Who’s Responsible for Data Protection in the WFH Era – IT or DevOps?

As data usage and applications continue to evolve, IT decision-makers need to reshape the protection and security strategy as per the changing needs of the organization. Here, Adrian Moir, Technology Strategist at Quest Software explains how companies need to rethink how they’re protecting their data and figure out exactly who is responsible for managing it in the new remote age – IT or DevOps.

Security aspects around data protection have lacked the attention it needs due to priority shifts caused by the COVID-19 pandemic, but when the average data breach costs a company an average of $3.86 millionOpens a new window , this needs to be a priority. 

With most companies extending the mandates for working from home well into 2021, it’s important they start reassessing their data protection strategy now. This massive shift in how today’s global workforce is structured is putting more emphasis on who within the business owns the data protection strategy – IT or DevOps teams. 

As a technology strategist, I’ve worked closely with companies of all sizes on their data protection plans to curb costly breaches. 

Here’s how to define the roles of IT and DevOps in relation to data protection and how the two can work together to strengthen an organization’s data protection strategy. 

Here’s a look at the new state of data protection in today’s remote world: 

• While it’s uncertain when the majority of workplaces will return to the office because of the global outbreak, the shift to remote working has exposed security vulnerabilities within organizations. 
• IT organizations within businesses need to restructure to account for the new risk and security variables that arise around fully remote working environments.
• Organizations need to be proactive about data backup and recovery, considering a new advisory from the U.S Department of the TreasuryOpens a new window impacting those looking to pay off ransomware attackers. It is more important than ever to make sure your backups are secure too.

Learn More: The Future of Data Protection in the Cloud

IT or DevOps: Rethinking Data Protection Ownership to Curb Costly Breaches

Before we identify ownership, let’s break down their roles:

What is IT Administration?

• Traditionally, these were all the technical roles within a company responsible for the running, upkeep, and protection of all the technology systems being used by the business. Often you will find team members with specialties and not often crossing the boundaries into other areas that the team manages.

What is DevOps? 

• This is a newer concept, evolving technologies and usability has created new platforms and a new definition of people who create, operate, support, and protect those new platforms and applications. There are no silos of responsibility, often teams are skilled across multiple disciplines. More often these teams work on solutions that are classed as being in Constant Innovation & Constant Development (CI-CD).

These roles differ based on what is required or classed within the separation of technologies, back office systems and infrastructure, or business application development and support. Both are essential to maintain an organization’s business and both must be cognizant of each other’s needs and requirements.

Learn More: How to Bridge the Divide Between DevOps and AppSec

Should the Two Groups Merge?

• The two areas, IT administration and DevOps need to work together and there will be several areas of overlap, security, and data protection that are going to be key. DevSecOps (Dev Security Operations) while with a potentially different purview from pure DevOps, is becoming the norm that security is the main pillar in any software delivery model that is innovating quickly. 
• The business overall should have a security policy in place. This may differ slightly between the roles of IT administration and Dev(Sec)Ops. However, neither should be static, they should always be evolving to meet the business needs and not others.
• Ownership is often something that is seen as a requirement, but it can lead to a trap of who owns what and who is responsible for what. It can cause a schism between the two teams, which overall is not desirable. While requirements may be different depending on the platforms, a collaborative effort is more likely to reveal efficiencies. A shared responsibility will allow the adoption of automation, continuous feedback to improve processes and making security standards to be at the forefront instead of as an afterthought. This is especially true in a Dev(Sec)Ops team, so why not leverage the knowledge into an IT administration team.
• Having a merger of talents between the IT administration and Dev(Sec)Ops teams can only result in an upside. With both understanding the needs of each other and the business they will be better placed to continuously adapt and change to meet new and evolving threats, sharing techniques, technologies, and methodologies. 

For companies rethinking their data protection strategies to meet the needs of today’s remote workforce, a key priority should be to ensure IT and DevOps teams are aligned and working together. When IT and DevOps are on the same page, companies can create a stronger data protection strategy and will have a sturdy stance against breaches and attacks.

Let us know if you liked this article or tell us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!