Convergence isn’t optional: The new mandate for IT and security | Tech Radar

Overview

News, deals, reviews, guides and more on the newest computing gadgets

Start exploring exclusive deals, expert advice and more

Details

Unlock and manage exclusive Techradar member rewards.

Unlock instant access to exclusive member features.

Get full access to premium articles, exclusive features and a growing list of member rewards.

Convergence isn’t optional: The new mandate for IT and security

Combining IT and security operations within businesses

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Nytt DDo S-rekord (Image credit: Shutterstock / Zinetro N)

At a time when bad actors are weaponizing nearly 50 to 61 percent of newly disclosed vulnerabilities within 48 hours, modern organizations can no longer afford to let IT and security operate independently of one another.

Siloed security processes, which separate the identification, remediation, and reporting of vulnerabilities, create lag time that attackers can easily take advantage of.

We know change is already underway. As shared data sets become the norm, skill sets become increasingly aligned, and IT management platforms embrace workstreams that accommodate both IT and security needs, this persistent gap (one that’s long been a barrier to scaling resilience and a gate to operational efficiency) is beginning to close.

Why enterprise security now depends on independence, not upgrades

The Human Risk Reckoning: Why security must evolve for an AI-augmented workforce

The organizations that will win aren’t just the ones finding ways to tactfully merge IT and security operations. They’re the ones rearchitecting workflows that reinforce quick, intelligent action (from detection to remediation) and shared accountability. Let’s take a look at the tools and technologies enabling this shift.

For years, the basic swim lanes have been that security identifies risks while IT remediates them. While there are many variations, generally the functions have evolved with different tooling, different skill sets, different organizational structures, and more.

But that’s brought with it a natural separation of duties and perhaps more importantly, many innate inefficiencies.

Now, with growing complexity and cost pressure around technology, we’re all looking for ways to eliminate these redundancies. As a result, the lines of demarcation are blurring and we’re seeing more IT operations teams embrace roles that were historically held by security.

For example, operations teams are increasingly being tasked with identifying vulnerabilities to speed up patching cycles, rather than waiting on security teams to hand over vulnerability scans on a weekly or monthly basis (leaving too many known vulnerability windows open for bad actors to exploit).

Patching needs to happen alongside real-time risk context

For many people who have been in IT for a while, patch management has been the bane of their existence. While effective patching is one of the most important things we can do to protect our organizations, there are many factors that make it difficult to do so efficiently.

For starters, most patching still happens without real-time risk context. IT teams patch based on periodic scan data, often leaving out critical systems because they don’t have the full picture of which systems are most critical or exposed.

The four shifts reshaping Microsoft 365 security and resilience

Why traditional metrics are giving CISOs a false sense of security

When confidence becomes a risk: The gap between cyber resilience readiness and reality

This doesn’t just increase risk – it places a real operational strain on IT. Fixed, schedule-based patching processes force teams to work around predefined timelines, often leaving vulnerabilities exposed longer than necessary. Plus, multiple handoffs and disconnected tools are still slowing down remediation.

Teams waste valuable minutes, or even hours, exporting data and switching between tools when they should be acting instantly from the moment a vulnerability is found.

Automation can help with a lot of this, tightening the loop between vulnerability management (traditionally security’s domain) and patch execution (traditionally ITOps’ domain).

AI-driven features make it easy for IT and security teams to identify the most critical vulnerabilities first, apply updates in the safest order, and verify that they were installed correctly, while maintaining visibility across every step.

As a result, organizations see a dramatic reduction in remediation time, and a significant relief on resources that are already stretched to the max.

There's still a lot of room for IT and security to further converge, but it’s important to remember that when we’re talking about better aligning IT and security, we’re not just talking about combining tools or organizational restructuring (though that can certainly play a role in it).

The larger priority here lies in enabling both teams to collaborate more effectively across the board. Not just leveraging greater IT and security alignment to drive improved efficiencies, but also boost business outcomes, reduce exposure, lower potential business disruptions, and increase business agility.

As we look to the future and search for even more ways to close longstanding gaps between IT and security, the end goal is this: how do we replace reactive security postures with continuous, operationalized risk management that scales with organizations?

Especially as the threat landscape increases in both severity and complexity, making that shared vision a reality will require organizations to have a strong security foundation, continuous remediation, and shared accountability between IT and security.

This article was produced as part of Tech Radar Pro Perspectives, our channel to feature the best and brightest minds in the technology industry today.

The views expressed here are those of the author and are not necessarily those of Tech Radar Pro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/pro/perspectives-how-to-submit

You must confirm your public display name before commenting

1 The Samsung Galaxy S26 Ultra is 'the best Android phone ever' — and it's just hit a new record-low price at the official Samsung Store

2 This controller is one of the best I’ve ever reviewed, and works across PC, Switch, and phones — and it has a unique feature I haven’t seen bettered

3 Microsoft is fixing one of the most baffling things about Windows 11 — 'spam' in search results

4 Elon Musk's legal war with Open AI ends in utter defeat

5 Pools is a Backrooms-style walking simulator with no jump scares and no threats — but I was still terrified playing it

Tech Radar is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site.

Key Takeaways

News, deals, reviews, guides and more on the newest computing gadgets
Start exploring exclusive deals, expert advice and more
Unlock and manage exclusive Techradar member rewards
Unlock instant access to exclusive member features
Get full access to premium articles, exclusive features and a growing list of member rewards