An organization’s IT security has two sides: a macro view and a micro view. It can be difficult to see both sides of the coin.
The 451 Alliance interviews hundreds of IT and business professionals each year to get an insider’s view of IT security. A closer look at these conversations indicates that priorities and pain points differ widely between C-suite executives and members of the IT team.
Heads: the C-Suite Executives
When we asked senior management about their top security pain points, these were the themes:
Lack of Buy-in from IT Teams
“The IT operations guys have historically not been focused on security and have thought of it as becoming someone else’s problem, our problem… They’re focused on availability and uptime… which leads to problems where we’re saying, ‘Look, you really need to do patching on this particular server because it’s going to be a vulnerability, and it’s critically important to our business.’ And they’re saying, ‘Well, that would require it to have down time.'”
Lack of Big-Picture View of Vulnerabilities
“There’s not a whole lot of people on staff who understand those pain points… and dealing with some of these people, whether it’s a helpdesk technician or a manager, they just don’t get it.
“They don’t understand security in this particular organization. So that’s painful when you’re trying to implement really advanced security technologies and get it to the point where you’re protecting the organization.”
“The greatest pain point is keeping the organization focused and sticking with the security plan…. Sometimes the organization likes to drift off, you know, ‘Here’s an interesting new little toy out there,’ or ‘Wouldn’t it be nice if we bought this solution.’ Sometimes it’s difficult to get the organization focused on plan and staying on plan.”
Tails: the IT Team
The boots-on-the-ground IT staff tell a different story. Engineering teams mentioned the following as their biggest security pain points:
“Our biggest issue is a lack of the security people we need. That’s being addressed, but it takes time to get people onboarded and functional. It’s not that it’s been ignored, it’s just that it’s hard to catch up. The second thing is really the staff’s skills…. The staff that’s here has to either learn new skills or become more proficient at certain skills. The security field is really a learning field… and so you’re feeling that pain, too, the gap between where you’re comfortable and expert, and where you need to grow. And that takes time.”
“We’ve had, I would say, a 30-40% increase in spam attempts. As soon as I get one method taken care of, they come out with another one. And now they’re actually doing phone calls…. I’m trying to tighten it down as much as I can, but the limitations by the network control won’t let me tighten it up as much as I want to. So it’s a fine balance.”
Micro vs. Macro View
While senior management is focused on the big picture and budgets, IT teams are combatting immediate issues with limited resources.
Does your company struggle to balance C-Suite objectives with running day-to-day IT operations? Want to share your story? See if you qualify for an interview as a member of the 451 Alliance.