Will Enterprise IT Security Ever Converge?

Will the current state of enterprise IT security every converge? And if it does, should it?

The funding, direction and delivery of enterprise IT security is currently split between different departments. And, what's interesting to note is that this splitting of the IT security function is expressly established by design among most enterprises.

The three primary organizational buckets from which enterprise IT security is delivered at most enterprises include:

  • The IT operations department
  • Business units and operations
  • The IT security group

The extent of the divisions among these three very different stakeholder groups is reinforced by separate budgets that fund and operate enterprise IT security.

Although there is not total harmonization across enterprises, the responsibilities for IT security tend to follow predictable lines of focus across most enterprises.

These lines of focus tend to include:

IT operations. A relatively larger IT operations department typically focused on IT service management for maintaining computing and networking infrastructure. The focus in IT operations tends to be on highly available business operations are operating 7x24x365 and operate uninterrupted and unimpeded.

Business units. Business units and operations tend to focus on the users of IT services, applications, information and data required to service the needs of customers and operate the business.

IT security. A typically smaller IT security group is focused on some - but not all - of the information security process workflows described by the NIST cybersecurity framework. Instead the smaller IT security group tends to focus on the integrity of IT assets - including the infrastructure, applications and data - and the confidentiality of high-value, non-public information.

The different foci of the three - in truth it is more than three due to multiple enterprise business units funding and shaping IT security - results in a fragmentation of a small IT security function that is whipped-sawed back-and-forth between IT operations and the business lines.

The fragmentation sees funding, responsibility, accountability, planning and day-to-day operations spread across groups with different agendas, different objectives, and very different yardsticks defining "good."

The multiple business units and operations typical of large global enterprises makes management and governance of IT security from a single reference nearly difficult if not impossible.

One of the keys harmonizing the different stakeholder groups and budget centers is intelligence that delivers insights for each of the security stakeholder groups to achieve their objectives.

Unfortunately very little of this harmonization occurs today, nor is it automated today, and most of it occurs by happenstance and forced effort.

Will enterprise IT security ever converge, and should it?

Featured Research

2018 Cyber Security Spend Report

The 2018 Cyber Security Spend Report focuses on global spend today through the coming five years. Did you know that global spend on cyber security is: More than $103 billion today Will exceed $130 billion by or before 2022 Today’s top two spend categories account for almost 50 percent of spend by enterprises today. The

Innovative Digital Business Models

Is your company making money using some of the innovative digital business models of the future, today? If not, it is important to understand what some of the new digital business models are, what they are best used for, who should consider using them, why they are important, and when they should be used. Not