Breaking down silos in cybersecurity
All organizations erect silos – silos between groups and departments, across functions and among technologies. Silos represent differences in practices, culture and operations. Their presence inhibits communication and collaboration. As companies scale from startup to mid-sized and beyond, silos multiply and ossify. As operations expand from one site to many, from on-premises to cloud, from legacy to emerging tech (e.g., cloud and AI), silos don’t topple; they persist and proliferate.
Nowhere are silos more evident and more challenging than in cybersecurity. Industry pundits call for a unified approach and a holistic vision of attack surfaces, but the cybersecurity marketplace is awash with tools and architectures, each with its own approach and its own silos.
I sat down with Tyson Kopczynski, Principal at Cymetry One and former CISO at Aledade and Oportun, to discuss the challenges of silos in cybersecurity.
What do you think the silos in cybersecurity come from? Where are they creating the most challenges?
Silos in cybersecurity arise from differing priorities, perspectives, and approaches across teams and functions. Bridging these divides requires clear communication, collaboration and a shared understanding of an organization’s risk management strategies. Some examples include:
Security vs. development: Security teams prioritize controls as a matter of course, while development teams focus on speed and agility, leading to conflicts over security processes that impact prototyping and deployment.
Network vs. endpoint security: These two complementary focuses have different priorities and tools, creating gaps in coverage and misaligned response strategies.
Cloud vs. on-premises security: As organizations migrate to the cloud, duplicative efforts arise between teams focused on legacy on-premises security and those managing cloud infrastructure and cloud-native security solutions.
Governance/risk management vs. security operations: Governance focuses on long-term strategies and risk assessments, while operations concentrate on immediate threat detection and response, with potential disconnect in priorities.
Practitioners continue to acquire and juggle tool sets directed at endpoints, applications, network security, vulnerability management, cloud security, threat hunting and myriad other domains. But tooling is not a cure itself, it’s an accelerator, requiring teams and processes to be aligned in order to succeed.
Many of the silos you mentioned are related to cybersecurity tools, and it is certainly challenging to manage so many overlapping tools. What about teams? Are we seeing similar issues across cyber teams?
Absolutely. There typically isn’t a well-defined muscle to deal with the complex ‘system’ of cybersecurity from a delivery and management standpoint. The widespread use of various security tools to manage risks across multiple teams often creates excessive noise, making it difficult to pinpoint what truly needs attention.
Additionally, significant time and effort are spent identifying who is responsible for specific tasks, which could be the security team, product team, DevOps or even business units. This leads to a time-consuming loop of passing tasks between teams, formatting work for their understanding and ensuring it is completed. While current tools help identify issues, they fall short in supporting the execution and follow-through required to resolve them.
As an organization grows and its environment becomes more complex, this process becomes increasingly challenging. The lack of strong project management capabilities within many security teams adds to the problem. While tools excel at identifying cybersecurity threats and issues, they often fail to support the actual resolution process, making it difficult to complete tasks, close the loop and follow through effectively.
You’ve been in the trenches – what have you and your teams done to help break down silos in cyber and ultimately get to better outcomes?
One way to solve is through change management. Companies with strong project management processes in their engineering departments should extend those practices to security teams, including investing in product or delivery managers. Additionally, more developer-friendly security tools are needed for seamless integration. Without these, developers face difficulties navigating security tools, causing delays in execution.
To improve outcomes, organizations need to establish robust change management processes and better integrate security tools. This would empower developers to handle security within their workflow while involving security teams as expert consultants when needed.
Cybersecurity is still a technical discipline, a mix of software engineering and people management, frankly, if an organization is not skilled in engineering it is unlikely to excel in security.
OK, let’s shift a bit to cybersecurity tools – are they helping or creating additional silos?
A bit of both, I’d say. There are great tools that are focused on getting remediation recommendations and alerts to the right subsidiaries and teams. The best tools will also ensure that there’s a closed loop for teams to see that an action item was resolved. Plus, tools that help prioritize the myriad alerts are already helping a great deal.
To effectively manage risks across multiple teams, organizations can adopt an integrated approach that streamlines the use of security tools, ensuring that only relevant information surfaces to the right team. Then, by implementing cohesive processes and clear communication channels, teams can reduce noise and prioritize key tasks more efficiently.
Tools that are my first choice are those that focus heavily on operationalization, simplifying task delegation and optimizing resource allocation across all teams involved.
Any summary you’d like to end with?
I’d leave with this – the solution to heavily siloed teams and tools in cybersecurity lies in building foundational processes and improving tooling to facilitate end-to-end integration and ownership. When this happens, developers (and other teams) can work securely within their development environments while engaging security teams as consultants when needed.
Thanks, Tyson. From my perspective, I think your suggestions can go a long way toward breaking cybersecurity silos. The need for a holistic view across silos has never been more critical. As the digital footprint of organizations sprawls across hybrid cloud and on-premises environments the challenge of securing these diverse environments from a singular vantage point becomes a big focus for CISOs.
With a comprehensive view of the attack surface and threat landscape, organizations can efficiently identify and prioritize the most critical threats, leading to allocation of resources towards their most significant risks.