Why security-IT alignment still fails

Many organizations struggle to get IT and security on the same page and stay in synch as their enterprises speed ahead with digital transformation initiatives. Here's how to overcome some of the most common obstacles.

CISO Rob LaMagna-Reiter witnessed what goes wrong when a company’s security and IT leaders aren’t on the same page.

A colleague, a CISO at a software development firm, was working with the CIO to move from a traditional waterfall project management methodology to agile. Both the CISO and CIO supported the change, recognizing the need to deliver software more quickly to meet business goals. But they didn’t agree on when and how security staff should interact with developers, and each pushed to work in ways most comfortable for him and his team. The discord led to longer release cycles and missed sales objectives.

“They weren’t aligned in working toward the organization’s best interest,” says LaMagna-Reiter, CISO at FNTS, a global IT strategy and managed services company.

That IT-security disconnect isn’t an anomaly.

The 2018–2019 Global Information Security Survey from professional services firm EY found that 77 percent of organizations still operate with only limited cybersecurity and resilience.

Meanwhile, global technology group ISACA's 2018 Cybersecurity Culture Report found that 95 percent of the responding 4,815 business and technology professionals say there’s a gap between the organization’s desired and actual culture of cybersecurity.

And IDG’s 2019 State of the CIO survey found that only 64 percent of IT leaders say security strategy is integrated with the overall IT strategy, leaving about one-third of organizations falling short of strong alignment between the technology and security functions.

“Most IT and security organizations don’t function well together. They might work well together, they might be nice to each other, but I don’t think they’re getting very far,” says Mischel Kwon, founder and CEO of MKACyber Inc., a Fairfax, Va., company providing cybersecurity consulting services.

Several security leaders say they see organizations struggling to get IT and security on the same page and stay in synch as their enterprises speed ahead with digital transformation initiatives. They see several major roadblocks to alignment that tend to plague many organizations. Here, they discuss the most common obstacles and offer top strategies on how CIOs and CISOs can work to align their resources and priorities to pursue together the same overall enterprise objectives.

To continue reading this article register now

FREE Download: Get the Spring 2019 digital issue of CSO magazine today!