Who is the decision maker for security, IT, developers?

Scott McKinnon, Principal Security Architect, VMware EMEA.
Scott McKinnon, Principal Security Architect, VMware EMEA.
by
3 years ago

Customer experience is the single most important commercial focus for businesses today. And it is the rapidity of being able to deliver this experience that’s setting successful companies apart. Delivering quality, innovative and secure products and services, at speed, is the great differentiator in attracting and retaining customers, and in responding to market demands.

Today, almost regardless of company size or market sector, this is dependent on an organisation’s technology teams – security, IT and developers – being aligned and working together.

A lack of common goals between security, IT and developers has long been an issue

Security, in particular, needs to deliver for and align to the rest of the business. Modern, distributed organisations now need security to be put everywhere – not just built in but built differently. Built for the accelerated, post Covid-19 sprint towards digital transformation that has also rapidly expanded the threat landscape.

Yet, the extent to which the relationship between security, developer and IT teams needs to improve is significant. According to recent research with Forrester, 61% of IT teams and 52% of developers currently consider security a roadblock to their innovation, while just one in five developers even understand which security policies they are expected to comply with.

Development teams prioritise improving the user experience 50%, which is only fourth for IT and security teams

Senior leaders are more focused now on development and security relationships, but one in three are still not effectively collaborating or taking strides to strengthen them.

Where does the disconnect lie?

A lack of common goals between security, IT and developers has long been an issue, one being exacerbated by the potential complexity of today’s multi-cloud, modern app world. The recent study reveals that teams are not all aligned to customers, with the number one priority for IT and security teams being operational efficiency considered most important by 52% of both respondent groups.

In contrast, development teams prioritise improving the user experience 50%, which is only fourth for IT and security teams, while preventing security breaches is second for both IT and security, yet only fifth for developers.

This lack of alignment is perhaps understandable – developers tend to be slightly siloed, in that their priority is the end customer. Their success, typically, is rooted in building an attractive application, as quickly as possible, to position the business as first to market: creating the next big thing and doing it before anyone else. Once there’s a product that works, then the security of it becomes a focus. This is now accepted as too late in the day.

The recent study reveals that teams are not all aligned to customers

But even this raises more questions than it answers, principally the question of a common language. The user of a developer, for example, is the end customer – where the revenue comes from – whereas the user for IT and security is traditionally considered internal. And crucially, security means significantly different things to these three teams.

To developers, it’s security of application code and supporting secure communication protocols HTTPS everywhere; to IT it’s the security of the infrastructure and lifecycle development; to the business security means the safety of staff, the building they work in, and the protection of data.

The number one priority for IT and security teams being operational efficiency

So, it is not just that priorities are misaligned, it is that the fundamental terminology with which these priorities are even talked about, does not translate across the teams. The conversation on alignment is not just overdue, it is being discussed in different languages within the business.

When it comes to realising this change, it needs to start at the top. Who is the chief decision maker for security, IT and developers? The reality is this varies wildly, different reporting lines, different lines of business, different levels of representation at a board level. Security was always aligned to IT. But should we now be seeing a shift in its priorities towards developers, away from firewalls to secure app building – as the latter becomes a strategic driver of business innovation? It’s currently a wild west of ownership, fuelling the lack of strategic alignment between these teams.

Aligning the priorities, under the responsibility of a single seat at the table – a digital transformation officer or similar – will be vital in bringing the teams together in vision, strategy and execution. It will encourage the sharing of, and alignment on, KPIs.

It is currently a wild west of ownership, fuelling the lack of strategic alignment between these teams

And it will help empower these teams to collectively sell within the business – to get funding, to convince their internal customers to engage with products and solutions, and to change the dynamic from responding to change to proactively driving it.

The good news is there’s recognition that shared team priorities and engagement is the way forward. More than half 53% of respondents expect security and development teams to be unified two-three years from now, and those that believe obstacles prevent this unification are set to reduce from 49% to 28% in the next few years.

Forty-two percent expect security to become more embedded in the development process in two-three years’ time, and there’s a broader acknowledgment that cross-team alignment empowers businesses to reduce team silos 71%, create more secure applications 70% and increase agility to adopt new workflows & technologies 66%.

There’s also recognition that security is so much more than just an insurance policy. It can empower development teams to accomplish their goals in the most secure and successful ways rather than hindering innovation and creating security hurdles to bypass.

Preventing security breaches is second for both IT and security, yet only fifth for developers

Continuing and accelerating this progress needs to be a priority for the leaders of business. The relationships between these three teams have a major impact on organisations, and their alignment delivers more resilient apps, greater responsiveness to market conditions, and continuous compliance.

Yes, security needs to rethink its processes to further embrace the teams it supports. But IT, security and developers must all come together in support of a future state; one where customer focus, powered by a systematic approach and senior ownership, unites the technology teams and empowers them to drive the business forward.


Security was always aligned to IT, but should we now be seeing a shift in its priorities towards developers, away from firewalls to secure app building.

Don't Miss

Ed Hoppitt, Director Apps and Cloud Platforms, VMware EMEA.

Removing stereotypes around application developers

Professional stereotypes exist in all industries. Investment bankers in sharp suits, advertising