Choose your language:

Hong Kong
New Zealand
United Kingdom
United States

The Role of IT Security Evolving

Information technology has not stayed static over the past few years. New types of solutions have changed the way IT departments work. New hardware and software and their accompanying processes also brought new security risks to companies. IT leaders using plans designed circa-2000 will be poorly equipped to face the latest challenges.

Business leaders must keep in mind some new dynamics which are purely technological as well as issues deriving from new modes of operation. There are many different regulations in place to keep firms safe from outside forces. While these rules serve as an instructive way to begin designing defense strategies, complying with them can be challenging. They are constantly changing and evolving, and keeping up represents its own complicated issue. Merging two or more firms can also cause confusion regarding the combined entity’s security profile. On top of these worries, new tech ideas like the cloud and mobility have muddied the waters further.

The answer to these IT concerns begins with the employees themselves. An effective approach to security improvement starts with the people who carry it out. Every step of the staffing process has an effect. This means it is crucial to recruit top talent, deeply knowledgeable in their field, to lead and support new security plans.

Coping with regulatory compliance

Businesses face a variety of laws and rules, varying by industry and location. Legislation has changed and evolved over time. Coping with these rules is an ongoing challenge, requiring organizations to stay constantly aware of the status quo. This is especially true in fields like banking and healthcare, where privacy and identity theft can accompany technological progress. There must be constant discussion of new breakthroughs and revised legislation if organizations using online banking or electronic health record systems hope to properly manage them.

Businesses have to cope with regulations that exist side-by-side, navigating the complexities they present. For example, healthcare providers must heed multiple sets of laws regarding their use of patient data. Discovering which rule applies in certain situations can be confusing and require a highly specialized understanding and training background.

Workers have demonstrated some apprehension about their ability to make regulatory compliance strategies work. According to a study conducted in 2011 by the ISACA (formerly the Information Systems Audit and Control Association), assuring compliance with various laws governing their industries is the most pressing tech concern for IT managers.

The research organization found that there are a number of major needs surrounding this uncertainty. Employees expressed the need for new solutions to separate work groups and monitor individual roles.

Workers were largely uncomfortable with keeping personally identifiable information both safe and accessible, with over three-fourths of [ISACA report] respondents rating that process either somewhat or very important.

Keeping some staffers highly informed of new data and concealing it from others is an involved process that calls for automation. The need for new technology means users must be trained and confident. A security solution that no one on staff can adequately use is at best a waste of capital and at worst a possible enabler for a false sense of security.

The ISACA report found several different elements of compliance particularly occupied the minds of respondents. For example, the workers were largely uncomfortable with keeping personally identifiable information both safe and accessible, with over three-fourths of respondents rating that process either somewhat or very important. Separation of duties was an even more popular topic of concern, with over 80 percent of surveyed employees finding it either somewhat or very important.

Concerns following mergers and acquisitions

Making sure security is solid and every rule is obeyed can be confusing and difficult at the best of times. There are many situations that can complicate things significantly, including the process of a merger or acquisition. Combining two different systems can bring together competing philosophies or competencies built up to cope with wildly different regional restrictions. Reconciliation of these issues must occur promptly, as cybercriminals move quickly and are unlikely to miss an opportunity.

Learning different processes across borders could be a troublesome experience for security professionals. After all, these workers have been trained to learn the ins and outs of one set of laws. Suddenly facing a new set of challenges could be shocking without the proper refreshers and retraining. By the same token, a firm may take on a new line of business, leaving executives unsure how to proceed. A combination that made sense in the boardroom may be more troublesome at ground level, but IT professionals will be expected to adjust accordingly.

The chain of command may not make it through the merger in one piece, either. With two groups of employees working away at security duties, companies may lack direction. Workers used to the old way of doing things may be blindsided by the new, and the assumption that another person has done something may lead to mutually lax security policies. Proper situational awareness is vital here, and it may take new training to get everything on track.

