process. They were reactive, responding to events, while the CISO set policies that didn’t get engrained into the organization. It is part of many organizations’ culture where IT views security as a necessity, but also as red tape.

 

Developers just wanted to release applications. They viewed having to scan code during development as overhead that would slow them down. But embedding security in the agile development process can catch vulnerabilities early on, when they're much less costly to fix.

 

Driving change from the CISO/CIO

It usually takes a message from the CISO or the CIO to convince security and IT ops to share those practices, rather than each group building its own solution. The banking customer issued a top-down directive that effectively stated, “We will make sure that things will be secure, and therefore, we will leverage what we already have, rather than put additional resources to do the same thing in another side of our organization.”

 

The larger the organization, the more silos there are, the more politics there are, and the bigger the need to drive a formal awareness program

 

To learn more about how converged security can benefit your enterprise, come talk to our HP Software Professional Services experts at HP Protect.

                                                                                                                                                                                

Gerben Verstraete works in the CTO Office with HP Software Professional Services, a role which includes defining implementation strategies for global Fortune 500 customers. Mr. Verstraete is also responsible for the go-to-market services strategies for HP’s Software services & solution portfolio inclusive of Data Center Transformation and in particular the transformation of IT Operations. He regularly leads critical client engagements acting in CIO and VP/IT strategic advisory roles.

 

Related links:

0 Kudos
About the Author

HPE-SW-Guest

This account is for guest bloggers. The blog post will identify the blogger.

Labels
Events
28-30 November
Madrid, Spain
Discover 2017 Madrid
Join us for Hewlett Packard Enterprise Discover 2017 Madrid, taking place 28-30 November at the Feria de Madrid Convention Center
Read more
HPE at Worldwide IT Conferences and Events -  2017
Learn about IT conferences and events  where Hewlett Packard Enterprise has a presence
Read more
View all