m@ksim.pro
Back to all posts
Security 2 min read

Data, IT, and security cannot be separated

Why splitting these three areas across different teams turns any technology project into a quiet source of hidden risk.

In most companies, these three areas live in different rooms. Data sits with analytics and BI. IT sits with sysadmins and integrators. Security sits in a separate office that says "no" more often than "yes".

That is convenient for an org chart. It is almost always bad for the result.

Why the split is artificial

Any system that has a real purpose has all three layers at once:

  • who uses it and why - the problem and the users;
  • what data lives in it and moves through it - the content;
  • what risks it creates - the accountability.

These layers cannot be separated. You can pretend they are independent, and then any mistake in one layer leaks quietly into the others.

Stories where the split bites back

Story 1. Analysts build a polished report. Nobody stops to consider that the source contains personal information. The report ends up in a shared folder. Six months later it surfaces during an audit.

Story 2. IT rolls out a new system. It is convenient, fast, modern. A year later it turns out that auditing what it does is impossible: there are no logs, or they are wiped after a week.

Story 3. Security imposes "deny by default". As a result, analysts copy the data to their laptops because they cannot work otherwise. Security improved on paper. It dropped in reality.

In each of those stories, the problem is not in one of the departments. The problem is the absence of a shared language between them.

What "do not separate" really means

"Do not separate" does not mean one person does everything. It means that every serious decision has all three perspectives in the room:

  • "what does this do for the business";
  • "what happens to the data";
  • "what risks are created, and who owns them".

These questions have to be asked together, in the same conversation. Not sequentially. Not in different meetings. Not in different departments.

Where this matters most right now

Any AI assistant or LLM project amplifies all three layers at once:

  • data starts moving through new perimeters;
  • IT infrastructure becomes more complex;
  • the risks of leaks, hallucinations, and uncontrolled decisions go up.

The traditional "let's pilot first and think about data and security later" approach turns into problems that surface after people are already using the solution.

A simple principle

In a technology project that has a chance of lasting, there should be a person, or a team, for whom data, IT, and security are one problem - not three different contracts. Otherwise the risks just move to the place where you cannot see them.

Back to all posts
Contact

If this resonated, write to me. I reply personally.

m@ksim.pro