As a C-level executive, one of your technological responsibilities may involve managing the delicate balance between security and network utility and openness. Today’s markets often favor those companies that embrace new digital business initiatives that can transform the way they perceive, plan, work and respond. These typically involve a greater level of connectivity between companies, partners and customers, and new levels of transparency and collaboration. Such virtues are, in essence, enabled by the opposite of security.
At the same time, stakes are increasingly higher for data breach losses and privacy violations, theft of company secrets or intellectual property, and ransomware or other attacks that bring corporate operations to a screeching stop. Security is more difficult and complex, as perimeter security is no longer enough and the corporate network ceases to be something that is in one physical location.
There has always been significant asymmetry between security operations (SecOps) and networking operations (NetOps) teams and the priorities and initiatives of each within companies, but today, establishing the right balance could not be more imperative. NetOps has been about access and tight dependencies on traditional operational support system (OSS) processes, whereas SecOps has been about the polar opposite: protection or control. In some ways, executives are caught between a rock and a hard place. While there is increased interest and acceptance of both sides working more closely to produce the best result for the business, the task is still complex and fundamentally one of putting together two opposites.
Technology has been a prime contributor to this tension, but recent advances in technology may also help solve or soften the issues. One advancement is the sharing of common infrastructure that can accomplish the objectives of SecOps and NetOps. Generally, today, security teams have their own equipment and applications, and networking has its own. The network itself is something both deal with, but NetOps teams usually own the means to access the network and SecOps teams own the means to apply non-utility measures to the traffic on the network. There is distinctly a “your stuff” and “my stuff” delineation.
New technologies are enabling networking and security to join together through platforms and processes that serve both. The primary contention between SecOps and NetOps is protection and control that safeguards users, data, systems and infrastructure while not preventing business-necessary access and the performance and reliability of the network. For example, at Niagara Networks, our intelligent cross-connect platform is designed to ensure carrier-level performance, availability, reliability and scalability of the network while enabling new access to network traffic for network security solutions to monitor for attacks and curtail them. It’s designed for the needs of both NetOps and SecOps.
Sharing a vital infrastructure component not only enables policies and decisions that serve NetOps and SecOps, but it also expedites notoriously time-consuming and typically difficult processes to consider, review and approve new or different security solutions. SecOp teams have been disadvantaged by falling behind in their ability to deploy the latest technological advancements that can counter the technology and tactics that attackers quickly embrace. Adding something new or changing an existing security solution on the network has involved extensive and often cumbersome approval processes with the NetOps team. NetOps wants to ensure that a new or different solution will not disrupt the network in any way. NetOps also needs a way of deploying new or on-demand network monitoring or troubleshooting solutions.
In a way, a common platform for NetOps and SecOps creates a deployment point that has some preapproval from NetOps in meeting various requirements and allows other issues to be readily decided. Security can start to gain leverage over attackers by staying up to date or even ahead of new types of attack activities. Before applying any of these new technologies to help ensure network health, however, there are four insights to consider for success:
• Technology needs to be accompanied by communication. Holding a series of one-on-one and group meetings before, during and after deployment of a new joint platform for NetOps and SecOps is helpful to ensure success and produce real change. Start with jointly clarifying the goals of the respective groups and acknowledging the problems and frustrations. Also, discuss current and future goals and changes. Listening to and acknowledging each group’s position is important. From there, form a plan for addressing the joint challenges and problems. This involves a new platform, but also calls for new processes, methods of communication and evaluation, and future planning.
• The communications process must come first. Identify the goals and demands for NetOps and for SecOps. Sometimes these are well known. But surprisingly, in many cases, they are not clearly defined. This lack of clarity helps explain why the process to approve network deployments is often so difficult. Without firmly established goals and parameters, decisions are often contemplated on the fly. Start by clearly defining these.
• Realize that NetOps and SecOps may not be as far apart as assumed. Certainly, each has a very different role and set of objectives, but there is also a middle ground that is often not recognized. Understanding common ground is an important factor for success.
• Joint planning and process development are essential. Technology can help alleviate problems by creating far more efficiency. When these improvements are coupled with communications, new processes, joint plans and ongoing dialog and evaluation, both teams can benefit.
By establishing a common point between NetOps and SecOps that serves the purposes of both, teams can work together in a streamlined fashion to make smart, productive decisions that best serve the company. Streamlining the process not only saves time and work, but it enables a level of agility that was previously lacking in security. Creating new means to come together and make decisions in an effective, efficient way aids both groups and enables them to focus on more proactive and strategic measures.
