No need to fight
It's a familiar scenario: your security team wants-needs-to lock down part of your enterprise's network. And yet the network team resists you at every turn. Don't they understand that security is paramount? Do they want to get hacked?
But in fact, they're feeling just as frustrated as you are. Just as you're being yelled at to make sure the network is safe, they're being yelled at to make sure the network is available and traffic is flowing quickly.
In truth, your security team has a lot to learn from the networking team about how to keep the whole organization running smoothly. We spoke to networking experts to find out what they most wanted security pros to know.
Much of the fighting between network and security teams arises when groups with different priorities are assigned responsibilities for the same corporate turf. "For network access security, the administration of a policy management or AAA solution usually falls to the network team," says Trent Fierro, director of security and software solutions marketing atAruba, a Hewlett Packard Enterprise company. "The security team is usually responsible for what happens on the endpoints, though, so there's an immediate disconnect. The desktop team may also be involved in cases where BYOD is involved. This becomes very challenging when the discussion turns to agents, passwords versus certificates, and firewall rules."
Follow their lead on automation
One key thing security teams can learn from networking staffers is their use of automation to keep things running smoothly. "Network people have gotten very good at keeping their company's systems up," says Joe Schorr, director of advanced security solutions at Bomgar. "Stuff doesn't go down so much anymore because network people got very good at operational work. Security should look a lot like a boring network operation: No red lights flashing, no alarms, but done very, very well, pulling the kettle off before it boils. I know when I'm in a good security shop because everything is automated."
To avoid conflict, network and security teams need to map out their roles and goals from the beginning of a project. "Because there are potentially many groups involved, our suggestion is that all of these teams need to engage early in any discussions," says Aruba's Fierro. "All of our deployment advice suggests mapping out roles, expected privileges, what happens with good and bad authentications, and so on."
Chris Pogue, senior vice president of Cyber Threat Analysis at Nuix, says mutual engagement should begin even earlier, during the staffing process. "Hire security staff with production IT, networking, or programming experience so that they can talk on an equal level with IT," he says. "Their different skills may actually help solve problems more quickly for IT, leading to additional trust and shared interest in projects."
Sign up for CIO Asia eNewsletters.