A combination that made sense in the boardroom may be more troublesome at ground level, but IT professionals will be expected to adjust accordingly

Breaking habits could be an important part of this training. Getting each worker to subscribe to a new central standard is both an excellent chance to impose some unity on the newly assembled group and patch any holes that unwittingly existed as a result of the previous set of rules being replaced. A strong training program, assembled with a full understanding of what the combined company really needs, is the necessary beginning of the new grouping, one that ensures the combined firm will not immediately stumble in the security space.

Educating the workforce in new regulations is extremely important in the current IT age. IT is no longer restricted to a few cloistered workers. Nearly everyone working at major companies uses more advanced technology daily than ever before. Making sure the operation and management of those devices is standardized and appropriate is an important priority when two companies merge to form a new entity. In fact, with the rapid pace of development taken into account, it is probably a good practice to refresh policies occasionally even under normal circumstances.

Modern tech concerns

Some of the new tech innovations that have brought employees together can bring security risks of their own. For example, cloud computing and mobile device use have become increasingly important over the past few years. In fact, these options form such a central cornerstone of agility and convenience that some employees will insist on adopting them and disregard security policies that prohibit doing so. This is known as “rogue IT,” and it presents a variety of issues.

Boosting the number of endpoints in a given ecosystem is an open invitation to hackers. Doing it through a diverse group of solutions, all from different providers, creates another challenge for IT teams, especially when implementation takes place behind administrators’ backs.

Possible solutions

When companies come up against the confusion bred by a merger or even an obscure legal regulation, they need to find a way to cope with it quickly, especially with today’s tech adoption trends presenting their own pressing issues. This can mean looking outside of the corporate walls and calling in a third party. Such partner firms focus on staffing needs and specialize in preparing companies for whatever demands their industries may present. It could be far easier to stay secure with such help.

Third parties can evaluate the elements a company already has in place to defend itself. From there, the inspectors can single out the needs the firm must address to reach compliance and overall safety. Taking those points as guideposts, the partner company can help leaders lay out a framework and a roadmap to success and implement the various steps that lead to its completion.

There are three different options opened by these relationships. Companies can invest in training programs for their existing staff, augment the team with new hires and revised policies, or bring in a team of outsourced experts to head up the defense of their vital systems and departments. Each of these options attains the same basic goal—a workforce better equipped to deal with any threats that may present themselves. Which one is right for a particular company is based on budget considerations, the size of the company and the industry in question.

A [staffing] company can help leaders lay out a framework and a roadmap to success and implement the various steps that lead to its completion.


Going it alone in the modern IT security world simply invites trouble. With a number of factors combining to derail companies’ efforts, they could be well served by a plan drawn up by a third party. Staffing is the crux of the issue. Employees prepared to deal with the challenges presented by their environment can cope with and adapt to changing circumstances. Those without the proper knowledge and expertise are easy targets.

The regulations surrounding companies are there to guide them to safe practices; however, flawed comprehension of them could present its own problems. Merging is a natural part of business evolution, but it could be fraught with confusion. Shunning new tech developments could leave companies trailing their rivals, but pressing ahead holds its own risks. Bringing in help to navigate this contradictory environment could help companies get through unscathed.

Sources consulted ResearchDeliverables/Pages/Top-Business­Technology-Issues-Survey-Results-2011.aspx

About TEKsystems®

People are at the heart of every successful business initiative. At TEKsystems, we understand people. Every year we deploy over 80,000 IT professionals at 6,000 client sites across North America, Europe and Asia. Our deep insights into IT human capital management enable us to help our clients achieve their business goals – while optimizing their IT workforce strategies. We provide IT staffing solutions, IT talent management expertise and IT services to help our clients plan, build and run their critical business initiatives. Through our range of quality-focused delivery models, we meet our clients where they are, and take them where they want to go, the way they want to get there.

TEKsystems. Our people make IT possible.