Key Takeaways
- It’s something of a cliché to say that cloud infrastructure has revolutionized the way in which IT teams work, but when it comes to both security and network monitoring this is absolutely true.
- NetOps teams tend to build ways of making them faster, more accessible, and more connected. SecOps teams, on the other hand, operate under pressure to limit the number of successful attacks on these systems.
- If both teams can take a step back from their immediate operational priorities, they would see that they are not so different after all. Both teams are seeking to build and maintain a network that is both efficient and secure.
- Both teams need monitoring tools that are easy to share across remote teams, and not just between network and security teams, but also further afield.
- The process of building operational and technical alignment between network and security teams should be accompanied by work to align the culture of these teams and to promote a collaborative culture in your entire organization.
Sometimes it can seem like a new IT management paradigm arrives every week. First we had DevOps; then DevSecOps; now the most innovative organizations are talking about AIOps, and even NetAIOps. Yet what is often forgotten about in this rush to name new ways of working is that many of them have been in place in the best-run teams for decades, where opportunities for overlap are always being sought.
A great example of this is NetOps and SecOps, our focus in this article. Up until quite recently, most firms saw networking and security as two distinct fields of IT management. Now, though, it’s becoming acutely apparent that collaboration between these teams is going to be required, and that this represents the future of DevOps.
This is for a number of reasons. One of the most prominent is the continued rise of cloud models, and their diversification into multiple hybrid cloud paradigms. This means that both networking teams and security teams are already deploying similar tools when it comes to network monitoring. The problem is that in some firms each team is unaware of what the other is doing – that though DevOps principles are already being applied to networking, they are also leading to duplication of work, and wasted resources.
In this article, we’ll look at why bridging the gap between NetOps and SecOps is so important, the benefits of doing so, and how it can be done.
How the cloud changed the world
It’s something of a cliché to say that cloud infrastructure has revolutionized the way in which IT teams work, but when it comes to both security and network monitoring this is absolutely true. This is partially a consequence of the sheer scale of these systems, both within organizations and between them. A recent survey of 1,900 IT and security professionals found that 41% of organizations are running more of their workloads in public clouds when compared to just one quarter of respondents in 2019.
However, there are other emergent properties of cloud models that have forced a divergence between SecOps and NetOps. One of these is the increased need for agility in cloud systems, which has led to the development of NetOps tools which are able to map and re-configure networks on the fly, especially in response to changing consumer demand across smartphone apps.
Unfortunately, these adaptive networks have caused something of a nightmare for SecOps teams, and as a result mobile device security lags far behind mobile device provisioning. Similarly, even where both SecOps and NetOps teams share capabilities – when it comes to cloud storage monitoring, for instance – they have pulled in different directions.
NetOps teams, under pressure from higher management to improve the performance and security of cloud systems, tend to build ways of making them faster, more accessible, and more connected. An example is how most mobile devices now come equipped with cloud data loss prevention (DLP) tools to act as a security gateway between the devices and cloud applications.
SecOps teams, on the other hand, operate under pressure to limit the number of successful attacks on these systems. As a result, they tend to work in the opposite direction by making these same systems less connected, less accessible, and safer.
Similarities and differences
If you were designing the managerial structure for a software development firm from scratch today, it’s very unlikely that you would separate NetOps and SecOps in the first place. Seen from the perspective of 2021, many of the monitoring and visibility tools that both teams seek and use seem inherently similar.
Unfortunately, however, the historical development of many firms has not been that simple. Teams and remits are not designed from the ground up with rationality in mind – instead they emerge from a complex series of interactions and ever-changing priorities. This means that different teams often end up with their own priorities, and can come to believe that they are more important than those of other parts of your organization.
This is seen very clearly in the distinction between SecOps and NetOps teams in many firms. At the executive level, your network exists in order to facilitate connections – between systems and applications but above all between staff members. Yet for many NetOps teams, the network can come to be seen as an end in itself.
The same can be said of SecOps teams. Without an overview of the company as a whole, it can be difficult to see that the real threat posed by cyber threat actors is not a technical one, but rather a business one. It’s important to limit and mitigate cybersecurity incidents, in other words, because they can end up costing a firm millions of dollars, rather than because successful attacks hurt the pride of security engineers.
If both teams can take a step back from their immediate operational priorities, however, they would see that they are not so different after all. Both teams are seeking, ultimately, to build and maintain a network that is both efficient and secure. And by working more collaboratively, it’s possible to achieve this.
The benefits of unifying Netops and Secops
The ability to work toward genuine compromises in this regard is one of the advantages of unifying NetOps and SecOps teams, but there are also many others. At the most fundamental level, good communications between these teams – even if they are not formally merged – allows each to understand how their work fits within broader business priorities, and to avoid unnecessary friction of the type we’ve described above.
There are also a number of more practical, pragmatic benefits to unifying these teams, though. One is simply better network performance, because unifying these teams means that they can share network monitoring tools.
This reduces the number of tools that are running on your networks, and takes away computational resources from customer-facing systems. Reducing the need for network monitoring, or at least reducing the level of duplication in network monitoring, can therefore improve the performance of these networks.
Secondly, it’s likely that collaborative work will lead to more secure systems, because it allows for accelerated security incident detection and response. According to Toronto-based software developer Gary Stevens of Hosting Canada, the cloud in general is one of the most secure ways to store your data.
"More and more individuals and malicious groups are out there, trying to steal and sell your data," says Stevens. "Thankfully, due to so many protective services, the cloud is incredibly difficult to hack. Under the maintenance of a third-party administrator, users save data to an off-site, remote database storage system. The middle-man is the Internet, which serves as the connecting thread between you and the computer administrator."
