Communications between cybersecurity teams and general IT teams leaves some room for improvement at some organizations. More than a third of those surveyed in a recent poll indicated there was a communication problem.
That’s among the findings of the 2022 State of ITOps and SecOps report, based on a survey of 149 IT pros and conducted by InformationWeek. [Download the free and full report here. Requires site registration.]
But to be fair, nearly half of the respondents said “The two staffs communicate well and are well aware of what each other are doing.”
How ITOps and SecOps Have Evolved
That seems more important than ever in this post-crisis pandemic environment. It’s been more than 2 years since COVID first appeared and caused lockdowns and work-from-home for much of the workforce. Today many are headed back to the office, but the changes over the past few years are enduring.
How did the pandemic and pivot to work-from-home impact the operations of cyber security and IT teams?
On the positive side, 77% of IT and cybersecurity pros rated their security operations in response to the work-from-home movement as either effective or highly effective, according to the survey. Many organizations said they didn’t experience any changes at all because of the massive upheaval in how many organizations operated. For instance, 19% said that they experienced fewer intrusions than expected. The only significant issue was that 27% found it more difficult to enforce their compliance polices, according to the survey and report.
Most importantly, teams seemed to be doing a better job of detecting potential security breaches. For instance, 44% of the respondents said that the security team is most likely to spot problems first — an increase from 39% in 2021 and 36% in 2020.
IT Takes Over More Responsibilities
The biggest change in IT operations and cybersecurity seems to be that general IT is taking over more responsibilities and tasks that the security team used to handle, according to the report.
For instance, in 2021 19% of security teams were responsible for storage and archiving, but that number fell to 9% in 2022. More IT teams also took over a number of tasks previously performed by cybersecurity such as patch management, router configuration, end user identity, firewall configuration, and disaster recovery.
IT operations are also more likely to be in charge of ensuring security controls for network, cloud and application service providers than they were in the past, according to the survey.
“These days security is the responsibility of everyone in IT, not just the cybersecurity team,” the report noted.
More Stable Trends
In spite of all the shifts, some things have remained the same. For instance, cybersecurity’s role in the application development process has remained stable over the past few years. Also relatively unchanged is the answer to the question of who remediates security issues — pretty evenly split between IT and security teams.