When you are in DevOps and IT management, achieving cloud adoption can be a daunting task. Even though the cost savings for adopting cloud solutions are often excellent, getting everyone on board can still be difficult.
One way to get things going in the right direction is to encourage collaboration between your security team and your development team. A study by IDC found that respondents to the study generally agreed that IT security risk was the biggest inhibitor to business innovation, with a large majority of executives letting it be known that their organizations had shied away from one or more business opportunities due to IT security concerns.
While these concerns are certainly important, the study also noted that collaboration and a balance between security concerns and innovation could bring about the opportunities that could help propel a business beyond its competition.
Barriers to Innovation
The study noted that there were perceived barriers to innovation, and these depended on who was thought to be in charge of making it happen. For example, it was noted that study respondents who felt that CEOs were responsible for driving innovation indicated there were five things keeping innovation from moving forward.
Information Security Is not Aligned With Business Goals
If the security team does not know or is not concerned about the business goals of the company, then it is very difficult to effectively cooperate to help foster innovation.
Information Security Turnaround on Business Needs Takes too Long
When a bottleneck occurs every time ideas or apps are reviewed by the security team, it can be discouraging for management, developers, and others who have worked to bring ideas forward.
Executive Leadership is too Conservative on Information Risk
If leadership feels like everything is too risky and unwilling to budge, it can hinder the presentation of new ideas, as managers or other employees may feel they will simply not be approved due to risk concerns.
A Limited Budget/Resources for Iinnovation Iinvestments
Limited budget can always be a hindrance and can defintiely keep any project from moving forward.
The Information Security Approach Is not Enabling
A security environment perceived as “lock down” rather than cooperative and helpful can certainly be discouraging to those wanting to push innovative ideas.
Excluding IT Security Can Be Detrimental
While many of the previous barriers were felt to be issues with the security team, there may be reasons for this. If IT security is not included and informed when it comes to business goals, those very concerns can end up being a reality in an organization. If the security team is not included in the discussion of business innovation, there are certain consequences to this that were noted by the study.
An Innovative Project Fails Because of Poor Information Access
Not having the security team fully informed on what is being done can easily cause a project not to succeed, as finding a problem later in the process can be far more detrimental than working together to solve it from the beginning.
Information Security Risks Are too High Because Security Wasn't Brought Into the Process
If IT security is not part of the process, the security risks are not known until they finally get to review the project. In the end, security concerns could end up being too costly once the project information is finally given to IT security.
Slower Time to Market and Higher Costs
If the security team does find a way to make things work when not informed until the very end of a project, then the project can be heavily delayed while security concerns are addressed. If tacked on at the end, implementing security measures can end up being quite costly, as more development time or other expenditures may be necessary to mitigate any issues.
How can IT Security Be Included?
The study found that respondents believed there were particular strategies that could be employed to help the security team be included in the development and business process.
Ensure the Security Team Understands Industry and Business Goals
When IT security is well informed, it makes it easier for them to address and concerns early on and allows them more time during a project to find cooperative and meaningful ways to make the project work.
Ensure Enabling Business Innovation Is Part of the Charter or on the Scorecard
Having a measure of accountability for helping to enable innovation rather than simply dismissing business initiatives due to concerns can help a security team better find creative ways to implement the goals of projects as they come along.
Communicate a Well-Defined Roadmap
Sharing the security objectives of your organization with all parties that will be involved can help members of each team to have a better understanding of what the security team will be doing and how they can work with IT security to proactively address and/or fix what might be security concerns.
Ensure the Security Team has Connections With Key Business Leadership
Relationships with the right leaders on the business side of things will help pave the way toward mutual collaboration when developing a project, allowing security concerns to be addressed in a way that is beneficial to both parties.
Demonstrate How Security Technology Investments Have Direct Links to Business Priorities
When business understands the need to invest in security technology, then those costs can be addressed early in project development, and can even have something in place to address particular security concerns before a project is started. This can make both the security team and the business team feel much more comfortable when moving forward with a particular project.
Security and Development
While business and IT security can deliberate on how to innovate and maintain security, something that could springboard this process is to have your software developers and IT security work in collaboration when planning the innovative apps you want to deploy.
When asked about what their IT security teams were doing to enable innovation, one of the of the noted responses from respondents was that IT security teams would allow developers to “become embedded in business lines”. This allows security to work with development in collaboration to determine how to best innovate for business needs while also addressing security concerns. Another noted response included “breaking down barriers”, another good reason for the different departments to work together.
Breaking down barriers can be an essential part of fostering collaboration. If developers and security professionals understand where each other are coming from and what they hope to accomplish, innovation can be achieved, as they can use their knowledge to work together in order to meet the needs of business as well as security.
By getting this type of collaboration, IT managers and DevOps professionals will be able to look at cloud adoption in a new way, a way which may include the adoption with the full support of the IT security team!