Many organizations are still struggling to adjust to flexible work requirements, while maintaining enterprise cybersecurity. One key reason is that CIOs and chief information security officers (CISOs) are not always aligned in how to enable productive, secure work.
Flexible work requirements mean changes for both ITOps and SecOps teams. But in practice, IT and security teams often work separately, without common knowledge, data, goals, priorities, and practices. Both teams may therefore focus on their own separate priorities – which also means data related to information worker productivity and security gets trapped in silos.
“Customers tell us that for the people in IT ops and in security ops, there is alignment in theory, but often only at the C-Level,” says Corinna Fulton, Vice President Solutions Marketing, Ivanti. “It’s not filtering down to their separate organizations in leadership modeling, processes, and so forth. And the CIO and CISO often may not even see this gap.”
This nonalignment at a senior level is creating a disconnect when it comes to employee experience. Ivanti’s 2024 Everywhere Work Report found that 40% of office workers and 49% of IT workers would consider changing jobs to gain more flexibility at work, indicating how important it is – especially for younger workers. Further, just 57% of office workers say they could easily access the same tools if they had to work remotely tomorrow even though over 90% of leaders surveyed believe their remote employees have everything they need to be productive. IT and security leaders clearly have a lot of work ahead to satisfy employees’ and business leaders’ flexible work expectations.
Otherwise, their continued nonalignment is a recipe for frustration, security weaknesses, and sub-optimal productivity. “Ultimately you’re impacting top line revenue,” says Fulton. “Both the CIO and this CISO want that not to happen.”
How CIOs and CISOs can build an effective partnership
To mesh IT and security efforts to enable secure, productive flexible work, these leaders can start with six actions:
- Nail down the real risks associated with flexible work. In light of the organization’s risk appetite, CIOs and CISOs should clarify the level of acceptable risk, how to minimize it, and what mitigation processes can be jointly established. This agreement is the basis for aligning IT and security goals and priorities, says Fulton.
- Establish a common set of concrete standards and metrics. This can be used to weigh risks for flexible work. A basic example is “time to resolution,” from the moment a risk is identified (by SecOps) to when it’s fully resolved (by ITOps). Commonality leads to a coordinated, effective response.
- Inventory the flexible work infrastructure. IT asset management has changed from being a simple inventory to being an enabler of productivity and security, Fulton says. Knowing what you have means you can know potential vulnerabilities and take action to rectify them.
- Unlock data silos. Visibility across key data sources is vital to give IT and security teams access and understanding to a common set of data relevant to employee productivity and security. Launch a phased program to access this much-needed data from isolated silos.
- Create a joint IT-security roadmap. Decide how common goals and priorities will be implemented and when. Then communicate this roadmap across both teams to guide their understanding and ensure everyone is working towards the same goals.
- Think about the impact on staff. Take into account the effect IT and security policies will have on information workers. Coordinating these with the needs and preferences of end users is key to optimizing employee productivity and enterprise security.
The bottom line
CIOs and CISOs can take concrete steps to surmount barriers to productive, secure work by establishing a common strategy and structure that enables their organizations to work together.
Click here to find out more on how to best empower flexible work.