Convergence isn’t optional: The new mandate for IT and security | Daily Reports Online
At a time when bad actors are weaponizing nearly 50 to 61 percent of newly disclosed vulnerabilities within 48 hours, modern organizations can no longer afford to let IT and security operate independently of one another.
Siloed security processes, which separate the identification, remediation, and reporting of vulnerabilities, create lag time that attackers can easily take advantage of.
Chief Product Officer at NinjaOne.
We know change is already underway. As shared data sets become the norm, skill sets become increasingly aligned, and IT management platforms embrace workstreams that accommodate both IT and security needs, this persistent gap (one that’s long been a barrier to scaling resilience and a gate to operational efficiency) is beginning to close.
The organizations that will win aren’t just the ones finding ways to tactfully merge IT and security operations. They’re the ones rearchitecting workflows that reinforce quick, intelligent action (from detection to remediation) and shared accountability. Let’s take a look at the tools and technologies enabling this shift.
The IT/security re-shuffle
For years, the basic swim lanes have been that security identifies risks while IT remediates them. While there are many variations, generally the functions have evolved with different tooling, different skill sets, different organizational structures, and more.
But that’s brought with it a natural separation of duties and perhaps more importantly, many innate inefficiencies.
Now, with growing complexity and cost pressure around technology, we’re all looking for ways to eliminate these redundancies. As a result, the lines of demarcation are blurring and we’re seeing more IT operations teams embrace roles that were historically held by security.
For example, operations teams are increasingly being tasked with identifying vulnerabilities to speed up patching cycles, rather than waiting on security teams to hand over vulnerability scans on a weekly or monthly basis (leaving too many known vulnerability windows open for bad actors to exploit).
Patching needs to happen alongside real-time risk context
For many people who have been in IT for a while, patch management has been the bane of their existence. While effective patching is one of the most important things we can do to protect our organizations, there are many factors that make it difficult to do so efficiently.
For starters, most patching still happens without real-time risk context. IT teams patch based on periodic scan data, often leaving out critical systems because they don’t have the full picture of which systems are most critical or exposed.
This doesn’t just increase risk – it places a real operational strain on IT. Fixed, schedule-based patching processes force teams to work around predefined timelines, often leaving vulnerabilities exposed longer than necessary. Plus, multiple handoffs and disconnected tools are still slowing down remediation.
Teams waste valuable minutes, or even hours, exporting data and switching between tools when they should be acting instantly from the moment a vulnerability is found.
Automation can help with a lot of this, tightening the loop between vulnerability management (traditionally security’s domain) and patch execution (traditionally ITOps’ domain).
AI-driven features make it easy for IT and security teams to identify the most critical vulnerabilities first, apply updates in the safest order, and verify that they were installed correctly, while maintaining visibility across every step.
As a result, organizations see a dramatic reduction in remediation time, and a significant relief on resources that are already stretched to the max.
The next phase of enterprise resilience
There’s still a lot of room for IT and security to further converge, but it’s important to remember that when we’re talking about better aligning IT and security, we’re not just talking about combining tools or organizational restructuring (though that can certainly play a role in it).
The larger priority here lies in enabling both teams to collaborate more effectively across the board. Not just leveraging greater IT and security alignment to drive improved efficiencies, but also boost business outcomes, reduce exposure, lower potential business disruptions, and increase business agility.
As we look to the future and search for even more ways to close longstanding gaps between IT and security, the end goal is this: how do we replace reactive security postures with continuous, operationalized risk management that scales with organizations?
Especially as the threat landscape increases in both severity and complexity, making that shared vision a reality will require organizations to have a strong security foundation, continuous remediation, and shared accountability between IT and security.
We’ve featured the best encryption software.
This article was produced as part of TechRadar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.
The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here:
