A recent Twitter discussion I read led to a simple poll that asked people the following: If your IT team won’t pick up the tab for an asset management solution, should the security team pay? Answers were fairly split down the middle, but it made me think about a larger issue we face in the enterprise today: How do organizations even get to that stage at all? Arguing over who should pay for, and ultimately manage, a core functionality in a company is a perfect example of the massive gap between security teams and IT operations. The gap is real, it is measurable and it is not getting smaller in most workplaces.

In order to close this widening gap, it cannot be ignored. A lack of cooperation and synergy between the two teams will increase the risk of an incident turning into a catastrophic fire. If security and IT teams are operating in their own worlds and using their own tools that don’t interact, one side may potentially be holding onto key information that could be instrumental in discovering suspicious activity. As it stands today, the dynamic between many teams is tepid at best and antagonistic at its absolute worst.

I find that both security and IT professionals share the blame, though. Many verticals attract specific skills based on their unique needs. For example, the financial sector has a large number of security professionals who are deep experts on governance and compliance but may have limited experience on the operational side of things. This can lead to misunderstandings and an inability for each team to really see eye to eye on specific issues. What stems from these misunderstandings is the never-ending round of heated finger-pointing with teams attempting to subvert the other in order to meet their own goals.

Now, it’s not all doom and gloom. At the same time, we want to assume the best intentions. It stands to reason that everyone wants to do the right thing and do what’s best for the organization, but we often get mired in the minor details and forget about the big picture — and that big picture should be protecting employees, the company, its assets and its critical data. Looking for common goals and common ground should be among the highest priorities for both teams to move toward better interoperability. Both sides of the fence should have a core set of goals that they agree on, including these basic tenets:

• Have a complete picture of your entire IT infrastructure and visibility of every asset. Every endpoint, access point, switch, server and cable should be known and mapped.

• Retain the ability to monitor both privileged account activity and any attempts to elevate normal user privileges beyond their expected levels.

• Develop a method to both assess the vulnerability status of devices and deploy patches in a timely manner.

• Understand which assets in your organization are the most critical (C-suite endpoint devices, core servers, etc.) and provide those assets with sufficient monitoring.