What Happens When you Eliminate The Friction Between IT and Security?

March 18, 2020 Jason Rolleston

Every business in the world wants passionate people on their team. People who care. People that want to get the job done.

But what happens when passionate people are faced with an insurmountable task?

Friction, Conflict, and Frustration

When it comes to vulnerability management, there are two teams trying to tackle what seems like an insurmountable problem without the tools to do it right. On one side are the security teams, operating under a legacy approach that sees everything as a risk and with no real way to identify the risks that matter most. On the other, there are IT teams, whose job it is to install patches for an overwhelming number of vulnerabilities, and who remain skeptical on the necessity of the number of patches required.

Making things worse, these teams’ goals are typically diametrically opposed – security nirvana is a 100 percent patch rate of vulnerabilities in their infrastructures; while IT valhalla is 100 percent uptime, impossible to achieve while patching vulnerabilities. 

There’s constant friction. They fight because each side is passionate about what they do.

If nothing changes, the situation will only get worse. Companies are expanding their IT infrastructure, developing more applications at a faster pace, and putting them on more devices, vastly expanding the attack surface.

Advanced Intelligence, Data Science and Automation Can Grease the Wheels

Without data science and automation, IT can get sucked into an endless morass of patching that limits their ability to focus on high-value projects that enhance the business. And without data, security teams struggle to explain how their recommendations translate into a measurable reduction in risk.

Real change starts with a simple fact. Just 4 percent of vulnerabilities pose a real risk to an organization. Kenna Security leverages a decade worth of real-world vulnerability management and exploit data to identify them.

That enables seamless coordination between the security teams and IT professionals to focus their efforts on the riskiest vulnerabilities and to avoid opinion driven arguments by relying on undisputed evidence. Used this way, the Kenna Security Platform reduces the number of patches by up to 90 percent and eliminates all of the wasted time that companies spend arguing about what to do. No more weekly patch debate. No more us vs. them, but efficient risk-based vulnerability management.

For IT professionals tasked with installing patches, the ability to prioritize vulnerabilities enables a higher level of planning. IT leaders will have a greater understanding of how much time they’ll allot to vulnerability management. And the executive team overseeing these functions can get trusted reports grounded in actionable data.

Taking a Data-Driven Approach to Risk

Here’s a recent example. One of our clients, a major airline, had an IT team that was passionate about using technology to enhance the customer experience. But they frequently ran into roadblocks from their security team, which had a strict focus on compliance.

The company developed a plan to align its cybersecurity approach to company goals. They turned to Kenna to help their internal security team take a data-driven approach to risk. In using the platform, the security team was able to rapidly engage with developers and IT teams as projects were ongoing, advising them on the use of the best and most secure technologies. This forged a valuable partnership that led to an overall halving of the company’s vulnerability risk while still meeting compliance goals AND enabling company strategy.

When the friction between IT and security is reduced or eliminated, it turns passionate people into partners, and allows them to work toward common goals, not against each other.  

Get the latest e-book and learn how CIOs can increase their teams’ efficiency and effectiveness while reducing the company’s overall risk profile.

The post What Happens When you Eliminate The Friction Between IT and Security? appeared first on Kenna Security.

Previous Article
An open letter from Karim Toubba, CEO of Kenna Security
An open letter from Karim Toubba, CEO of Kenna Security

We are in unprecedented times, and like all of you, Kenna Security is focused on providing our services to ...

Next Article
Are We Patching CVE-2020-0688 (the Microsoft Exchange RCE) Fast Enough?
Are We Patching CVE-2020-0688 (the Microsoft Exchange RCE) Fast Enough?

Last month, we analyzed progress versus the widely publicized ECC encryption vulnerability CVE-2020-0661 th...