In the video below our CEO, Mads Pærregaard discusses the reality for many security departments today that it’s often local, non-security colleagues who own and implement your security policies.
What are the challenges of Decentralized Security?
This new reality can present significant challenges for security teams that have become isolated from the rest of the organisation. Symptoms of this include:
Security professionals talking in a language that the rest of the organisation doesn’t understand, using numerical evaluations of vulnerability or the capability of adversaries.
Processes that don’t take into consideration those outside the security team, and so are too complex or too dense to be easily implementable by non-security employees.
Little or no involvement of stakeholders early in the process of developing security policies, so when they are brought in there’s no buy in or ownership from them.
How can you approach those challenges?
To avoid these pitfalls, try to involve the local site staff as much as possible as early on in the process as you can. You want to transfer your skills and understanding to the people who work on site, so they are empowered to own and enact security policy.
This also involves building strong relationships within your organisation, so that other teams will have the confidence to reach out for support and backup when needed, before problems grow into emergencies. Ensure that the required actions are simple and easy for all to understand, and that the goals are simple and make sense.
The most important thing to remember is to always work to support the site’s operation and their goals.