By Pranav Kumar, Zscaler
It may seem that corporate network and security teams have worked at cross-purposes for decades now, but despite the never-ending conflicts, solutions abound. Traditionally, network teams are charged with facilitating and expanding a company’s tech reach and abilities, while security teams must ensure that all systems are safeguarded against hacking, theft, and an array of cybercrimes designed to wreak havoc on corporate infrastructure. How can a network team offer availability and creative expansion plans to clients on one hand, while security experts throw cold water on these same plans because of an array of potentially dangerous and expensive risks?
The result of these two opposing forces within the same company breeds the “silo” mentality—generally an unconscious self-defense mechanism undertaken by very conscientious employees who just want to do their job to the best of their ability. The silo stance translates into employees’ reluctance to share information with fellow employees working in different divisions within the same company. The outcome is reduced efficiency, client dissatisfaction, and damage to the corporate bottom line.
In a 2018 blog post by BlueCat, a company that focuses on digital transformation strategies such as cloud migration, virtualization, and security, the unnamed authors acknowledged that network and security are “notoriously siloed.” Network operations must deliver reliable service and identify and implement capabilities “to run the enterprise,” while security teams must set up “barriers against intruders and cleaning up systems that have been infected.” The authors pointed to the rise of cybersecurity threats as the reason why network and security teams cannot afford to simply coexist anymore. They must break “down the traditional wall separating network and security teams” to defend and protect the enterprise.
As it stands, each team employs different skillsets and missions: “one is expected to facilitate access…, the other is charged with blocking access to anybody who isn’t authorized. They utilize different tools and may work in separate network operations and security operations centers,” concluded the BlueCat authors.
Currently, many companies, large and small, have either wittingly or unwittingly established a kind of competition between divisions. When there’s competition in the same company, the winners and losers are recognized. One is triumphant, one is shamed. For instance, a network team may get a bigger budget to get out there and sell its idea of expansion at all costs. For those employees working on the security side of the transaction, if safeguarding a network translates into a retraction of expansion services that have already been paid for, the yin and the yang of the transaction could appear to be at odds.
When competition between network and security teams elevates to the point that one team thinks that the other team has won, the losing team may simply give up and not work in the clients’ best interest. If that happens, you can be sure that someone will remember the disconnect down the line and the hope of any repeat or referral business will simply evaporate.
If a security team purchases a product and the network team is forced to use it despite its choice of a preferred vendor, a rift could arise between both teams, and the entire project can fall prey to a slowdown. This eventually leads to the win/lose mindset among these teams, and on the next renewal, the network team could push to dispose of the product the security team procured and replace it with its own choice. This tug-of-war impacts the organization’s productivity and results in the two teams operating as separate organizations, even though they are part of one organization with a unified mission. This silo mentality will continue to derail the organization’s goals until the issues between the two divisions are resolved.
Making matters worse is that vendors know full well the rift that exists between network and security teams. They often use this knowledge to pit them against each other, or they’ll try to address the separate requirements of both teams, which adds to the disunity.
To bypass this treacherous trap of employees sabotaging the corporate culture and ultimately productivity, it is important to reduce the odds that exist in their stated job descriptions. One strategy that has proven to make some headway in promoting cooperation between network and security teams is making sure that the head of each division meets to establish umbrella goals—goals that define the corporate vision but recognize that the two teams must plan together to expand the technical horizons of the business while ensuring that the new systems are safe from the myriad threats in cyberspace.
Another strategy that facilitates cooperation and collaboration between the disparate teams is to encourage a cross-pollination of teams by working in the same physical space. If employees from different divisions are in close proximity, the likelihood of trust and better communication between them grows.
Management also can institute team-building exercises to concretely identify contrasting goals, followed by specific mitigations that could bridge the gap. Imagine an exercise that pits members of network and security teams in a situation where they must solve a problem borne out of the natural distinctions between each of their divisions. Despite having very different goals, connectivity between network and security teams is crucial. If the two teams can resolve some of their differences before they go full force ahead with clients, time will be saved in conflict resolution after the fact.
Some companies have “floaters,” or employees that are liaisons between various teams hired to clarify any misunderstanding that could impact corporate goals. BlueCat offered hope three years ago. The divergence between network and security teams’ range of responsibilities and missions is “akin to the silos that often separate application development and operations teams,” BlueCat authors wrote. “But, spurred on by the speed and scale of the web, many organizations have integrated these former silos into DevOps teams and processes that break down the barriers.”
How Bad Is The Disconnect?
In a DARKReading blog posted on May 5, the team of writers acknowledged that “networking and security teams often don't see eye to eye on many issues, and a significant number of professionals in each field refer to the relationship between them as dysfunctional and combative.”
The group pointed to a Netskope survey of a worldwide sample of 2,675 IT professionals. The results were mixed. Apparently, 49 percent of security teams and 44 percent of networking teams report to the same manager, but 37 percent of these pros said that the two teams really “don’t work together much.” Nearly half of each team used the words “combative,” “dysfunctional,” “frosty” or “irrelevant” to describe the relationship between the two teams.
As a result, the DARKReading team found that the lack of collaboration between network and security teams hinders the benefits of digital transformation.
Network and security teams may be like oil and vinegar, but with a proper shakeup of divisions, management, communication, and collaboration, the two teams can blend their talents, improve customer service to the enterprise and promote more seamless operations.
Proactive, consistent internal communication is key to producing an effective flow of information to disparate departments and reduce departmental and employee conflicts and misunderstandings. In the end, executive leadership has the power to shape the environment of their firm and establish a culture of cooperation and collaboration. If they don’t, productivity, efficiency, customer satisfaction, and ultimately profits, are at risk.
About The Author
Pranav Kumar is a senior technical account manager with Zscaler. He has 16 years of experience in security with experience in pre-sales, post-sales, designing, transition, and transformation of security projects. Fur further, please email firstname.lastname@example.org.