It's not surprising that network and security teams aren't always on the same page. After all, networks need to be fast and efficient, while security is about slowing things down and implementing extra steps to help meet security measures. While both teams are a part of the IT department, and need to work together in the event of a breach, each group has its own objectives and expectations. But when a data breach or security threat strikes, businesses need both teams working together to help get it fixed as soon as possible, especially as networks become more intricate.
"It's more important to get these two teams on the same page than it has ever been in the past. Enterprise networks are becoming more complex, and at the same time security issues are more common," says David Vigna, Cisco practice director at Softchoice.
One of the biggest reasons these two teams aren't known for strong communication and teamwork, according to Vigna, is their "conflicting goals." Network teams are focused on network availability and usability, while security teams are focused on potential risks and vulnerabilities. And security measures can often slow things down -- adding things like two step authentication, firewalls or other precautions that might hinder how fast networks can get up and running. So, for a team focused on speed and availability, security can often be seen as a roadblock in reaching those goals -- and vice versa.
"This becomes a problem when network professionals feel that security measures are red tape getting in the way of their processes, and security professionals feel that network team's expansion and development of complex architectures are opening up the system to potential attacks," says Vigna.
It's not that security isn't important to networking professionals, it's just that it isn't necessarily their focus. And the same goes for security pros. They don't want things to run slower or to create more steps for people, but it is their job to keep things as secure as possible. And as it becomes increasingly important for businesses to avoid any security breaches -- both teams will need to shift their priorities.
"In some cases, security may not be the highest operating priority of the team versus network latency, availability or other metrics. In addition, the security team may not gain real-time access to critical log information or telemetry that is crucial to threat analysis," says Eddie Schwartz, CISA, CISM, CISSP-ISSEP, PMP, board director of ISACA, chair of ISCACA's Cybersecurity Advisory Council and president of COO and WhiteOps, Inc.
The best solution to this problem? Start communicating, says Vigna. The time to communicate isn't after something bad has happened; it's before. "Both network and security teams should proactively reach out to one another and discuss trends and issues on a day-to-day basis in order to be prepared for the worst," he says.
Sign up for CIO Asia eNewsletters.