The rapid adoption of new technologies and devices has created a chaotic digital landscape for IT and security teams to co-manage.
Work from anywhere (WFA) remains the standard, with employees working from multiple locations across a growing range of devices, all while the threat landscape continues to increase.
As a result, IT faces greater complexity and challenges in securing and managing their employees’ endpoints. To solve this, IT and security teams must strike a balance: ensuring employees have both the technology and IT support to work where and how they want, while also doing so securely.
Traditionally, IT and security teams have operated as separate units, coming together only when necessary. However, with digitalisation, employee productivity, and resilience central to business performance, collaboration between these two critical business functions is fundamental. Organisations should consider where they can strengthen IT and security collaboration to maximise their opportunity to scale thoughtfully and resiliently from the start. Here’s what that looks like in practice.
Streamlining communication
While many organisations have made strides in aligning IT and security, communication breakdowns can remain a challenge. Historically, friction between these two departments was driven by a lack of communication and competing priorities. For the CISO or head of the security team, reducing the company’s attack surface, limiting access privileges, or banning apps that might open their organisation up to unnecessary, additional risks are likely to be core focus areas. While for the CIO or head of IT, ensuring employee productivity and finding new ways to drive innovation (often by adopting new tools and technologies) are typically top priorities.
But today, with more employees opting to operate outside of office walls and with a custom mix of device, application, and other OS preferences, gaps between IT and security teams have the potential to significantly hamper operations. With the stakes so high and the digital landscape so complex, it’s essential to have more proactive alignment between IT and security teams in setting milestones, communicating roles and responsibilities, and maintaining communication across stakeholders.
The good news is, there are more opportunities now than ever before for IT and security operations to naturally converge – in endpoint management, patch deployment, identity and access management, you name it. It can help to clearly document IT and security’s roles and responsibilities and practice scenarios with tabletop exercises to get everyone on the same page and identify coverage gaps. As the UK National Cyber Security Centre (NCSC) testifies, tabletop exercises are critical for enhancing organisational preparedness and making sure each team knows where responsibilities and priorities lie when it comes to shared initiatives. In other words, practice makes perfect when it comes to keeping both teams in sync.
Cross-team learning
Economic uncertainties and a widening skills gap only amplify the need for stronger IT-security alignment. As Tech UK highlighted, businesses are increasingly looking for professionals who possess both IT and security skills – to streamline joint IT and security operations.
Technical incidents, which often stem from endpoints (think: a remote employee falling victim to a phishing attack that puts the whole organisation at risk), highlight this overlap. Earlier this year, ESG found that 54% of organisations experienced cyberattacks originating from inadequate, unknown, unmanaged, or poorly managed endpoints. Often, the same individuals responsible for managing those endpoints are the ones investigating security breaches, making cross-functional expertise critical. Understanding whether the issue came from an unmanaged device or security vulnerability is essential to quickly diagnosing and resolving threats – both present and future.
Organisations who can recognise, retain, and help upskill candidates with transferrable skills in these areas will be the ones with the most closely aligned IT and security teams.
End-to-end visibility
In addition to building versatile teams, organisations should focus on consolidating IT and security toolkits by prioritising solutions that expedite time to value and boost visibility. We’ve said this in security for a long time: you can’t protect (or defend against) what you can’t see. With shared visibility through integrated platforms and consolidated toolkits, both IT and security teams can gain real-time insights into infrastructure, threats, vulnerabilities, and risks before they can impact business. Solutions that help IT and security teams rapidly exchange critical information, accelerate response to incidents, and document the triaging process will make it easier to address similar instances in the future.
Today, automation is also critical for reducing cumbersome, manual work and information sharing between IT and security teams, allowing both teams to focus human effort on furthering strategic objectives rather than addressing routine tasks like patching or vulnerability scanning. Enhanced analytics and reporting capabilities can also enable deeper insights, better decision-making, and improve performance across both disciplines.
By leveraging unified platforms, organisations can foster greater alignment across priorities, ensuring IT practices consistently align with security standards and evolving compliance requirements.
Ultimately, centralised tools empower IT and security teams to be more agile and proactive by strengthening resilience, improving efficiency and collaboration (while cutting down on tool sprawl), and driving a more cohesive, strategic (and less burnout prone) approach to technology management.
Team Unification
Cyberattacks are an unavoidable part of business, making quick detection and mitigation essential. Organisations have already taken steps to streamline collaboration, but IT and security teams must continue to evolve with the threat landscape. Strengthening incident response and accelerating threat detection, while also prioritising employee productivity and workplace flexibility, demands strategic alignment. Organisations that foster open communication, unified leadership, complementary skills, and cohesive solutions will be more resilient and better prepared to adapt to ongoing change.
About the Author
Mike Arrowsmith is Chief Trust Officer at NinjaOne. NinjaOne, the automated endpoint management platform, delivers visibility, security, and control over all endpoints for more than 30,000 customers in 130+ countries. The cloud-native NinjaOne platform simplifies endpoint management, patching, and visibility for environments at any scale. It is proven to increase productivity, reduce security risk, and lower costs. NinjaOne is obsessed with customer success and provides free and unlimited onboarding, training, and support.
