Is a Culture Clash Risking Your Security?

Download the authoritative guide: Cloud Computing 2018: Using the Cloud to Transform Your Business

Share it on Twitter  
Share it on Facebook  
Share it on Google+
Share it on Linked in  
A clash of cultures between different security factions within the same company is putting security efforts at risk, according to a new study.

A trio of corporate security groups -- or silos -- is responsible for safeguarding a company's information, financial resources and people. Getting those groups to work together is a problem that, if overlooked, could put all three in jeopardy, says Tom Cavanagh, a senior research associate with The Conference Board, a non-profit research group with 2,000 corporate members.

The three groups -- physical security forces, IT security and financial risk management executives -- are at the heart of the problem.

''Increasingly, the security field is seeing a lot of convergence of different disciplines, but it's been tough to pull everything together,'' says Cavanagh. ''The people in the various silos have a tough time communicating with each other... And the failure to share information can have devastating consequences.''

Cavanagh says the problem is one of culture. Think back to high school and how the different 'clicks' looked down on one another and wouldn't be caught actually speaking to the other. The corporate scenario isn't all that different.

The people in charge of keeping corporate buildings and employees safe are thought of as the cop wanna-bes. The IT workers are considered to be the geeks. And the risk management executives are the bean counters in the suits. None are very flattering images, and they're detrimental to building a sense of team work.

''To effectively manage their total security needs, companies must bridge this clash of cultures and create a common frame of reference for this function,'' says Cavanagh. Walling off assets produces silos on the organization chart, and it also produces a culture in which vital information may be hoarded rather than shared.''

If the physical security people aren't communicating with the network security workers, they might, for instance, miss clues that someone is approaching employees outside the building and tricking them into divulging information that would help them to hack into the network. This kind of social engineering is best fought by a multi-tiered approach.

And for that, companies need their security people communicating with each other.

To make that happen, Cavanagh says there is no magic bullet. Just drag them all into the same room.

''It's about bringing them to the table,'' he adds. ''It's getting them to share information, but it's pretty darn challenging... You can sit them down together but that doesn't mean they'll understand each other.''

To that end, Cavanagh says someone needs to oversee the meeting to make sure that no one is talking in jargon -- especially the IT folks. Speak using words that everyone at the table -- cop, geek and bean counter alike -- will understand. Look for common problems and tackle them together.

But don't expect this culture clash to clear up overnight, warns Gordon Haff, an analyst with Illuminata, an industry research firm based in Nashua, N.H.

''This has been a long-standing issue,'' says Haff. ''It's no surprise to anyone that physical security isn't particularly integrated with IT security... It's sort of motherhood and apple pie to say that everyone should just communicate.''

But Haff adds that starting the conversation is the only way to begin the process mixing these cultures, breaking down the stereotypes and ultimately making companies more secure.

Submit a Comment

Loading Comments...