For years, the very definition of NetOps and SecOps has involved friction and even contentious relationships that make their respective jobs more difficult and lessen their efficiency and effectiveness. Much of this conflict originates from having charters that are seemingly in opposition to each other. At the surface, NetOps stands for connectivity, openness, speed and capacity. In contrast, SecOps comes across as binary opponents, posting for far too many regulations with segmented connectivity and a more or less closed or impaired environment.
The truth is, however, both groups have the same goals:
- Ensuring business operations and agility.
- Protecting resources.
The network is only important in its ability to connect users, systems, applications, information or data and other resources, ensuring effective business operations and agility. The network is means to an end, and not necessarily an end to itself. In a somewhat similar way, security is also not an end, but, rather, the means to an end. Security exists to protect these same users and resources. It’s all about the users and resources being able to run business operations effectively and with the agility and flexibility necessary to give it strategic advantages. Reflecting on this perspective may help NetOps and SecOps realize that they are not so far apart from each other.
Both NetOps and SecOps struggle with many of the same issues. Both are usually overworked and understaffed, responsible for critical components or aspects of business, face constantly changing environments and challenges and slowed by cumbersome processes and a lack of agility. Because of these things, NetOps and SecOps are largely in the same boat, sharing the same storm.
The lack of agility is a particularly important issue, as new technologies and techniques are constantly being developed that enable security teams to stay ahead of—or at least keep pace with—attackers. Motivated attackers tend to be far more innovative that defenders and can use anything at their disposal to accomplish their goals. Entire cybercriminal supply chains exist to provide attackers with applications, utilities, routines and even services to conduct their campaigns. These things can and will be used against defenders.
On the other hand, deploying a new security solution on the network is generally a long, involved, cumbersome process. Even changing solutions involves considerable effort. Sometimes the rules or process gets invented along the way, compounding the difficulties. Additions or changes to the network involve tedious review processes mostly dictated by NetOps. The NetOps team also faces some of these same difficulties in adding or changing network management or monitoring solutions.
While a careful review is warranted, current processes are too time-consuming and involved. One significant improvement can come from NetOps and SecOps coming together with an established and codified approach for network changes or additions. Getting issues out on the table for discussion is a great start. This means more collaboration and a joint learning cycle on short- and long-term organizational objectives. Both groups need to understand and appreciate the concerns of the other and realize their common ground. Prioritizing issues and agreeing on a fundamental set will ease the overall process, reduce unwarranted fear and antagonism, and eliminate much of the inventing the process on the fly.
An emerging approach seeks to establish a centralized deployment point for both networking and security solutions with pre-established rules agreed upon by both teams. Ideally, many of the concerns can be addressed or mitigated by hardware and software designed to enforce policies or rules, provide failover as necessary, prevent performance degradation or add to the attack surface. These can allow solutions to drop into the network while offering guarantees of performance or availability.
Streamlining deployment of shared management will result in much-needed agility and also boost efficiency and overall effectiveness. It will also lessen the typical tensions or outright opposition.
NetOps and SecOps are much closer to each other than either realizes. Their shared guardianship of users and resources can benefit from joint discussions, plans, tools and policies. Not only can they better accomplish their own charters of connecting and protecting while providing agility and flexibility, but they also can become far more efficient with their operations. They need each other, and their organizations need the vital contributions from both. As typically said in security jargon, “A chain is only as strong as its weakest link.” The new paradigm of security-driven networking is about preventing weak links through the collaboration and synergy between NetOps and SecOps.