Merging Information Security and Enterprise Architecture organizations

I have had a few recent conversations with CISOs that tell me that they have merged the security organization with their company’s EA groups. The CISO (or equivalent) and Head of EA both report into one person who then reports to the CIO. The most popular reason: Both EA and Information Security are at their core, policy and governance functions. It is more efficient (and natural) that these organizations sit together/report through the same line.
Other reasons include the growing importance of data security architecture as a key component of an overall enterprise IT architecture. The importance of identity management architecture to success of SaaS and SoA is cited as another reason.

In the 8-10 companies I have spoken with so far, there is no trend in terms of the which group is considered more ‘senior’. However, one thing that is common is that the security organizations in these companies handed off all operational responsibilities to their IT operations group (such as account administration or monitoring). It is the ‘pure’ policy, risk assessment, governance functions that have then merged with EA.

Talking with research analysts for the Enterprise Architecture Executive Council (EAEC), they don’t report seeing an organizational change per se, but do see increased collaboration between EA and IS – more so than in the past years. Good to hear that security is increasingly being built-in to enterprise architectures and not just considered a bolt-on…

Advertisements
Explore posts in the same categories: Uncategorized

One Comment on “Merging Information Security and Enterprise Architecture organizations”

  1. Jeremy Bergsman Says:

    It will be interesting to follow the internal organizational structures where these functions have merged. Will there be an “Assistant CISO” and an “Assistant Enterprise Architect”, running essentially separate functions and reporting up to one person below the CIO? Or–more interestingly–how will these organizations merge?


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: