It’s critical that IT teams work together with cybersecurity teams to ensure their organisation’s infrastructure is secure. Unfortunately, roles within the tech industry have become much more specialised over the past few decades, leading to isolated silos. This delimitation makes it increasingly difficult for teams to work together in an integrated and elegant way. This delta is even more pronounced between developers – who historically had a more detailed appreciation for the underlying tech prior to the abstraction of many newer languages – and security practitioners. This shift has resulted in rapid development, but concurrently, also overlooked security as part of the development process, and ultimately, security incidents.
IT leaders are beginning to recognise that a purely siloed approach is directly impacting the ability to harmoniously integrate security practices throughout their organisation.
In this article, we will explore the common pitfalls that occur in IT teams when it comes to security, and how to bridge the gap between developers and security practitioners effectively. We’ll also share expert advice on how to foster a more cohesive working environment where security becomes foundational.
The Common Missteps of IT Teams in Addressing Security
IT teams have a lot on their plate. They are responsible for designing, developing, and maintaining the technologies that businesses rely on to operate. However, with so many requirements to meet, security can often take a back seat.
Here are some of the most common mistakes:
Lack of Focus on Security Training
While organisations may be proactive in their efforts to ensure their teams have the necessary skills to do their jobs, they often falter in introducing a serious effort towards security training. When it comes to developing an application or standing up a new service, the total focus is all too often functionality, not security. This means that major vulnerabilities may be overlooked, leading to costly breaches and loss of sensitive data. Security measures need to be introduced as part of any project or BAU work, including Change Management practices. There are initiatives and controls like the Secure SDLC (SSDLC) that are both effective and pragmatic, but are often compromised – or even sacrificed entirely – in the name of expediting time-to-ship.
Overlooking Simple Security Measures
Often, the biggest cybersecurity lapses come down to simple oversights. Ports that are forgotten, old subdomains pointing to irrelevant assets, and outdated SSL certificates are all examples of overlooked yet easily addressed security issues. This is particularly apparent in development environments. It is these simple things that can lead to catastrophic security events.
Bridging the Gap: Advice from Experts
Bringing together developers and security practitioners is critical, but easier said than done. Here are some tips from experts in the industry on how to achieve a harmonious working environment where both sides can learn from each other:
Share Knowledge and Expertise
By sharing expertise and knowledge, teams can better understand each other’s respective roles and responsibilities. Encouraging developers to be interested in security is vital, and this can be achieved by security practitioners demonstrating explicitly how their code (or the project) can be compromised, and showcasing how measures to prevent similar attacks can be implemented in their own projects. Likewise, security practitioners should make an effort to understand how both infrastructure and development are evolving, and how this may impact security.
Collaborate on Security Strategy
IT teams and security practitioners need to work together closely to develop an effective security strategy. This should involve reviewing the infrastructure from the attacker’s point of view, identifying vulnerabilities, and addressing them proactively.
Conclusion
The importance of bridging the gap between developers and security practitioners has never been more apparent. The increasing complexity of IT roles and specialised fields means that it’s becoming harder to create secure and reliable infrastructures. By uniting both sides together through shared values, knowledge, and expertise, organisations can better address security issues and prevent costly breaches. Collaboration is the key to creating a cohesive environment where security is at the forefront of everyone’s minds.
