Why should IT and cybersecurity be treated separately?

For companies, the separation of IT and security, i.e. classic IT and security functions, is a key issue in 2024. Experience has shown that compromises in IT operations and development are often compromised in order to increase efficiency and speed, which involve serious operational and business risks.

D. Our colleague István László, head of the Cybersecurity division of United Consult (UC), recently submitted a professional discussion post to the LinkedIn-side. He wondered what industry players, experts and company executives thought about traditional Separation of IT and security areas. Our colleague suggested that all this can help to avoid compromises that hide security risks, since “independent” security experts solve tasks with greater objectivity.

Separated from traditional operations and development projects, managed security service providers (MSSPs) provide flexibility by providing the right expertise and resources to address the various security challenges facing companies. D. According to István László It is now essential that the boundaries between IT and security are clearly visible, yet still be able to work together.According to our colleague, this way, it is possible to guarantee that security aspects prevail, while maintaining effective IT systems and processes.

Positive industry experience

Our colleague, as well as other specialists who contributed to his post, confirmed that in recent years more and more large Hungarian companies — where the appropriate infrastructure and expertise are available — there has been a separation of IT and security, and the organizational transformation has brought positive results everywhere. Speaking about the reasons, D. István László says:”When security is subordinated to IT, security considerations often fall into the background, as IT is primarily focused on fast solutions.”

Change, according to experts' experience, definitely requires a certain degree of organizational maturity and support from top managers. This is because it is important that the heads of the security units have a direct communication channel in the direction of management.

Of course, it often happens that security functions cannot or do not want to be solved in-house. This is when it comes to the fore MSSP-k's role, because - as the head of our cybersecurity business says - if there is a company that serves 15-20 customers, they already have the right expertise for all functions, and their people are able to deal with the most diverse problems flexibly and efficiently.

Financial barriers and resistance...

Although based on the above, there is no question that the separation of IT and security areas is becoming more and more timely for non-technology-heavy companies, experience shows that this is still hindered on several points. On the one hand, the lack of knowledge of decision-makers is a problem, on the other hand, financial constraints often appear, and thirdly, in many places even cyber protection is in its infancy.

For smaller companies and public institutions, separation is difficult to implement due to the lack of financial resources. Many times companies simply do not have enough resources to operate security as an independent unit, and in others it is not very reasonable to create such a division due to the low number of development projects.

”Not every company is worth maintaining its own security, but a service-based approach can work well: when you need it, you get the right people in the right quantity”, says in connection with the question D. István Laszlo.

The solution: MSSP!

Overall, it can be said that the separation of IT and security can increase the security of enterprise systems, especially in a large enterprise environment. The change in 2024 is not only timely, but essentially inevitable. However, in the case of smaller companies, all this is made difficult (or impossible) by financial and organizational constraints, in which case MSSPs are the ideal solution.

”The whole world has become cyberspace, and we are talking not only about office networks. You can access corporate systems from anywhere, and if they are not well set up, you face serious dangers. Various systems such as billing, logistics or CRM systems are already connected to external platforms such as Facebook or Instagram. The whole world has transformed, and it is no longer the traditional field of IT security” emphasizes D. István Laszlo. He believes that having clear boundaries between IT and security — while working closely together — guarantees the security of the company's technology and business processes, even in this fast-changing digital environment.

If you want to know more about the services of MSSPs and their benefits, look for UC's cybersecurity businessYour employees with confidence!

Author: United Consult