Network and security teams may have different goals and objectives, but as networks grow more complex, it’s time to get these two teams on the same page.
It’s not surprising that network and security teams aren’t always on the same page. After all, networks need to be fast and efficient, while security is about slowing things down and implementing extra steps to help meet security measures. But when a data breach or security threat strikes, businesses need both teams working together to help get it fixed as soon as possible, especially as networks become more intricate.
Conflicting goals
One of the biggest reasons these two teams aren’t known for strong communication and teamwork, according to David Vigna, Practice Director, Softchoice, is their “conflicting goals.” Network teams are focused on network availability and usability, while security teams are focused on potential risks and vulnerabilities. And security measures can often slow things down – adding things like two step authentication, firewalls or other precautions that might hinder how fast networks can get up and running. So, for a team focused on speed and availability, security can often be seen as a roadblock in reaching those goals – and vice versa.
It’s not that security isn’t important to networking professionals, it’s just that it isn’t necessarily their focus. And the same goes for security pros. They don’t want things to run slower or to create more steps for people, but it is their job to keep things as secure as possible. And as it becomes increasingly important for businesses to avoid any security breaches – both teams will need to shift their priorities.
Build communication
The best solution to this problem? Start communicating, says Vigna. The time to communicate isn’t after something bad has happened – it should be before.
“Both network and security teams should also proactively reach out to one another and discuss trends and issues on a day-to-day basis in order to be prepared for the worst,” says Eddie Schwartz, Board Director and Chair, ISACA.
That means, when embarking on new projects, get both teams in on the conversation. At the very least, Vigna says network teams should be proactive in giving security workers a heads-up about new projects. He suggests inviting security professionals into the early concept stages, to give input where they might find security issues before any time, money or energy is invested by the network team. Similarly, he says security teams should be “consistently responsive in sending risk assessments to network teams.”
Hire the right people
Hiring the right tech workers might seem obvious, but if you want your network and security teams to get along, include it in your hiring process. While network and security professionals have different skillsets, you can still emphasise during the interview process that you encourage collaboration between the two teams, so they come in knowing what to expect.
If you know you’ll need someone who can be flexible and open with other IT teams, find people with well-rounded backgrounds who express an openness to the changing landscape of IT. You might even find network professionals emerge with security skills, says Vigna, especially as networks become more complex, which increases potential risks.
Schwartz also points to the CIO as a guidepost for the rest of the department. As the CIO, he says, you need to encourage both teams to understand one another’s priorities and goals. You can’t expect your teams to understand how they can help one another if they don’t even know how the other operates on a day-to-day basis.
“It’s important for IT leaders to see these departments as part of one larger team, rather than separate factions. Though some organisations are quick to see their security teams as supplements to the IT department, IT leaders need to fully integrate security teams,” says Vigna .