Chuck Leaver – If You Can’t Manage It Then You Can’t Secure It And The Reverse Is True

Written by Chuck Leaver Ziften CEO

 

If your business computing environment is not effectively managed there is no chance that it can be totally safe and secure. And you cannot efficiently manage those complicated enterprise systems unless there’s a good sense that they are secure.

Some may call this a chicken-and-egg circumstance, where you do not know where to begin. Should you begin with security? Or should you begin with the management of your system? That’s the wrong technique. Think about this instead like Reese’s Peanut Butter Cups: It’s not chocolate initially. It’s not peanut butter first. Rather, both are mixed together – and treated as a single scrumptious treat.

Lots of companies, I would argue a lot of companies, are structured with an IT management department reporting to a CIO, and with a security management team reporting to a CISO. The CIO team and the CISO team do not know each other, speak with each other just when definitely required, have unique budgets, certainly have different priorities, read different reports, and use various management platforms. On a day-to-day basis, what makes up a task, a concern or an alert for one group flies completely under the other group’s radar.

That’s not good, because both the IT and security teams need to make presumptions. The IT team thinks that everything is protected, unless someone tells them otherwise. For instance, they assume that devices and applications have not been compromised, users have actually not escalated their privileges, etc. Likewise, the security group assumes that the servers, desktops, and mobiles are working properly, operating systems and apps fully updated, patches have been used, and so on

Because the CIO and CISO groups aren’t talking to each other, don’t comprehend each others’ roles and concerns, and aren’t utilizing the same tools, those presumptions may not be appropriate.

And once again, you cannot have a safe and secure environment unless that environment is effectively managed – and you cannot manage that environment unless it’s safe and secure. Or putting it another way: An environment that is not secure makes anything you perform in the IT organization suspect and irrelevant, and suggests that you can’t know whether the details you are seeing are right or controlled. It might all be phony news.

Bridging the IT / Security gap

How to bridge that space? It sounds simple but it can be difficult: Ensure that there is an umbrella covering both the IT and security groups. Both IT and security report to the very same individual or organization someplace. It might be the CIO, it might be the CFO, it might be the CEO. For the sake of argument here, let’s state it’s the CFO.

If the company does not have a secure environment, and there’s a breach, the worth of the brand name and the business can be lowered to zero. Similarly, if the users, devices, infrastructure, application, and data aren’t well-managed, the business cannot work successfully, and the value drops. As we’ve gone over, if it’s not properly managed, it cannot be secured, and if it’s not secure, it can’t be well handled.

The fiduciary responsibility of senior executives (like the CFO) is to protect the value of business assets, and that means ensuring IT and security speak with each other, comprehend each other’s goals, and if possible, can see the exact same reports and data – filtered and shown to be significant to their specific areas of obligation.

That’s the thought process that we adopted with the creation of our Zenith platform. It’s not a security management tool with IT abilities, and it’s not an IT management tool with security abilities. No, it’s a Peanut Butter Cup, developed equally around chocolate and peanut butter. To be less confectionery, Zenith is an umbrella that provides IT teams exactly what they require to do their jobs, and gives security teams exactly what they require also – without coverage spaces that could undermine assumptions about the state of enterprise security and IT management.

We have to guarantee that our company’s IT infrastructure is created on a safe and secure foundation – and that our security is carried out on a well managed base of hardware, infrastructure, software and users. We cannot operate at peak efficiency, and with complete fiduciary duty, otherwise.

 

~leaverchuck1


No Responses Yet to “Chuck Leaver – If You Can’t Manage It Then You Can’t Secure It And The Reverse Is True”

Leave a Reply