Bridging the ‘IT, security and developer’ divide to deliver innovation at speed

Customer experience is the single most important commercial focus for businesses today. And it’s the rapidity of being able to deliver this experience that’s setting successful companies apart. Delivering quality, innovative and secure products and services, at speed, is the great differentiator in attracting and retaining customers, and in responding to market demands.

Today, almost regardless of company size or market sector, this is dependent on an organisation’s technology teams – IT, security and developers – being aligned and working together. If this relationship doesn’t work; if developers are shackled in their creativity; if applications leak customer data; and if the infrastructure and platforms aren’t resilient, the business threat is very real. It can bring damage to reputation, legal and compliance issues, demotivated staff and retention challenges, and an inability to compete.

Security, in particular, needs to deliver for and align to the rest of the business. Modern, distributed organisations now need security to be ‘put everywhere’ – not just built in, but built differently. Built for the accelerated, post COVID-19 sprint towards digital transformation that has also rapidly expanded the threat landscape.

Yet, the extent to which the relationship between security, developer and IT teams needs to improve is significant. According to our new research with Forrester, 61% of IT teams and 52% of developers currently consider security a roadblock to their innovation, while just one in five developers even understand which security policies they are expected to comply with. Senior leaders are more focused now on development and security relationships, but one in three are still not effectively collaborating or taking strides to strengthen them.

Where does the disconnect lie? Why do the negative relationships persist, and where does security sit within this scenario? What needs to change to ensure security is prevalent across the business, to drive innovation, control and ultimately customer success?

How to unlock data silos and unleash innovation

Ian Fairclough, vice-president of EMEA customer success at MuleSoft, discusses how data silos can be unlocked in order to unleash innovation. Read here

Change the conversation

A lack of common goals between security, IT and developers has long been an issue, one being exacerbated by the potential complexity of today’s multi-cloud, modern app world. Our recent study reveals that teams are not all aligned to customers, with the number one priority for IT and security teams being operational efficiency (considered most important by 52% of both respondent groups). In contrast, development teams prioritise improving the user experience (50%) – which is only fourth for IT and security teams, while preventing security breaches is second for both IT and security, yet only fifth for developers.

This lack of alignment is perhaps understandable – developers tend to be slightly siloed, in that their priority is the end customer. Their success, typically, is rooted in building an attractive application, as quickly as possible, to position the business as first to market: creating the next big thing and doing it before anyone else. Once there’s a product that works, then the security of it becomes a focus. This is now accepted as too late in the day.

But even this raises more questions than it answers, principally the question of a common language. The ‘user’ of a developer, for example, is the end customer – where the revenue comes from – whereas the user for IT and security is traditionally considered internal. And crucially, ‘security’ means significantly different things to these three teams. To developers, it’s security of application code (code bugs) and supporting secure communication protocols (HTTPS everywhere) ; to IT it’s the security of the infrastructure and lifecycle development; to the business security means the safety of staff, the building they work in, and the protection of data. So, it’s not just that priorities are misaligned, it’s that the fundamental terminology with which these priorities are even talked about, doesn’t translate across the teams. The conversation on alignment isn’t just overdue, it’s being discussed in different languages within the business.

Security’s perception problem

Then there’s the perception of security, which is still considered a barrier to developers and IT in organisations. For many, it’s still not embedded enough within the business, neither in terms of people nor technology. This results in over a quarter of developers not being involved at all in security policy decisions, despite many of these greatly impacting their roles.

We need to move from this towards a scenario where security as a technology is thought of differently. It is there to support the brand, build trust – among employees, customers – and optimise app delivery. It’s there to eliminate the false choice between innovation vs. control.

So, rather than the ‘security afterthought’ moment of application development mentioned earlier, where the function is seen to swoop in to fix breaches and leaks or ‘get in the way’ of innovation, greater collaboration is needed. This can help security become ever-present yet invisible within the organisation. It must no longer be considered a specialisation, but be rooted in the innovation lifecycle from the very outset. And, crucially, it must be recognised as part of the customer experience. After all, you can have a beautiful car that delivers fantastic performance, looks amazing and is cost effective – but if the brakes don’t work, it’s not fit for purpose.

WIT Summit Canada — future-proofing security and talent

The second part of our WIT Summit Canada coverage covers panel discussions around future-proofing security, and hiring talent for the future. Read here

A path forward

When it comes to realising this change, it needs to start at the top. Who is the chief decision maker for security, IT and developers? The reality is this varies wildly; different reporting lines, different lines of business, different levels of representation at a board level. Security was always aligned to IT. But should we now be seeing a shift in its priorities towards developers, away from firewalls to secure app building – as the latter becomes a strategic driver of business innovation? It’s currently a wild west of ownership, fuelling the lack of strategic alignment between these teams.

Aligning the priorities, under the responsibility of a single seat at the table – a Digital Transformation Officer or similar – will be vital in bringing the teams together in vision, strategy and execution. It will encourage the sharing of, and alignment on, KPIs. And it will help empower these teams to collectively sell within the business – to get funding, to convince their internal customers to engage with products and solutions, and to change the dynamic from responding to change to proactively driving it.

This will help drive a cultural shift. It isn’t simply an education process, of bringing the teams together in terms of language and understanding; it’s a change where the teams are united in pursuit of a common priority: customer focus. The principles of something like Total Quality Management (TQM) can help make this real – a systematic approach to delivering long-term success through customer satisfaction. TQM begins with customer focus, and then moves through principles including total employee involvement, process thinking, continual improvement, fact based decision-making and communications. The function of security in particular could align itself more here, to ensure it’s better embedded in the development lifecycle driving business forward. Ultimately the operation behind the development and deployment of applications has grown up, now security needs to do the same.

Towards a future state

The good news is there’s recognition that shared team priorities and engagement is the way forward. More than half (53%) of respondents expect security and development teams to be unified two-three years from now, and those that believe obstacles prevent this unification are set to reduce from 49% to 28% in the next few years. 42% expect security to become more embedded in the development process in two-three years’ time, and there’s a broader acknowledgment that cross-team alignment empowers businesses to reduce team silos (71%), create more secure applications (70%) and increase agility to adopt new workflows & technologies (66%).

There’s also recognition that security is so much more than just an insurance policy. It can empower development teams to accomplish their goals in the most secure and successful ways rather than hindering innovation and creating security hurdles to bypass.

Continuing and accelerating this progress needs to be a priority for the leaders of business. The relationships between these three teams have a major impact on organisations, and their alignment delivers more resilient apps, greater responsiveness to market conditions, and continuous compliance. Yes, security needs to rethink its processes to further embrace the teams it supports. But IT, security and developers must all come together in support of a ‘future state’; one where customer focus, powered by a systematic approach and senior ownership, unites the technology teams and empowers them to drive the business forward.

Written by Scott McKinnon, principal security architect at VMware EMEA

Editor's Choice

Editor's Choice consists of the best articles written by third parties and selected by our editors. You can contact us at timothy.adler at