Third, collaborative approaches can reduce the resources required to implement effective network monitoring and control, and therefore be much more cost efficient. This is particularly important for security teams, because in many organizations these teams find it difficult to justify spending on extra security tools that reduce risk, because they cannot point to definite performance or business gains. By linking these tools to the work of the networking team, a more business-friendly case for their necessity can be built.
Looking a little deeper, it’s also possible to see that all of these advantages also contribute to agility, and the ability to respond to dynamic business priorities. Because of this, the most valuable aspect of bringing together these teams, for most organizations, will not be in day-to-day management, but rather in the ease with which new business initiatives can be designed, implemented, and assessed.
Bridging the gap
Bringing together two teams which have traditionally worked independently can be a challenge. These include management issues that directly impact both teams, which stems from competing priorities as both teams are focused on different mandates.
However, there are a number of well-defined approaches for bringing the two teams together. One of the most detailed, tested, and trusted is the "Four Levels of Alignment" model that Gartner has defined in a number of recent reports on collaborative working. This model explores four ways in which teams can be brought into closer alignment, with each building on the last:
- At the most basic level, teams need to be made aware of each others’ activities, how they have emerged in relation to overarching business priorities, and how they will impact on the organization as a whole.
- Second, and building on this awareness, it’s possible to designate staff members in each team who can take a lead when it comes to coordinating activities between them. This can result in collaborative projects that don’t need the active participation of each and every team member, but which lay the groundwork for more collaborative approaches in the future.
- Third, teams should look at the monitoring and instrumentation tools they are using, and look to share these where possible. Not only does this cut down on the number of duplicate tools in use, but it can also catalyze collaboration by making sure that all teams are working from the same data.
- Finally, it’s possible to take shared instrumentation one step further, and invest in shared tools for both security and networking teams. While there will not always be a perfect overlap between the capabilities required by each team, in the average organization there will already exist a significant degree of overlap in this regard.
Setting the scene for collaboration
While the four levels of alignment we’ve outlined above can act as a great guide to building closer collaboration between NetOps and SecOps teams, making this collaboration a success can present real challenges. Because of this, firms looking to make this change will need to look at their systems and culture, and make sure they are fit for truly collaborative working.
At the most fundamental and practical level, this collaboration must be based on contextualized data. Though both SecOps and NetOps teams require access to different data, and will use these data in different ways, easy access to them can form the basis for a rich and productive collaborative process.
Indeed, seen from this perspective the issue is not one of collaboration at all, but rather network visibility. Both teams need:
- Monitoring tools that are easy to share across remote teams, and not just between network and security teams, but also further afield.
- Access in real-time to packet-level insights from both networks and cloud storage media, and
- The ability to make it simpler to share data via the pre-processing of traffic
Providing these tools not only sets the scene for collaboration, but it can allow them to develop without further managerial oversight and interference. Once teams understand that they are using the same tools, and drawing from the same data pool, it becomes obvious that they should be working together more closely, rather than limiting their activities to their own silos.
This is not to say that building such tools is easy. The way in which both network and security teams have developed can mean that the way in which they collect data can be very varied and complex in themselves. For this reason, it can be effective to deploy a small, dedicated team to develop shared ways of working, and then use this smaller team to catalyze broader processes of collaboration.
Building a collaborative culture
Data, as ever, is only one side of the story. You can deploy the most advanced data collection and processing tools in the world, but unless your teams are using them correctly they will be all but useless. The process of building operational and technical alignment between network and security teams should therefore be accompanied by work to align the culture of these teams, and to promote a collaborative culture in your entire organization.
This "cultural" work should consist of three parts. The first, and arguably the most important, is to ensure that teams are being trained together. Or, even better, setting in motion a process whereby teams can train each other on the tools they use. Cross-training of this type not only makes teams more efficient by allowing them to get the most out of the tools they use, but it also saves your organization money on external training budgets.
Secondly, teams should identify and formalize areas in which close collaboration is essential, rather than just desirable. This is important because these are the areas in which tension is also most likely to arise. For example, SecOps and NetOps should inform each other before significant changes are made to the network.
Third, automate everywhere that this makes sense. Automation is often thought about as a way of saving time, but this is not really the case. By spending less time completing repetitive tasks, your teams can spend more time thinking creatively about how best they can work together.
Conclusion
By bringing security and networking teams together, organizations can not only improve their cost efficiency, but also their ability to adapt to change. Indeed, collaborative approaches like this are increasingly important for improving security while providing top tier functionality.
In short, netops and secops can help each other overcome challenges, and NetSecOps collaboration can produce many positive results for business, whether this is in instrumenting the network for AIOps, or the longer-term evolutionary processes which affect all businesses.
About the Author
Sam Bocetta is a former security analyst, having spent the bulk of his as a network engineer for the Navy. He is now semi-retired, and educates the public about security and privacy technology. Much of Sam’s work involved penetration testing ballistic systems. He analyzed our networks looking for entry points, then created security-vulnerability assessments based on my findings. Further, he helped plan, manage, and execute sophisticated "ethical" hacking exercises to identify vulnerabilities and reduce the risk posture of enterprise systems used by the Navy (both on land and at sea). The bulk of his work focused on identifying and preventing application and network threats, lowering attack vector areas, removing vulnerabilities and general reporting. He was able to identify weak points and create new strategies which bolstered our networks against a range of cyber threats. Sam worked in close partnership with architects and developers to identify mitigating controls for vulnerabilities identified across applications and performed security assessments to emulate the tactics, techniques, and procedures of a variety of threats.