Data is the lifeblood of modern business, and organizations spend considerable amounts of time and money to ensure their information assets remain protected. Unfortunately, some companies are setting themselves up for failure with a misguided vision for how risk management responsibilities should be assigned.
The division of labor typically begins with a distinction between corporate, or physical, security teams and information security teams. The former are concerned with such tasks as building visitation policies and after hours surveillance while the latter deal more in the digital space of social media usage policies and network monitoring.
"They were created as two separate departments, with different people, cultures and ways of thinking," explained CSO Online columnist Bob Violino in his latest post. "By sharing skills, technology, processes and best practices, the two disciplines could more effectively defend against threats and deliver the kind of holistic security that organizations need. But change has come at a glacial pace."
Interestingly enough, it often takes a security incident to bring these two camps together and help them see the common ground that can and should be explored. As Deloitte security, privacy and data protection principal David Melnick told Violino, information security professionals can supply valuable knowledge regarding identity management and event log analytics tools while their counterparts offer up such forensic skills as employee interviewing and evidence collection.
At first it may seem as though the physical security wing would have much more to gain from such collaborations. But as rogue employees and portable hardware continue to put corporate data in harm's way at alarming rates, IT teams are starting to reach out for assistance.
"We increasingly live in a world where neither (physical and information security teams) can be effective without the ability to integrate with and rely on the other," Melnick added.
Although this emphasis on unification and convergence of security tools and protocols would be a step in the right direction for most organizations, they should not delude themselves into thinking that data security is an issue to be solved with a solitary solution.
As InformationWeek's Rajan Chandras insisted, the answer will always be a mix of art and science. Mobile device management platforms, for example, may seem like a comprehensive solution. But IT teams will need to navigate the political currents of their organizations and work across departments to develop and enforce policy that makes sound business sense.
Data Security News from SimplySecurity.com by Trend Micro