The role of IT is to serve the business and protect the enterprise. Traditionally, IT did this by evaluating and making all the software decisions — but this is no longer the case.
The business is buying the software to serve itself, and leaving protection of the enterprise largely to IT.
This split responsibility is what drives so much of the friction between teams seen today, but both IT leadership and business executives must adapt to a new reality based on close collaboration and a new level of intimacy.
“It’s come up even more since COVID, that ‘a-ha moment’ where every CEO recognized that without technology in all corners of their business, the business just doesn’t run,” says Gartner vice president, analyst Janelle Hill.
She says the use of technology has simply become so incredibly pervasive that everybody must have digital dexterity skills and be comfortable learning, adapting, building, maintaining, and configuring technology solutions to business issues.
“I hear the term strategic engagement a lot and what it means for IT to be more engaged with the business,” she explains. “When people are engaged, not just aligned, then they’re working together very closely to achieve some shared outcome.”
To engage, the key players must establish a shared vision, which Hill says goes back to determining the outcome the organization is trying to achieve. “What are the obstacles, and then what’s the role technology, if any, can help you achieve that outcome?” she says. “Engagement means both parties recognize they can’t get there without the other.”
Alignment and Transparency Between IT and Business
Michael Maxey, vice president of business development Zededa, says “intimacy” between IT and business implies an alignment on desired outcome as well as collaboration and transparency during the decision-making process.
“Businesses today are looking to drive new value from software, to increase competitiveness, open new revenue streams, and increase efficiencies,” he explains. “As part of this, the business often drives the software decisions, proof-of-concepts, vendor selection, and more.”
It’s not until the end of the process that IT is brought in to “sign off and deploy”, and this siloed approach results in teams working separately, often producing poor results and driving animosity between the groups.
“Instead, if the business and IT teams work together for the entire project, requirements are surfaced and expertise from across the organization is brought in to make the best possible decisions,” Maxey says.
From his perspective, there are several best practices that can ensure closer alignment between IT and businesses.
“Embed IT into the business unit, versus in a separate department and ask IT to project manage business software projects so they are always in discussions and aware of the process,” he says. “Bring in security teams early, because delaying these conversations can result in a lot of unknowns that must be addressed at the last minute.”
It’s also important to connect the team goals and give the business goals around simple IT practices and give IT goals around business success.
“This will encourage the two teams to look out for each other to ensure the individual goals are met,” Maxey says. “If in the office, bring the teams physically together. Too often IT is in a different building or floor, and often this adds to them becoming an afterthought to business teams.”
The Key Role Security Plays
Maxey says security is commonly known as the “no factory”, is confusing to most businesspeople, and it is often seen as a chore to “go to security”.
“It’s critical that organizations overcome this perspective,” he says.
IT security teams can help by educating the business teams on the types of security-related items to look for when choosing solutions.
“Instead of only providing a yes or no answer, help the business teams to understand why and enable future interactions to be more effective,” Maxey adds.
John Bambenek, principal threat hunter at Netenrich, points out that to be successful in security leadership, you can’t speak technical — you need to speak business.
“For years there has been content about how to sell cybersecurity to the board,” he says. “The answer is always the same — show how specific strategies in cybersecurity are good business decisions.”
He says to protect any organization, you need to know two things: what matters to criminals, and what matters to the business.
“If security becomes an obstacle to business, security always loses,” he notes. “Security must be seen and actually be an enhancement to business or, at a minimum, a reduction of clear business risk.”
Influence of Intimacy on Working Relationships
Bambenek says security leaders must build relationships with business leaders and take time to understand what the business does, how it does it, so they can learn how to protect it. “Relationships matter,” Bambenek says. “Ultimately, the outreach needs to start from security, starting with listening and building understanding.”
Maxey predicts there will be an increasing occurrence of IT teams embedded with business teams. “This will increase alignment and transparency, ultimately driving better results for the organization,” he says.
Hill agrees, adding it will also be important for organizations to facilitate sharing hierarchical structures. “Rather than focus on prioritizing projects, increasingly the CIO is going to have to prioritize resources,” she says. “Your cloud engineer is going to have to move around from one computing team to another.”
That requires orchestrating multiple initiatives going on simultaneously to figure out what phase they are in and how those in-demand talent resources can be shared most effectively.
“You may even find that your best AI person is in marketing and convince the chief marketing officer that they need to share that individual,” Hill says.
However, she points out that one of the limiting mindsets in many enterprises right now is the persistent theory of one person, one job, one manager.
“We need a pretty big mindset shift from the top on down,” she says. “Historically, you bring people together from different reporting lines, they work on something, but then they dissipate. Fusion teams may stick together more or come back together on a regular cadence — but that’s a big mental shift.”