william87 - Fotolia

Manage Learn to apply best practices and optimize your operations.

Blended IT and security operations: Where's the balance?

There are benefits to eliminating the distance between IT and security operations. But there are challenges as well.

Businesses are moving to distributed and in many cases highly virtualized operating models. This means their IT organizations are forced to rethink their approaches to managing what can be -- even in a relatively small business -- a sprawling infrastructure. At the same time, IT is under pressure to deliver a highly available network that offers a consistent level of service protected with ironclad security.

Meeting these expectations can be an extreme challenge in what are often expansive environments with no perimeter. And, of course, organizations are being pressed by tight budgets to do more with fewer resources.

As a result, enterprises are finding new efficiencies and refining processes to get a clearer perspective on all the elements that may impact IT performance, availability and security operations. In some quarters, this means a push to manage IT environments more holistically by combining data from previously separate domains such as IT operations and security. Malware, for example, can hamstring not just the performance of the targeted computer but other systems on the network. Additionally, a distributed denial of service attack can cripple the network as it floods the server -- and the network to which it is connected -- with malicious traffic.

The aim is to leverage information collected from multiple data sources to get a rapid, more accurate picture about the issues affecting both the security and performance of an environment. Of course, what sounds good in theory is not necessarily practical to implement for technical and other reasons. That said, the need to improve efficiencies and accuracy -- eased by the introduction of some important technical advances -- could make this kind of integrated approach achievable.

Concept into reality, after some false starts

Security's convergence with other IT sectors became the next hot thing years ago, with vendors touting their ability to correlate IT operations data with security incident information.

Yet the reality was different. Implementation was complicated by a number of issues, not the least of which was that IT and security operations personnel worked in discrete organizations and typically didn't actively share information. What's more, some of the data was difficult to correlate and most organizations seemed to continue the status quo of keeping security cordoned off from other aspects of IT management.

The aim is to leverage information collected from multiple data sources to get a more accurate picture about the issues affecting both security and performance.

Fast forward to 2014, which brought a host of technologies designed to pave the way to corroborate data across multiple IT domains. Automation and the development of expert systems -- such as Co3 Systems' Incident Response Management System -- make it possible to understand issues and respond to them more quickly. Finally, analytics have come a long way, enabling IT teams to identify critical incidents rapidly.

Large vendors, meanwhile, including Cisco, HP and Microsoft, tout the advantage of integrating security and IT operations data to get better insights into the conditions across the IT infrastructure. Some vendors are also identifying ways to merge previously separate functions, such as physical and logical security, within a single domain. For example, key cards can be used to unlock a door as one level of authentication and can be used as part of a multi-factor authentication access control.

Benefits (and risks) of integrating operations

An integrated strategy around IT and security management is attractive, but don't forget to consider the potential downsides and risks. First, some very complex elements are associated with changing the organizational structure to one that encourages IT and security professionals to work in tandem. Second, the security risk that comes with removing some of the separations of duties is real. Simply put, no organization should have its IT ops team dictating security controls or its security professionals controlling operational functions.

As analytics and other important elements associated with security operations and IT operations continue to advance, there lies a greater opportunity for convergence. Information sharing is critical but so is maintaining an appropriate concentration in a particular area of expertise. For administrators and executives, divining this balance essentially becomes a question of how to strike the right balance between collaboration and control. This is not a one-off challenge but rather an ongoing set of practices and policies that will keep separate domains working together while retaining their own level of autonomy and focus.

Next Steps

Honing your job skills

Separating duties for efficiency

This was last published in November 2014

Dig Deeper on Network management software and network analytics

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Have you employed technology aimed at integrating IT operations and security?
My belief is that it's not only technology that will bring the teams and processes together, but better communication.