Gartner offers a tip on internet security
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!
August 22, 2017
Market research firm Gartner warns that getting rid of your internet security team may not be a crazy idea after all, since plenty of other people in your organization probably overlap services with their current responsibilities.
Of course, some may not agree with this assesment, but it's an idea that was thrown out last week, advanced by Gartner analyst research fellow Tom Scholtz, who has raised it as a deliberately provocative gesture to get people really thinking about how to best secure their corporate networks.
Scholtz's initial concept is that when various firms perceive more risk, they create a dedicated team to address it. That team has a tendency to grow as the scope of risk increases. With business quickly expanding their online activities, that means a lot more risk and more people in the central team, which might do the job but also reminded Scholtz that big teams are seldom noted for efficiency.
Scholtz also asserts that plenty of companies see centralized security as roadblocks. “I met one chief security officer who said that his team is known as the business prevention department,” Scholtz told Gartner today.
He therefore looked at how internet security teams might become less obstructive and hit on the concept of pushing responsibility for security into other teams. One area where this could work is endpoint security, a field in which many organisations have dedicated and skilled teams to tend desktops.
Data security is another area ripe for potential devolution, as Scholtz said that various security teams often have responsibilities to determine the value of data and how it can be used, as do the teams that use that data.
Yet both teams exist in their own silo and duplicate elements of each other's work. Giving the job to one team could therefore be useful, he explained.
Scholtz also pointed out that security teams' natural proclivities mean they are often not the best educators inside a specific business, yet other teams are dedicated to the same task and therefore could be excellent candidates for the job of explaining how to control the risks.
Scholtz's research also led him to believe that various organizations will still need central security teams, but that devolution is unlikely to hurt if done well, however. He said he's met CIOs who are already making the idea happen, by always looking for other organisations to take responsibility for tasks they don't think belong in a central technology office.
Making the move will also require a culture that sees people willing to learn, fast, and take on new responsibilities. Organizations considering such devolution will also need strong cross-team co-ordination structures, plus the ability to understand how to integrate security requirements into an overall security solution.
Even those organisations who ultimately see such devolution as too risky, Scholtz said it can still take something away from the theory, by using it to ensure that business units or team leaders feel accountable for securing their own tools.
Devolving security can also help organizations identify which security functions have been commoditised and are therefore suitable for outsourcing.
Get a powerful Linux Dual-Core dedicated server for less than $2.67 a day!Tweet Share on Twitter.