How are you maintaining data and system security as IT decision making becomes increasingly decentralized?

601 views2 Upvotes61 Comments

Director of IT in Education, 1,001 - 5,000 employees
The question feels like it could be 2-in1.  IT decision making is not becoming increasingly decentralized, as we work well with our team, but ultimately make the final decisions, regarding pathways & relative implementation.  However, we monitor security as best we can, with a combination of our in-house tools, along with 3rd party resources.
IT Strategist in Government, 1,001 - 5,000 employees
First, we are trying to avoid a true IT decision decentralization by focusing our partners outside of IT on business problems, requirements and outcomes, which allows IT to focus on technology lifecycle and related decision making. Second, security is being implemented as a concerted effort between Architecture, Design and Deployment teams, where everyone has a set of standards and recommendations to follow or comply with. Lastly, all major initiatives or procurements with any IT components need to be reviewed and validated by the IT Security Team.  
VP( Network Engineering and Delivery) in Telecommunication, 10,001+ employees
We follow the policy of decentralisation of frequent not strategic decisions but centralisation of strategic, business impacting decisions. Protection of data and Security decisions are quite critical and taken at top level, however we always follow bottoms up approach for decision making. Also we strongly maintain good repository of critical data and security tools for consistency and as single source of truth 
MSP & IT Director in Services (non-Government), 2 - 10 employees
I dont believe IT decision making is becoming increasingly decentralized as stated, however there is more (security) integration and understanding needed between management parties which has broadened the decision making , with IT driving the options that work best with our data systems.
Vice President / IT Services / Digital Workplace leader in Software, 10,001+ employees
Looking at them as a combined item won't always work.  I look at it as three separate items.  One is the data security itself, then the systems security and access as another item, them as a third item where the data is contained on specific systems.   By breaking them up into individual parts as well as combined, it helps ensure you are seeing the big picture.  leveraging core tools to keep that big eye in the sky visibility on each of the systems and data points is mandatory.  We tag data with specific use cases so its easier to understand when something out of the ordinary is happening to data.  This is the same approached used on systems access.   Ensuring you have known use patterns to bounce live data against, helps ensure you are maintaining proper security control of who and what has access to your data and your systems.   Tryin to do this ONLY with human elements is impossible and doing this ONLY with tools is not a good idea.  There needs to be a balance of human element and tech tooling. 
VP, Technology Manager in Education, 10,001+ employees
We are actually working very hard to prevent decision making from becoming decentralized. We are squashing shadow IT initiatives, identifying contracts that forget to include Technology, and generally stepping up all areas of IT auditing. In a highly regulated industry the management of our data appropriately is absolutely key to our future success.
Assistant Director IT Auditor in Education, 10,001+ employees
This is an issue that every organization security program has to address as emerging technologies like cloud and blockchain are being implemented, the decentralized network is a growing trend in the business environments.

Therefore, CISOs have to find a way to create IT security teams that operate within their decentralized organization to ensure IT security has a strong presence in every part of the organization to ensure security is applied and enforce within the decentralized organization.
Director of IT in Healthcare and Biotech, 10,001+ employees
These two areas are becoming more integrated together and not quite as decentralized as one would think. There are solution-oriented processes along with discovering what is important to our cybersecurity teams and understanding the type of data that needs to be managed. All of these make this a uniform decision rather than decentralized because there are many different parts of the IT organization that are combining their processes and resources to support the various business objectives.
Secure Facilities Information Technology Manager in Manufacturing, Self-employed
We rely on our auditing process to ensure that we are meeting our requirements and best practices.   
VP of IT in Software, 5,001 - 10,000 employees
Great question. It's not easy. What we have attempted to do is have our centralized security and operations teams create secure common objects so that our engineering teams can all build from a known good secure image. We also have audit reports that flag systems that are less secure.

Content you might like

Disruption via ransomware46%

Exploitation via phishing62%

Exfiltration of PII (Personally identifiable information)46%

Disruption via DDoS attacks34%

Disruption of a business-critical application21%

Other (comment below)2%


1.4k views1 Upvote

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
48.5k views133 Upvotes326 Comments