“Where does security fit in bi-modal IT departments?” asks Mary K. Pratt on CSO Online. She explores the question with IT leaders from a handful of organizations, opening her discussion by noting:
“The bi-modal idea has its benefits and its pitfalls but the determination seems to come down to the size of the enterprise. In the mid to smaller companies, there is not the luxury of splitting the security group out into subgroups. In the bigger companies the question becomes where do the security folks belong.”
Though the CIOs she speaks to take different approaches to managing bi-modal or two-speed IT, they generally agree on two points:
1) It’s best to perform both speeds or modes of IT–innovation and operations–in one centralized group, rather than two separate teams where the innovators “throw things over the wall” to operations as applications are developed.
In this structure, the same individuals work on both innovation initiatives and day-to-day operations tasks, though overall a greater share of time is spent on operations, and employees vary in how much time they spend on each type of work.
2) Security has become so important, as cyber threats have multiplied, that it must be baked into new projects, not added later as an afterthought. Ultimately though, security “should sit in operations.”