Security Culture Matters when IT is Decentralized

Decentralized structures can give organizations powerful agility and speed up the deployment of new technologies. But the cost of decentralization is that it’s hard to ensure decisions are made consistently and with all the right considerations in mind—which is a very real problem when it comes to security. Fifty-six percent of CISOs in EY’s 2021 Global Information Security Survey said their teams are consulted late or not at all when company leaders make time-sensitive strategic decisions. More than a quarter (27%) said that, at least to some extent, the speed of technology rollouts prevents suitable cybersecurity involvement.

This puts CISOs and their security teams in a tough spot. On the one hand, they’re accountable to protect the organization against cyber harms, and the attack surface keeps growing. On the other, if they become an impediment to flexibility and responsiveness, they risk creating internal rifts between security and the business.

Fortunately, there are three steps enterprise IT security teams can take to protect the enterprise in a decentralized IT context: 1) create a security culture and proactively seek visibility into solutions being procured; 2) build in detection and response technologies wherever possible; and 3) have a formalized incident response plan for dealing with threats when they occur.

1. Create a security culture—and seek visibility

Decentralized IT combined with a “we need it yesterday” mindset can result in technology procurements that overlook security. There’s also the risk of shadow IT, which can’t be addressed just by banning unauthorized

Read more

Explore the site

More from the blog

Latest News