How are you maintaining data and system security as IT decision making becomes increasingly decentralized?

Security Strategy & RoadmapRisk Management
682 viewscircle icon2 Upvotescircle icon55 Comments
Sort by:
Chief Technology Officer in Software3 years ago

Automated policies and platforms that enable self service with safety and security built in.  Centralised approaches can work but at the cost of inhibiting innovation and causing a huge increase in costs of change.  Swinging the pendulum fully the other way creates real risk but it is possible to have both to a reasonable degree

Lightbulb on1
IT Director and Software Producer in Software3 years ago

I agree that this is actually 2 questions. 

For data and system security, we're actually going in a different direction, and I think many others are as well. I used to maintain a dozen different systems from a dozen different vendors, but now everything is centralized with a dedicated 3rd-party specialist company.

For decision-making, it's now done by process-driven committees, rather than simply by the head of IT.

Lightbulb on1
VP IT in Energy and Utilities3 years ago

In short, common data and security policies across teams is essential. While some decision making processes may becoming more decentralized, we still have common policies and processes to follow, with approvals in place to ensure we still have some level of central oversight. We also utilize 3rd party tools to help pull some of this information and the related decisions together into an area where it is easy to find and digest. Ultimately, culture and execution is key, and needs to be consistently applied across all levels.

Lightbulb on1
Group Executive, IT in Services (non-Government)3 years ago

I take that "IT decision making becomes decentralised" as in users and business units having a more say in what systems and tools they want to use and how they use them. I think it is a good thing for obvious reasons: you get more fit-for-purpose systems that are loved by users and it's easier for IT to manage. You can still achieve tight data and system security in such environment. I want to share below learnings: 1) Have clear and aligned IT decision making process with the business, who can request, input, who is to be consulted and who makes the final decision - IT does; 2) Build security considerations and criteria into the above processes and stay firm while balancing security and business needs & practicality; 3) Take every opportunity to educate the business on risk and security; 4) Security is an ongoing journey, pick your battle and celebrate every win!

Lightbulb on1
CIO in Software3 years ago

Interoperable software across data siloes

Content you might like

How has the COVID-19 crisis affected your fiscal 2022 budget planning?

We will be tightening our budgets.25%

We will be increasing our budgets.58%

It has no effect at all on our 2022 budgets.13%

Unsure3%

View Results

Do you have a clear understanding of your legal liability in case of a breach?

Yes44%

Only partial understanding48%

No5%

Unsure1%

View Results

I’ve been digging into ways to strengthen Zero Trust on IBM i systems, especially as more orgs shift toward hybrid cloud. I’m curious, how are others approaching threat detection around shadow AI use and supplier exposure in these environments?

Our organization is in the process of re-engineering a recruitment system and would like to know gaps, risks and vulnerabilities in development of languages and databases: the following were identified 1. PHP 8.x-Microsoft SQL through ODBC 2. ASP.NET-Microsoft SQL 3. Java-Microsoft SQL

Apart from applying the patches just released, what other mitigation tactics are you using to address the zero-day SharePoint vulnerabilities impacting on-premises servers?