From Police to Partner: The Changing Role of IT

December 12, 2014
160 Views

IT securityWhen evaluating business applications, the average non-technical employee probably knows as much about security and compliance as he does about modern art.

IT securityWhen evaluating business applications, the average non-technical employee probably knows as much about security and compliance as he does about modern art.

As an IT professional, it’s your job to equip employees with the tools they need to get their jobs done while policing to make sure all solutions meet security or compliance requirements for the business. Managing employees is especially important with the emergence of BYOIT and as new web-based services gain traction in consumer and business markets — you don’t want them to circumvent your policies when they use their favorite tools, after all. 

But how do you get employees on board when you can’t lock them down anymore? You must adopt a new role that strikes a balance between employee needs and preferences and security. You have to become a “partner.”

The security of your organization depends on the tech aptitude of all employees — they’re on the frontline. But to work with you, employees must trust that you can and will find tools that fill their needs, not just satisfy corporate security standards. This means being flexible and even incorporating safe usage of services they already use. IT should essentially serve as the curator of devices, platforms, and applications to ensure an organization operates smoothly and securely to meet its goals.

Trade in Your Police Badge

A successful alliance between you and employees ultimately protects company and client data and keeps employees happy and efficient, which is crucial to your organization’s health and reputation. Here are four things you need to effectively become a partner rather than a policeman, while maintaining a secure company infrastructure:

1. Understand the Company’s Goals and Departmental Objectives  

Defined objectives drive a company forward and should be the basis for all departmental goals. IT is really the force that connects all facets of the company, facilitates both internal and external communication, and focuses on innovation for future growth.

As IT works on company-wide solutions, sometimes there are required compromises that don’t meet the ambitions of every department or team. Individual departments also have unique needs and want to acquire specific applications or services quickly to address them, often leading those departments to bypass IT to expedite the project.

You must maintain a flexible infrastructure that enables and accommodates this type of rapid innovation to keep your business competitive. By being involved in the conversation from the start and guiding the solution or service decisions, you can find secure and viable options that enable the business’s growth and agility with end-to-end IT solutions.

2. Ensure Proper Security Measures

The way cloud apps and file services store data can be risky — they become data islands that house information you can’t see. This can lead to issues because you’re not aware of the full extent of the data’s footprint. You should try to always be aware of what data your cloud app providers are creating, collecting, and storing. It’s also important to know where that data resides physically to protect your company and make sure the provider meets any regulatory requirements.

You’re responsible for ensuring that your data is secure. Information must be encrypted in transit and at rest, and encryption keys need to be securely managed and stored separately from the files themselves. If you’re vetting potential cloud vendors, you have to make sure that the vendor is compliant with any industry standards and regulations that apply to your company and that reputable businesses from your industry have worked with that vendor. 

As a partner, you also need to teach department leaders and employees how to perform due diligence on the apps used. If an app doesn’t meet your security specifications, work with that department to find secure alternatives that meet its needs and your security requirements. 

By vetting applications for security and compliance, you curate attractive alternatives for employees to use. For example, instead of forbidding file sharing, you can find appropriate alternatives that meet your storage and data treatment requirements and still address the practical needs of the business. 

3. Provide Convenience

The key to technology adoption is convenience. Confusing and time-intensive policies and tools fail quickly because many employees simply won’t use solutions if they interfere with daily productivity. In fact, BYOIT allows employees to get around policies and processes that are too cumbersome.

Convenient tools like SSO allow employees to accomplish their goals without interfering with their job or daily routines. They add value rather than providing more obstacles. 

For example, an SSO portal can serve as a gallery for vetted and secure applications. You can create collections of applications appropriate for different departments or roles. Recommendations from employees can be researched and tested by IT and added to the collection if they’re deemed secure. 

You can also establish effective password management policies and tools to make sure employees can get to the entire collection of apps needed without having to remember different passwords for each app. By adding strong two-factor authentication to the SSO portal, IT can make these applications both available and secure.

4. Create Visibility

Visibility is necessary for monitoring compliance and security checks. It’s also critical in evaluating how efficient IT spending actually is. By creating and providing a system to manage the external cloud-based apps and file services that are used across your organization, you gain transparency. Identity access management solutions, which are often included in SSO tools you can employ, allow businesses to manage and secure logins. This enables IT to track which employees have access to what information, when they access it, and from what device.

As an IT partner, you can enable employees to choose appropriate solutions, work with them to ensure these solutions are safe, and encourage employee accountability. By forming strong relationships with departments and employees, you encourage collaboration and make yourself part of the solution instead of a roadblock. You might not be able to grant every request, but engaging in these conversations helps you understand the business needs of each department and helps each department understand what solutions could best suit its corporate needs. 

IT pros used to be seen as a group of hall monitors who focused on outdated business software while restricting the usage of all the “fun” and “actually useful” stuff. But when IT is viewed as a partner, you’re protecting everyone from harmful security breaches, ensuring data security compliance, and supporting company goals while making it easier to for employees to get their jobs done. 

IT security / shutterstock