Study: Lack of Coordination Leads to Enterprise Security Gaps

Most people would think that IT professionals and security professionals at an organization would be on the same page when it comes to protecting the company’s assets. Well think again, according to a recent survey by BMC and Forbes Insights, which found that there are gaps between how these two teams coordinate efforts that are putting the company in danger security-wise.

The study—“The Game Plan for Closing the SecOps Gap”—found that 44 percent of security breaches occur even when vulnerabilities and the way to fix them have been identified. What’s more interesting is why this is the case, according to 33 percent of the more than 300 executives from around the globe polled in the survey. Respondents said it is often challenging to decide which systems to patch first because security and IT operations teams have different priorities.

Moreover, these two teams seem to be locked in a classic case of misunderstanding, as 60 percent of those polled said that the IT operations and security teams have only a general or small understanding of each other’s requirements, according to the survey.

This is troubling for enterprises, as the collaboration of these two teams ultimately determines the strength of a company’s security posture, BMC said in a press release. The fact that the goals of these two groups are out of sync is a problem that must be solved, said Bill Berutti, president of the cloud, data center and performance businesses at BMC, in the release.

“To discover, prioritize and fix vulnerabilities quickly calls for improved coordination between the security and IT operations teams,” he said. “Narrowing the SecOps gap is critical to protecting an organization’s brand and also ensures customer confidence in the ability for the business to protect its information.”

At this point, however, enterprises don’t seem too interested in solving this issue, as nearly half said they don’t have a plan in place to improve coordination between IT and security operations, according to the survey.

BMC and Forbes Insight have provided a number of recommendations in the report to inspire companies to get moving to change this situation. They include the creation of cross-functional working groups to share security, compliance and operational concerns that meet regularly to build loyalty and trust.

The companies also recommend the development of collaborative workflow processes that smooth interactions of security, IT operations and compliance personnel, as well as the replacement of error-prone manual processes with intelligent compliance and security platforms that automate the testing and rollout of security patches and provide centralized information management tools.

For the report, Forbes Insight surveyed 304 executives from a range of industries in North America and Europe—with half in each region–in the autumn of 2015. All respondents were from companies with at least $100 million in annual revenue; 27 percent were from companies with revenue between $1 billion and $5 billion, and 23 percent had revenue of $5 billion or more.