Bringing IT and security closer together

Mike Arrowsmith at NinjaOne looks at how organisations can foster better collaboration between IT and security

 

IT and security teams have had to adapt to a new era of work, an ever-changing threat landscape, AI implementation, and shifts in employee expectations. The need for collaboration between these teams has never been greater.

 

These two departments have previously shared information only when required. More recently, pushed by the rapid adoption of devices and operating systems over a wide, often remote workforce, organisations are struggling with complex, fragmented IT environments, which significantly increase the risk of security vulnerabilities and cyber-attacks. As a result, IT and security teams are coming closer together.

 

In this article, we will look at how organisations can foster better collaboration between the two functions and achieve the level of transparency needed to allow not just business continuity, but business growth.

 

How to unite teams

While many organisations have made significant progress in aligning IT and security, communication breakdowns remain a challenge. Historically, friction between these two departments was driven by competing priorities. For example, the CISO or head of the security team is responsible for the company’s security strategy, and related incidents are key concerns; while the CIO or head of IT, prioritises productivity, innovation and cost efficiency.

 

Today, many IT and security teams need better alignment to set precise, objective milestones, understand roles and responsibilities, and have continuous communication between all stakeholders. And that alignment should map to the organisation’s overarching objectives.

 

This level of collaboration is essential for productivity and resilience. Misalignment can escalate into conflicts and drastically weaken an organisation’s security posture. For example, if security teams introduce stringent endpoint controls without consulting IT teams, who prioritise seamless user access, IT and the organisation could be caught off guard without a plan, creating friction that diminishes efficiency.​

 

Clearly documented roles and responsibilities, paired with practical collaboration tools such as tabletop exercises, can help address this issue. As the UK National Cyber Security Centre (NCSC) testifies, these exercises are critical for enhancing organisational preparedness and facilitating clearer budgetary support for shared initiatives.

 

Aligning skillsets

Economic uncertainty and a widening IT skills gap amplify the need for stronger IT-security alignment. As Tech UK highlighted, businesses increasingly require professionals with both IT and security skills.

 

Technical incidents, which often arise from poorly managed endpoints, like an employee’s device or a server, underscore this overlap. In fact, ESG found that 77% of organisations experienced cyber-attacks originating from inadequate, unknown, unmanaged, or poorly managed endpoints.

 

Often, the same individuals responsible for managing those endpoints are tasked with investigating security breaches and forensics, making cross-functional expertise critical. Understanding whether the issue came from an unmanaged device or a security system vulnerability is essential to diagnosing and resolving threats.

 

It’s crucial for hiring managers on both teams to collaborate. Organisations that recognise and bring on candidates with transferrable skills will have better aligned IT and security teams.

 

Greater cross-functional visibility

As well as building versatile teams, organisations must also consolidate IT and security tools. With shared visibility through integrated platforms, both teams gain real-time insights into infrastructure status, threats, and vulnerabilities. These solutions help IT and security teams rapidly exchange critical information, accelerating their response to incidents and reducing the chance of errors or misunderstandings.

 

Automation within centralised tools further reduces manual effort, allowing both teams to concentrate on strategic objectives rather than routine tasks like patching, scanning, and incident triage. Enhanced analytics and reporting capabilities facilitate deeper insights, better decision-making, and measurable performance improvements across both disciplines.

 

By leveraging unified platforms, organisations can foster alignment on priorities and shared accountability, ensuring IT practices consistently align with security standards and compliance requirements.

 

Ultimately, centralised tools empower IT and security teams to become more agile and proactive, strengthening organisational resilience, improving efficiency, and enabling a cohesive, strategic approach to managing security and technology risks.

 

Greater than the sum of our parts

Cyber-security incidents are inevitable, which is why rapid detection and containment are so important for cyber-recovery. Creating defined roles and handoffs for IT and security teams facilitates faster response times and ensures uptime in a world full of disruptions. This is crucial to supporting secure innovation and business scalability.

 

Organisations that place an emphasis on open cross-department communication, coordinated leadership, shared expertise, and integrated technological solutions can dramatically improve cyber-resilience and their productivity. 

 

---

 

Mike Arrowsmith is Chief Trust Officer at NinjaOne 

 

Main image courtesy of iStockPhoto.com and AntonioGuillem