In this article, Chiara Regale, Vice President of Product and User Experience, Forward Networks, discusses the need for true collaboration between NetOps and SecOps for better corporate security.
“Alone we can do so little; together we can do so much.” –Helen Keller
Perhaps one of the most crucial technology lessons of the global pandemic is that enterprise networks truly are the backbone of successful business operations. That is clear from the rise in and widespread acceptance of remote working, the increase in remote business transactions, and the paramount importance of minimized network disruptions. Without the network – work stops, and the customer experience is degraded.
Success in secure, uninterrupted network operations requires a current, detailed and holistic view of the network shared by NetOps and SecOps teams, so they are seamlessly integrated and working closely together for the protection and improvement of the business. To do so, they need a “single source of truth”—that details device topology and configuration along with network behavior and state.
Over a decade ago, John Chambers famously said that “the network is the business.” That couldn’t be more true today.
The pandemic turned corporate behavior on its head in an instant. Not only were all of our employees remote, but so were our customers, suppliers, and partners. Without the network, we could not communicate, collaborate, make informed decisions, or transact business. This way of working is our “new normal,” and IT needs to support it. Cyber threats pose an even greater threat than ever before, and a network outage is akin to closing the doors and sending employees home until it’s repaired.
Effectively combating cyber threats in our “new normal” requires enterprise NetOps and SecOps teams to work more closely than ever. Yet, according to a recent ESG survey, 44 percent of cybersecurity and IT professionals find it challenging to work together. Several factors contribute to the friction, including issues with reporting structures, budgetary conflicts, tools that do not adequately integrate, compliance issues, and lack of skilled workers on both teams.
The question, then, is how to develop an enterprise environment in which NetOps and SecOps teams work together to create optimal network security visibility.
How to Work Together
Despite that NetOps and SecOps are both tasked with protecting network health, they address infrastructure and security policy issues in separate workflows. The primary mission of IT teams is to deliver an efficient, engaging employee experience and ensure an agile, frictionless customer experience. Meanwhile, security teams are focused on protecting assets while ensuring that employees, customers and others on the network don’t make mistakes or forget things that create security issues.
Fifty-eight percent of the respondents in an ESG survey said that making sure that the security staff is included in all IT projects from the beginning would be most impactful for improving the working relationship between security and IT teams. Thirty-eight percent said embedding cybersecurity staff within functional technology groups would help, and thirty-six percent said increasing cybersecurity training for all IT staff would enable better teamwork.
At the end of the day, both NetOps and SecOps depend on the same basic information to accomplish their goals. Both teams need instant, unfettered access to the current data presented in an easily consumed manner. Both teams need to build and maintain an efficient and secure network, and both teams need monitoring tools that are easy to share across remote teams.
It’s doubtful any networking professional would disagree with the importance of collaboration as highlighted by these stats, but almost none of them are working this way. The reason is simple, as threats and issues evolved, vendors jumped in to address single issues, much like treating a symptom instead of a disease. Most teams would be overjoyed to have a single shared source of truth – but think it’s unattainable.
Likewise, the process of building operational and technical alignment between network and security teams should be accompanied by developing a collaborative culture throughout the entire organization. In fact, when asked about the most stressful aspect of cybersecurity jobs, 32 percent – the largest margin – cited IT initiatives that were started by other teams within the organization without security oversight, and 24 percent said that keeping up with the security needs of new IT initiatives caused the most stress.
The Path to True Collaboration
What is clearly needed is for NetOps and SecOps to collaborate from the beginning of the network development process to ensure visibility across the network and the effective security of that network. Accomplishing those goals requires the ability to check for policy violations and remediate them before there’s a problem, which requires a single source of network truth and the ability to continuously check for non-compliance so issues can be quickly identified and resolved.
Providing a single source of truth for both the network and the security operations centers ensures that both teams can deliver business value faster by eliminating the need to request and share information via phone or email. Instead, both teams can access always-current information on network behavior, security posture and topology.
As such, network operations engineers gain quick, easy access to network insights to improve troubleshooting, reduce outages and enable IT teams to deliver more applications without increasing staff. Meanwhile, security engineers tasked with remediating or preventing events now have up-to-date information on traffic paths availability or isolation, device connectivity and the ability to track network configuration changes that may have created a vulnerability.
While enterprise networks will continue to be heavily impacted by remote work initiatives and increasing cyberattacks, companies that foster and ensure collaboration between NetOps and SecOps teams will benefit from more secure, cost-effective, and efficient networks.