A more secure organization starts with stronger alignment between HR and the IT operation.

Keith Neilson, Technical Evangelist, CloudSphere

October 25, 2022

4 Min Read
Human resources concept art
Source: Aleksey Funtap via Alamy Stock Photo

A common shortcoming of human resources (HR) departments is that — despite being an operation designed to put humans at the center of how an organization is run — they often fail to adequately align with their IT counterparts and the core technology systems that define how a business is run and protected from cyber-risk.

Insufficient coordination between HR and IT processes and procedures remains common and gives rise to security gaps that can represent some of the most dangerous vulnerabilities on a company's attack surface. Let's examine the scope of the challenge and some key cyber-asset management priorities that can close the schism for a more robust cybersecurity posture.

Elevating HR's Role in Securing the Enterprise

Gone are the days when HR's role in securing the enterprise relied on basic tutorials for employees about protecting passwords on company equipment. Today's threat environment intersects with the workforce in more ways than ever — from BYOD and authentication gaps to user vulnerabilities that make spear-phishing seem quaint. Traditional social engineering attacks are now being augmented by zero-click exploits that compromise employee devices without the user ever having to click a link or take any action at all.

Beyond malicious threats, even routine HR processes can introduce risk to the organization when they're not adequately aligned with the IT processes in an organization. As just one example, when an employee leaves a company, the offboarding goes far beyond just the exit interview to also include removing access to multiple enterprise systems, accounts, and devices — all of which require close coordination between HR and IT personnel and systems.

To better secure the enterprise, it's mission-critical to get HR and IT more united in a common and advanced understanding of cyber hygiene and risk mitigation. This relies on enhanced awareness of the impact that HR processes have on cyber assets in other parts of the organization, as well as the HR role in access management for employees and contractors. This requires asset visibility that must be ongoing and in real time, since our roles, devices, and access to data and systems may change multiple times over the course of our employment.

Three Priorities for Better Cyber-Asset Visibility and Alignment Between HR and IT

Any lack of IT coordination across the many integration points and business systems involved in the HR operation creates risk for the company. There must be an effort toward more visibility and synergetic business processes to align HR operations with the organization's larger IT estate. Here are three priorities for achieving this:

  • Increase the data IQ among HR professionals: Data literacy among domain-specific business analysts is important, and that message needs to get louder within the HR community. The more HR professionals can understand the technology implications of their work, the more they can help protect the IT estate as their processes and policies play out in the workforce.

  • Fully integrate HR as a well-represented domain in the IT estate: Unison between the HR department and the IT department security relies heavily on the alignment of their respective business processes. Ideally, this integration should include predefined, HR-specific compliance frameworks within the cyber-asset management domain that can be applied to all existing and future cyber assets. There should also be clear coordination with IT on HR's role in employee access to systems, files, and data.

  • Automation is essential: HR's digital reach into the organization is such that automation will inevitably be needed. As an example, let's return to the case of employee offboarding. Especially with the current "great resignation," the multiple IT tickets generated by each offboarding can pile up and lead to backlogs that expose the company to unnecessary risk, unless automation is introduced to handle more of these HR-related processes and handle them more quickly.

These priorities underscore the pivotal role cyber-asset management plays at the nexus of HR and IT operations. Better adherence to common data standards, a rigorous cloud tagging schema, and other cyber-asset management basics can streamline and scale the ability for HR and IT teams to work seamlessly together. The result is more visibility and control, and a single source of truth around where and how HR and IT operations affect each other, a clarity that enhances the overall security of the enterprise.

About the Author(s)

Keith Neilson

Keith Neilson

Technical Evangelist, CloudSphere

As CloudSphere's Technical Evangelist, Keith Neilson is responsible for the company's analyst and cloud provider relationships and strategy with a focus on ensuring the wider market understands the business and technical value proposition of the CloudSphere platform. In addition to helping create collateral and messaging that supports the company's go-to-market, Keith ensures that customer use cases are documented back into the various internal teams to ensure product advancements are geared toward real world scenarios and contribute to the company's vision. Prior to CloudSphere, Keith held senior lead pre-sales engineering and management roles at Optibus, Cloudhouse, and Sourcebits with a successful reputation for creating and defining compelling product positioning, advocating product advancements internally, leading strategic partner & customer engagements and creating and executing GTM strategies that attributed to significant growth. He has a broad and strong multi-discipline skillset with a focus on cloud migration, modernization and management.

See more from Keith Neilson
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Mitre company logo
Cyberattacks & Data Breaches
Top MITRE ATT&CK Techniques and How to Defend Against ThemTop MITRE ATT&CK Techniques and How to Defend Against Them
byNate Nelson, Contributing Writer
Apr 10, 2024
4 Min Read
A medical professional wearing scrub attire clicking on a screen in front of her
Cyberattacks & Data Breaches
Round 2: Change Healthcare Targeted in Second Ransomware AttackRound 2: Change Healthcare Targeted in Second Ransomware Attack
byDark Reading Staff
Apr 8, 2024
2 Min Read
A magnifying glass being held up in front of the apple logo
Vulnerabilities & Threats
Apple Warns Users in 150 Countries of Mercenary Spyware AttacksApple Warns Users Targeted by Mercenary Spyware
byDark Reading Staff
Apr 11, 2024
1 Min Read
Reports
More Reports
White Papers
More Whitepapers
Events
More Events