When you are in DevOps and IT management, achieving cloud adoption can be a daunting task. Even though the cost savings for adopting cloud solutions are often excellent, getting everyone on board can still be difficult.
One way to get things going in the right direction is to encourage collaboration between your security team and your development team. A study by IDC found that respondents to the study generally agreed that IT security risk was the biggest inhibitor to business innovation, with a large majority of executives letting it be known that their organizations had shied away from one or more business opportunities due to IT security concerns.
While these concerns are certainly important, the study also noted that collaboration and a balance between security concerns and innovation could bring about the opportunities that could help propel a business beyond its competition.
Barriers to Innovation
The study noted that there were perceived barriers to innovation, and these depended on who was thought to be in charge of making it happen. For example, it was noted that study respondents who felt that CEOs were responsible for driving innovation indicated there were five things keeping innovation from moving forward.
Information security is not aligned with business goals
If the security team does not know or is not concerned about the business goals of the company, then it is very difficult to effectively cooperate to help foster innovation.
Information security turnaround time on business needs takes too long
When a bottleneck occurs every time ideas or apps are reviewed by the security team, it can be discouraging for management, developers, and others who have worked to bring ideas forward.
Executive leadership is too conservative on information risk
If leadership feels like everything is too risky and unwilling to budge, it can hinder the presentation of new ideas, as managers or other employees may feel they will simply not be approved due to risk concerns.
A Limited budget/resources for innovation investments
Limited budget can always be a hindrance, and can defintiely keep any project from moving forward.
The Information security approach is too much of a lock down and not enabling
A security environment perceived as ‘lock down’ rather than cooperative and helpful can certainly be discouraging to those wanting to push innovative ideas.
Excluding IT Security Can Be Detrimental
While many of the previous barriers were felt to be issues with the security team, there may be reasons for this. If IT security is not included and informed when it comes to business goals, those very concerns can end up being a reality in an organization. If the security team is not included in the discussion of business innovation, there are certain consequences to this that were noted by the study.
An innovative project fails because of poor information access
Not having the security team fully informed on what is being done can easily cause a project not to succeed, since finding a problem later in the process can be far more detrimental that working together to solve it from the beginning.
Information security risks associated with innovative initiatives are too high because security was not brought into the process
If IT security is not part of the process, the security risks are not known until they finally get to review the project. In the end, security concerns could end up being too costly once the project information is finally given to IT security.
Slower time to market and higher costs when security needs to be put in as an afterthought
If the security team does find a way to make things work when not informed until the very end of a project, then the project can be heavily delayed while security concerns are addressed. If tacked on at the end, implementing security measures can end up being quite costly, as more development time or other expenditures may be necessary to mitigate any issues.
How can IT Security Be Included?
The study found that respondents believed there were particular strategies that could be employed to help the security team be included in the development and business process.
Ensure the security team understands the industry and the business goals of the organization
When IT security is well informed, it makes it easier for them to address and concerns early on and allows them more time during a project to find cooperative and meaningful ways to make the project work.
Ensure enabling business innovation is part of the charter or on the scorecard for measuring the information security function
Having a measure of accountability for helping to enable innovation rather than simply dismissing business initiatives due to concerns can help a security team better find creative ways to implement the goals of projects as they come along.
Communicate a well-defined roadmap for security that ties to corporate strategy and share it with other business functions
Sharing the security objectives of your organization with all parties that will be involved can help members of each team to have a better understanding of what the security team will be doing and how they can work with IT security to proactively address and/or fix what might be security concerns.
Ensure the security team has connections with key business leadership
Relationships with the right leaders on the business side of things will help pave the way toward mutual collaboration when developing a project, allowing security concerns to be addressed in a way that is beneficial to both parties.
Demonstrate how security technology investments have direct links to business priorities
When business understands the need to invest in security technology, then those costs can be addressed early in project development, and can even have something in place to address particular security concerns before a project is started. This can make both the security team and the business team feel much more comfortable when moving forward with a particular project.
Security and Development
While business and IT security can deliberate on how to innovate and maintain security, something that could springboard this process is to have your software developers and IT security work in collaboration when planning the innovative apps you want to deploy.
When asked about what their IT security teams were doing to enable innovation, one of the of the noted responses from respondents was that IT security teams would allow developers to ‘become embedded in business lines’. This allows security to work with development in collaboration to determine how to best innovate for business needs while also addressing security concerns. Another noted response included ‘breaking down barriers’, another good reason for the different departments to work together.
Breaking down barriers can be an essential part of fostering collaboration. If developers and security professionals understand where each other are coming from and what they hope to accomplish, innovation can be achieved, as they can use their knowledge to work together in order to meet the needs of business as well as security.
By getting this type of collaboration, IT managers and devops professionals will be able to look at cloud adoption in a new way, a way which may include the adoption with the full support of the IT security team!
Get on the Cloud with Morpheus
If you are looking to begin cloud adoption Morpheus makes provisioning, scaling, and maintenance of your apps and servers a breeze. You can provision databases and servers quickly, and have your app up and running in no time! Using the available tools, you can also monitor the various parts of your system to keep track of uptime, response time, and to be alerted if an issue does arise.
The Morpheus interface is clean and easy to use. Source: Morpheus.
Morpheus allows you to provision apps in a single click, and provides ease of use for developers with APIs and a CLI. In addition, backups are also automatic, and you can have redundancy as needed to avoid potentially long waits for disaster recovery to take place. To learn more, sign up for a Morpheus demo today.
