Let’s face it. Information technology, to most, is as opaque as Karl the Fog on a summer morning. Most people have no clue what an IT department does. They imagine faceless geeks in some faraway place waiting for the phone to ring so they can say no.
This is far from an image of a caped crusader protecting the company from the unseen danger lurking behind every screen — the image we should be projecting in this age of unprecedented computer threat.
It’s a wonder that so many businesses successfully stave off cyber-intrusions while company leaders remain clueless what the “IT guys” really do. In many companies, they’re more likely to view IT as a support function than as a strategic asset.
And can you blame them?
IT is notorious for huddling on an island separated from the strategic brain-trust of the organization. The geek squad swoops in to fix problems and returns to the island not to be seen until the next system-wide upgrade.
Tucked in the center of the island — as far into the abyss as you can get — is the cybersecurity team. I’ll bet you this: Not even a mother of a cybersecurity professional can describe the nature of her daughter’s work, or how vital it is. It’s an opaque industry by nature. As a result, it’s not uncommon for CEOs to hold misconceptions about cybersecurity — some might think it exists merely for compliance reasons.
IT is too vital to remain isolated. If you’re on an IT island, find a map and get back to solid land.
Companies starting to recognize the importance of IT security
There is good news. Views are shifting about computer security and IT. From banking to baking, companies of all types are becoming more reliant on technology and IT infrastructure. Executives recognize this. They also look up from their desks to see employees tethered to company phones and laptops, and they do the math: the rise of cloud and mobile computing exponentially increases security risk. Better invite IT to the next strategic retreat, the executive thinks.
As an industry, we have a long way to go before CEOs recognize our real potential: to give the company a competitive advantage. To get there, we need Windex and a new script.
IT departments need to Windex the glass walls separating them from finance, human resources and the rest of the business operation. In an age of cyber-threat, all departments need open channels to key IT staff. Cybersecurity should be a whole chapter, not merely a footnote, in the company’s strategic conversation.
Perhaps, like many, you’re thinking, “My company’s infrastructure is unique. My IT department faces challenges only they can understand.” That might be true, to some extent.
The reality, though, is that companies tend to have much more in common than differences. It’s not about your data infrastructure or processes; it’s a mental shift in how you think about cybersecurity. It’s not about the specifics of your network; it’s a shift from hoarding data to managing data and extracting insights. In that regard, we can all learn from each other.
Most of engineering is moving to the cloud, bringing more need for security by design from day one of development. This will force more transparency across all lines of an organization. With this shift, IT professionals can transform from the team that says no to the team that guides the company forward.
IT also needs to work hand-in-hand with human resources, so that HR can incorporate cybersecurity into new employee training (today every employee is a potential point of attack). IT needs to talk to finance because a CFO determines the security team’s budget. These are just a few examples of many.
Our new cloud-first world changes priorities for computer security teams. Firewalls were once a predominant security concern; that risk shifts, as cloud computing replaces internal networks. Cloud providers are taking on a lot of the perimeter protection responsibilities, and companies need to shift their thinking to focus on data, authorization, and endpoint security. They especially need to pay particular attention to web application security, an area particularly vulnerable to attack due to gaps in the lack of collaboration between the development and IT security teams.
We need to look at computer security through a different lens. Security is evolving. It is getting more proactive, as we spend more time hunting down potential threats and less time building walls. It is getting more pervasive, as threats spread to new domains. At the same time that computer defenses are getting more sophisticated and powerful, they also are becoming exponentially simpler and easier to use.
These are positive developments. To continue this our progress, companies need access to the right data at the right time, which means infrastructure, security — and plenty of Windex.
