A recently commissioned Tech Monitor / Intel survey found that two-thirds (66%) of organisations identified the growing sophistication of cybersecurity threats as their most pressing concern. Meanwhile, nearly half said the frequency of cyberattacks has increased since the start of the Covid-19 pandemic. Just 4% said frequency had lessened.
Consider those results alongside a changing IT management framework. Traditionally, dedicated security teams focused on defending the organisation’s ‘perimeter’, while IT operations managed systems and devices behind the firewall. That perimeter is no more. Core business applications are hosted in the cloud, and workers are connecting to the business from their home networks, often with their own devices.
With this changing landscape in mind, Tech Monitor – in association with Intel vPro – brought senior IT operations professionals together for a specially-convened roundtable discussion.
The integration of security and IT operations is not a given but there are good reasons to consider the model. After all, when every system, device or network connection is a potential entry point for cybercriminals, security checks and protocols ought to be embedded into all IT operations.
For keynote speaker – Jeff Kilford, director of enterprise sales, EMEA , at Intel – there are organisations able to contemplate such a merging of disciplines and there are those who are not ready to do so. The former are likely to have adopted a DevOps approach and a commitment to an Agile methodology for project management. The latter, meanwhile, are still clinging to a federated decision-making structure. Kilford shared his experience of leading Intel’s IT operation through change.
Cultural change doesn’t happen overnight
One of the potential perils of taking an integrated approach is the danger of overreach. If you want to take senior executives with you, you are better off making incremental steps than aiming for moonshots. Or, as one delegate put it, “Before we go to the moon, let’s go to the shops”. Cultural change doesn’t happen overnight.
Warming to the theme of organisational culture, another delegate argued that security and IT operations are not always a seamless fit. While security dealt in future risk, operations dealt with the here and now, he said. Others argued that integration could be made to work and pointed to Spotify as an exemplar of an organisational behavioural model that integrates both horizontally and vertically. It is a model worth mirroring as a result.
The far-reaching discussion touched on the impact of GDPR – introduced in 2018 and, initially, giving organisations permission to take stock of their processes and protection – and subsequent ‘compliance fatigue’. The delegates also discussed the role and character of the security department, described by one (only half-jokingly) as “the department of ‘no’”.
One attendee made the case for “getting the basics right” when it came to cybersecurity, rather than obsessing about the latest attack vector. Another suggested that, when stripped back to its essentials, the role of the security team was simple to define. It was, he said, about “knowing your assets and knowing who is accessing them”.
How to integrate security into IT operations – A Tech Monitor roundtable event in association with Intel VPro – took place on 22 September 2022, at Aquavit, St James’, London. To find out about future Tech Monitor events, visit our events page.
Intel vPro® and 12th Gen Intel® Core™ processors include multilayer security that helps reduce the attack surface of a PC and assists in active monitoring against attacks without bogging down productivity due to lost performance. Intel vPro exclusively features Intel® Hardware Shield, delivering integrated hardware-based PC protections for more secure business productivity including:
- Advanced threat protections – Detection of threats like ransomware and cryptojacking;
- Application and data protections – Preventing attacks from traditional malware against applications, login credentials and data;
- Below-the-OS security – Preventing attacks against firmware & applications via the BIOS.
Learn more about the full functionalities of Intel vPro here.