How are you maintaining data and system security as IT decision making becomes increasingly decentralized?

Security Strategy & RoadmapData Privacy & Protection
682 viewscircle icon2 Upvotescircle icon55 Comments
Sort by:
Chief Technology Officer in Software3 years ago

Automated policies and platforms that enable self service with safety and security built in.  Centralised approaches can work but at the cost of inhibiting innovation and causing a huge increase in costs of change.  Swinging the pendulum fully the other way creates real risk but it is possible to have both to a reasonable degree

Lightbulb on1
IT Director and Software Producer in Software3 years ago

I agree that this is actually 2 questions. 

For data and system security, we're actually going in a different direction, and I think many others are as well. I used to maintain a dozen different systems from a dozen different vendors, but now everything is centralized with a dedicated 3rd-party specialist company.

For decision-making, it's now done by process-driven committees, rather than simply by the head of IT.

Lightbulb on1
VP IT in Energy and Utilities3 years ago

In short, common data and security policies across teams is essential. While some decision making processes may becoming more decentralized, we still have common policies and processes to follow, with approvals in place to ensure we still have some level of central oversight. We also utilize 3rd party tools to help pull some of this information and the related decisions together into an area where it is easy to find and digest. Ultimately, culture and execution is key, and needs to be consistently applied across all levels.

Lightbulb on1
Group Executive, IT in Services (non-Government)3 years ago

I take that "IT decision making becomes decentralised" as in users and business units having a more say in what systems and tools they want to use and how they use them. I think it is a good thing for obvious reasons: you get more fit-for-purpose systems that are loved by users and it's easier for IT to manage. You can still achieve tight data and system security in such environment. I want to share below learnings: 1) Have clear and aligned IT decision making process with the business, who can request, input, who is to be consulted and who makes the final decision - IT does; 2) Build security considerations and criteria into the above processes and stay firm while balancing security and business needs & practicality; 3) Take every opportunity to educate the business on risk and security; 4) Security is an ongoing journey, pick your battle and celebrate every win!

Lightbulb on1
CIO in Software3 years ago

Interoperable software across data siloes

Content you might like

Do you use ServiceNow to manage access and support identity and access management within your organization?

Yes68%

No33%

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

Read More Comments

How are you currently managing SIEM costs? Have you found effective ways to actually reduce storage costs for your SIEM?

Read More Comments

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

What would you say is the key component of your Security Awareness Program?

Video Training16%

Phishing Simulations66%

Infographics11%

Gaming5%

Other (please share below)

View Results