An Impossible Dream? Where Is the Windmill?

December 1, 2021

Cyberattacks are only growing in frequency, sophistication, and ROI for hackers. We know most companies need to do a better job at protecting themselves, but what will make the difference? Perhaps the problem lies in the gaps between departments. Network World suggests “3 Steps to Better Collaboration Between Networking and Security Pros.” IT Research firm Enterprise Management Associates finds many companies recognize the need for these departments to work more closely but are having trouble effectively bringing them together. The article identifies four key challenges: separate data silos, skill and knowledge differences between the teams, architectural complexity and, surprise, lack of funding. Writer Shamus McGillicuddy suggests three solutions. The first is to create common data repositories:

“The first priority is to establish a shared data repository that both teams can rely on for a common view of the network. In many companies, security teams are constantly requesting data from the network team when conducting investigations. If that’s the case, the network team should identify the data that security teams frequently request and establish repositories that are accessible to them. … network teams and security teams should centralize packet-capture infrastructure as much as possible so that both teams have a common record of raw traffic data.”

The catch—this change may require updates to data stores, which means spending some dough. Then there is the issue of training staff to better understand each other. McGillicuddy suggests it is up to management, not the teams themselves, to identify the necessary know-how:

“Leadership should recognize how skills gaps are undermine NetSecOps partnerships and lead from the top to close those gaps. Also, network infrastructure professionals are usually quite knowledgeable about network security concepts. They can bring that to bear as much as possible to find common ground with the security team.”

Again, companies must be willing to allocate funds to this endeavor. Finally, architecture should be simplified. The write-up stresses:

“If complexity is getting in the way, the network team should kill complexity and modernize legacy architecture as much as possible. One option is to adopt automation solutions that abstract complexity. And as they move into new environments like the cloud and work-from-anywhere, they should design for simplicity as much as possible.”

This step might be the most costly of the three, especially if legacy systems must be overhauled. All told, companies can be looking at a significant investment to establish harmony between their networking and security departments. The alternative, though, may be to risk a much more costly (and embarrassing) data breach in the future.

Cynthia Murrell, December 1, 2021

Written by Stephen E. Arnold · Filed Under Management, News, Security

Comments

Comments are closed.

Search the site
Subscribe to Beyond Search
Feature archive
News archive

Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.