Why it Takes a Team to Keep Your Data Safe

Have you ever rooted for a sports team that, well, really doesn’t function as a team? It gets frustrating all too quickly.

Every player goes their own separate way, trying to do what he or she does best. Meanwhile, their teammates might as well be playing in another building. The absence of teamwork becomes especially glaring when it comes to defense. Even the biggest star faces limits. No single player is enough to stop the other side alone and indifferent attention to team defense is a sure recipe for defeat.

Teams raise their chances of winning by working together and helping each other out. The same goes for cyber security, where playing team defense offers the best chance to keep the bad guys at bay.

While every business is different and security teams organize their defenses differently, one fundamental rule still applies: Every member of the security team should have a clearly defined role in order to split up the work. Jeannie Warner, CISSP and senior manager, outbound product management at Symantec, suggests the team include persons with the following areas of expertise:

• IT
• Development/Engineering
• Legal
• Compliance
• Security tools
• Business

Notably, Warner recommends including development and engineering. This touches on the topic of Agile development and its close cousins, DevOps and DevSecOps (DevOps combines application development and IT operations; DevSecOps adds security to the mix).

“Your dev and engineering teams have to be on board with testing and checking their work – and embedding security in as early as possible,” Warner said. “Because if they don’t, your IT team has to defend swiss cheese and your security team will get blamed for it. And that’s just wrong.”

Consistent Tools

One of the team’s major tasks is to specify the tools that will be used. Input from everyone is important. Otherwise, a top-down, dictatorial approach might result in unwieldy security measures that are likely to be bypassed by those that have to use them. Once the tools are selected, they should be implemented consistently organization-wide.

“Diversity is a nice word for HR, and a horrible word for IT architecture. Consistent laptops, consistent server types, consistent choices in architecture make it easier to distribute patches and manage the constant security updates,” according to Warner. 

Robert Rosen, CTO and vice-president of R&R Computing and a veteran federal government IT leader, agrees.

“The problem with guerilla IT units doing their own thing is the very real possibility that they will not use the latest tools and, even worse, may not detect the break-in until the damage is done,” he said. “Sadly, I have personal experience on that.”   

Consistency also helps team dynamics, he said. “This stuff is complex. Better having everyone working with the same set of technology so they can cross pollinate and help each other,” he says. One way to foster consistency is to use the power of the budget where centralized funding leads to centralized tool selection.

As Rosen recalled, “If we paid for it, they were happy to use it and not spend their money."

Teamwork in Action

We all know that meetings can be an ordeal, but they are unavoidable. What’s more, they have their place. Some meetings focus on discussion, letting every voice be heard’ others are all about making decisions. Warner says it’s important to understand the difference. Having both a clear purpose and an advance agenda are essential ingredient to ensure that each type of meeting is productive. Importantly, she added, get a project manager “who really knows how to herd cats and make meetings hum along.”

That also speaks to the essential question of leadership.

“You need to have a single person who has the ability to settle all debates, make informed decisions, and effect change,” Warner said. “That leader becomes indispensable in a crisis, when the whole team must act as one.”

In practice, she said, the leader must take charge and assure that responses to infections and break-ins are coordinated and complete.

But again, this is a team sport where everyone must share the bigger objective defending corporate data, thwarting break-ins and preventing downtime – all of which will give your organization an edge over competitors that ignore those things at their peril. It’s an overwrought business cliché but it’s never been truer: Teamwork will not just protect your data; it will help turn your organization into a winner.