maxkabakov - Fotolia
Network infrastructure teams and information security staff are breaking down the silos that once separated them -- but the process is not easy.
Nearly 90% of IT organizations reported that collaboration between their network and security teams has increased over the last two years, according to Enterprise Management Associates' (EMA) Network Management Megatrends 2020 report, which is based on a survey of 350 North American and European network operations professionals.
And this collaboration is not ad hoc. More than 60% of companies have formalized partnerships between the two sides, either by converging the groups or establishing shared tools and business processes. Moreover, EMA found that strong network and security partnerships are a best practice.
Network teams that have formalized NetSecOps collaboration are more likely to be more successful with network operations in general. Network teams with formal security partnerships also said they spend less time on reactive troubleshooting and more time on proactive problem prevention.
Improving performance and reducing risk
From the network team's perspective, four main elements are driving this collaboration between network and security teams. Foremost, NetOps-SecOps partnerships can improve network performance.
Security systems are a frequent drag on network performance. An inline security appliance with poorly designed policies and controls can easily block critical business traffic. That same appliance can also become a bottleneck if traffic growth overwhelms it.
Furthermore, security breaches and attacks often present themselves as a network performance problem. A distributed denial-of-service attack can crash an e-commerce application, or an infected host might overwhelm the internal network with malicious traffic. By partnering with their security peers, the network team can prevent or respond quickly to these issues.
The second driver for a NetOps-SecOps partnership is risk reduction. Working together, these teams can integrate network and security architectures and improve operational visibility by sharing tools or data and building networks that are high performing and highly secure.
Finally, these partnerships also enable accelerated security incident response and operational cost efficiency. Shared tools can facilitate both these drivers by giving both teams a common view of the IT environment and by consolidating costs.
Roadblocks to NetSecOps partnerships
Network and security teams are not natural allies. The network team's mission is to connect people and devices to applications and data. The security team has the opposite mission, limiting access as much as possible. When EMA asked network managers to identify their top challenges to partnering with the security team, conflicts over these divergent goals emerged as the biggest problem.
Cross-team skill gaps are the second biggest challenge to these alliances. The two groups simply don't understand each other's tools, processes and technologies. Remediation of this issue will require training and hands-on experience.
Next, the tools that each group use are not well suited for collaboration. For instance, network operations tools lack workflows and presentations of data that are meaningful and useful to the security team, and vice versa.
EMA has seen unfortunate examples of network operations tool vendors introducing discrete security products that are based on their network operations services. These security analytics tools have DNA in common with the vendors' network operations tools, but they are not integrated.
Vendors create these siloed tools because security teams are not interested in buying a network operations tool. They want their own products. However, if these vendors could integrate the data stores and workflows between their discrete network and security products, NetSecOps collaboration would be better served.
Finally, ownership of data is a major roadblock. Each team jealously guards the data it extracts from the IT environment. For instance, the security team might distrust the network team's ability to protect its data from malicious activity. The network team might worry the security team will make unintended changes to its data, which will affect the operations team's ability to troubleshoot performance or manage capacity. Each team should put controls in place to build trust around data because they will need to share it one way or another if they're going to work together.
EMA believes NetSecOps partnerships will continue to be an important project for IT organizations, especially as enterprises embrace new technologies. Cloud computing, mobility, IoT and other digital initiatives present significant challenges to both teams around control and visibility. By working together, network and security teams can improve their chances of managing this change.