COVID-19 changed the world of work, and yet, more than a year into the pandemic, businesses are coming to terms with the implications this has for their IT security.
Some staff may be slowly returning to the office, but others are remaining solidly in work-from-home mode. A third group is taking a hybrid approach to their working week and splitting their hours between the two locations.
The result is a significant increase in the pressure being felt by both security operations (SecOps) and Network Operations (NetOps) teams. Rather than having to manage staff and resources within a secure, on-premise environment, they are being forced to extend this protection to multiple remote locations.
The result is that more of their time is being spent simply maintaining the infrastructures and keeping users connected and secure. When you add the extra challenges that come with an increasing volume of cyberattacks, the jobs become even more daunting.
A time for collaboration
To better respond to these types of situations, the SecOps and NetOps teams within growing numbers of organisations are seeing distinct benefits in undertaking closer collaboration. Rather than operating in closed silos, they are sharing data and insights to improve their responses across the board. The result is better performance and security for the entire organisation.
In some ways, this new collaborative approach can be likened to the situation that was common within organisations in years gone by. Then, network operations and security needs could be handled by a single IT operations team.
However, as organisations grew in both size and complexity, they began to split the workloads into specialised NetOps and SecOps. This siloing of operations allowed inefficiencies to flourish and encouraged a lack of communication.
The success of this new approach depends on complete mutual understanding and accountability. If each team can speak the same language and use the same tools and formats, it becomes increasingly easy to identify and respond to incidents. Because everything, from attack behaviour to problematic network activity, must cross the network, this data provides the perfect connective tissue for collaboration.
When network and security teams are siloed, their response times suffer. If the security operations or incident response team has to call or email the network or IT Ops team to get packet captures for an investigation, it can add hours or days to the process.
Attackers can then use that time to move laterally, establish persistence, and ultimately exfiltrate data, causing more damage.
Overcoming talent shortages
Another challenge being faced by many organisations is that it is becoming increasingly difficult to hire enough skilled staff to join existing NetOps and SecOps teams.
However, if both teams are using the same tools and workflows to troubleshoot performance issues, this creates a built-in backup plan. Often, the skills and tools required to diagnose network and app performance challenges are highly relevant to security. Training from within is a great way to beat the security skills shortage, but it only works if your teams are already on the same page and using the same tools and data sources.
There are also opportunities for cost savings. For example, if an organisation is paying for more than one packet capture tool to meet the needs of security operations and network operations tools, there’s a clear opportunity to consolidate.
Data sharing is also key for this new collaboration strategy to be effective. The benefits will include increased visibility and improved workflows. Using network data can also provide the resources to collaborate more effectively across infrastructure, network management and monitoring, and incident response.
Remote and hybrid work practices, together with an ongoing increase in cloud platform adoption, are here to stay. For this reason, the need for NetOps and SecOps teams to work together as a cohesive whole has never been more important.
Consider whether this is currently happening within your organisation.