Network operations and security operations teams have never been the best of friends. The network team is driven by a mission to connect people, things, applications, and data. The security team follows a mantra of locking everything down. These fundamental purposes are at odds. As a result, these groups don’t often like or trust each other.
Despite this baseline conflict, network and security teams are converging. In our 2018 edition of our biannual Enterprise Network Management Megatrends report, Enterprise Management Associates (EMA) found that 91 percent of network operations teams have established formal collaboration with the security team. In fact, 40 percent of the 250 network managers we surveyed reported that they have fully converged network and security operations teams with shared tools and processes.
Full convergence is more common among small and midsized enterprises, where organizational silos are less common in IT. However, even large enterprises were somewhat likely to be fully converged (30 percent). Other enterprises maintain separate groups, but they’ve integrated some tools or deployed shared tools to support formal network and security collaboration.
(Image: maradon 333/Shutterstock)
Why should network managers befriend the security group?
There are a few reasons why network managers are aligning with the security team. Budget is a leading factor. Under pressure to reduce risk, enterprises are increasing overall security spending. When the network team aligns with the security group, it can potentially tap into that money.
Furthermore, network managers have a security mandate. When EMA asked network managers to identify the concepts that are becoming most important to measuring the success of their teams, security risk reduction was their top response, selected by 35 percent of respondents.
Security is also a service assurance issue. According to network managers, security incidents are the second most common root cause of complex IT service problems, trailing only network infrastructure problems. Security systems, such as firewalls blocking or throttling legitimate traffic, are the fourth leading cause of trouble.
How does this collaboration work?
The big collaboration opportunity appears to be in engineering, rather than operations. Infrastructure design and deployment is the most critical area where network managers are trying to work with the security group, according to 38 percent of network managers. Network teams recognize that they can reduce risk and assure better performance if they collaborate with the security team when designing and building networks.
Event and incident monitoring (31 percent) is the secondary priority, followed by incident response (27 percent), and change management (26 percent).
Network managers have three tools that best support this collaboration. Network performance monitoring (33 percent), advanced network analytics (32 percent), and network change and configuration management (31 percent) are the most important tools for convergence with the security group. Performance management and analytics tools, in particular, help network managers facilitate this partnership. They can diagnose service problems that are security-related. They can also uncover network activity that is indicative of malicious behavior, something the security team will find especially useful.
NetOps-SecOps convergence won’t be easy
Although these two groups are partnering, they aren’t a natural fit. The most difficult challenge to a successful partnership is the lack of defined processes and best practices for collaboration, according to 29 percent of network managers. In a way, these two groups need to create a new common language for working together. They need to define their common goals and the workflows for achieving those goals.
Another major road block is the divergence of goals (29 percent). The network team wants to connect everything. The security group wants to lock everything down. At first glance, there isn’t much common ground there. The network team needs to demonstrate that it can help the security team’s core mission. In particular, the network team has access to data that can be immensely valuable to security operations.
But that also leads us the third most common challenge to network and security partnerships. These teams lack a shared data set that is consistent, relevant, and current (24 percent). Tool sharing and tool integration will be a way to overcome this problem. A shared tool that analyzes one data set can provide the foundation for collaboration.
Network managers need to be open to an expanded partnership with the security group. It won’t be easy, but the potential benefits are compelling.