Connecticut
Information Security

Breaking Down Silos: Enhancing Security Through Collaboration

photo of people sitting near wooden table

At CTInfoSec, we work with a diverse range of clients across various industries and sizes. Despite their differences, many face the same challenge: operating security in a silo.

For security teams of all sizes, it is crucial to break out of these silos and regularly engage and collaborate with groups inside and outside the organization. For example, effective network security requires a relationship with those responsible for deploying the network. This principle applies across the board. Security teams cannot properly understand and test applications without meeting with the development team to understand the application’s purpose and the security controls in place before deployment.

Let’s be honest, security is now a concern for nearly every component of an organization from IT to HR and Marketing to Manufacturing. Security teams have their hands in making sure that assets, projects, and processes within the organization are secure. Just look at organizations like ISACA and SANS to see the various security skills needed and certifications available today. The hard skills of forensics and penetration testing must mix with the soft skills of knowledge gathering, communications and report writing.

To aid in breaking out of the security silo, security professionals must create strong, non-intrusive security guardrails to ensure consistency across teams, such as technical controls and procedural checks. These might include PAM systems requiring multiple authorizations or change control workflows involving various teams. Regular validation through audits or penetration testing ensures these controls work as intended.

Achieving high levels of security overnight is impossible, but becoming insecure overnight is very possible. Consistent and steady pressure on all areas of risk within an entity is essential. Each domain should be addressed while keeping the bigger goals in mind.

In an ideal world, a simple pre-planned schedule for engaging and validating controls would be adequate. However, this assumes a static environment with no evolving threats, which is rarely the case. Therefore, re-prioritization is often needed. Efforts should adapt based on newly disclosed threats, internal projects, and business priorities. Understanding this changing landscape requires interaction with other groups and teams. By understanding non-security objectives, steps can be created to support achieving those goals securely and appropriately.

Here are a few ideas of how to get started:
  • Proactively create open pathways to the security team for solution review and support.
  • Regularly attend meetings discussing foundational decisions, offering guidance on balancing project goals with secure implementation.
  • Validate that controls function as expected and address any shortcomings.
  • Remain flexible when focusing on risk. As priorities shift, adapt to changes while keeping the big picture in mind.

We help clients regularly with standardized approaches to security controls and collaborations across teams. Contact us today. We are here to help.