As the new research shows, multiclouds, workloads, and application environments are interrupting the way that security and operations teams need to interact—with new levels of complexity driven by an overall lack of integration between the two, poor communication, nonstandardized systems, accelerated software development lifecycles, and noncollaborative teams and processes. Through interviews with IT/development and security operations team members from the hospitality, finance, manufacturing, and government sectors, researchers uncovered opportunities to improve speed and agility by breaking down silos. Data cited from several other IDC surveys completed independently of SolarWinds’ knowledge and input, supported the findings.
As part of the study, IDC research director, security and trust products, Chris Kissel advised, “Don’t rethink your approach to security. Instead, rethink your approach to IT and the manner in which business application and data services are provided to users. Addressing security without addressing IT produces a suboptimal, kludged, band-aid-riddled mess.”
Key findings included:
- COVID-19: The pandemic has put siloed infrastructures under a microscope and increased the need for integration between operations and security teams, including mutual visibility of systems.
- Communication: Organizations with teams that communicate regularly rise to meet the challenges of multicloud, multidevice, multinetwork, etc.
- Standardization and team collaboration: These two strategies can reduce and contain costs and complexity across IT and security teams.
- Shared concerns: IT and security share discreet concerns, such as risk and workflow that can help align teams.
- Risk: An organization has to be finely attuned to “risk” and manage risk at the right levels.
- Compliance: Companies want to have the ability to “show” compliant practices as much as they want to maintain actual compliance.
- Digital transformation: Network architecture is becoming more and more cloud-based, and endpoint protection platforms have become increasingly important.
IDC interview excerpts support these points. For example, a corporate operational vice president for a leading aerospace company explained, “Some of our security and operational processes are fragmented; COVID-19 is accelerating their integration and automation.” A digital leader at a large insurance company stated, “Our multicloud success requires IT and security teamwork, or we will fail.” And a certified information security manager for a top 20 U.S. financial institution said, “The first thing I look for in a job
applicant is: do they understand risk?”
“We are in an ultra-hybrid world with multi-everything, and in order to successfully navigate this landscape, ITOps, DevOps, and SecOps teams need to more closely align,” concluded SolarWinds vice president of security, Tim Brown. “As this study showed us, the challenges these teams face are across all verticals. We’re all trying to do more and push our IT infrastructure to its limits, and cybersecurity can’t be an afterthought. When we work together, things move more quickly and more efficiently. And we need to simply understand that we share a lot of the same priorities and we’re not as different as we really think.”