Making security the Yes team

Most organizations have had to accelerate their digital transformation strategies in the wake of COVID-19. Some in order to take advantage of emerging opportunities, and others as a survival strategy. For many companies, the need to allow most of their employees to work from home meant that priorities had to be reshuffled and new strategies devised.

For security teams, this has required re-examining the way they approach the task of keeping the organization, its people and infrastructure safe from the myriad of threats they face every day.

It’s no secret that cybercriminals are often better funded and, due to their singular focus, are often more skilled than security teams who have a broader scope and have to be able to defend against multiple attack vectors. The number of attacks is increasing on an almost daily basis and with more people working remotely, the strategies that security teams need to employ have to change.

In the past, IT security has been something of a closed group. While other parts of an organization would create their application strategy, at some point they would have to include the security team. Their task was to ensure that whatever plans were being made, they complied with the security policies that had been established. The reputation of the security team as the ‘No team’ emerged because of their mandate to ensure compliance with the policies created to protect the organization and its data.

In recent times we’ve seen a change in the way applications are developed, and security policies enforced. Instead of security being seen as a compliance check before an application is deployed, it’s become a more integral part of the application development process.

This has created a more open approach to IT security, with DevOps and Agile approaches to application development more inclusive, allowing development teams to adopt secure by design approaches. Security needs to be part of the design from day one, not simply bolted on at the end of the process.

By including security as a part of the development process, the long-established walls between the different teams are being broken down, moving security from being the ‘No Team’ to being the ‘Yes Team’.

Cooperation is critical for this approach, as each part of every team needs to work closely together to ensure that all bases are covered.

At the same time, the realities of a workforce that is operating in ways that were not envisaged even a year ago has resulted in security teams having to find ways to extend the scope of their coverage. While perimeter security was considered sufficient just a few years ago, today enterprise security has to cover infrastructure that is not only located on-premises, but also almost anywhere else. Embracing managed security services and cloud security allows them to support users anywhere, anytime with having to invest in new skills and systems.

The continued evolution of security means that they are able to take a more active role in determining the path of digital transformation and engaging in how security can help accelerate business performance.

Read our latest insights in the 2020 Global Threat Intelligence Report.