The Unified IT Team: Bringing Network and Security Together
At the core of the modern enterprise is a need for dynamic digital infrastructure, and with that requirement comes a central tension. Within the IT team, even while achieving their intended tasks, network developers and security management stand to complicate each other’s goals and best practices.
The Need for a Cohesive IT Team
Consider the underlying value that each department seeks to create. A company’s network team envisions and builds its systems to leverage access and functionality for everyone on board. Meanwhile, security leadership seeks primarily to protect valuable company data and hardware. Both work within an expanding threat ecosystem.
A recent Identity Theft Resource Center (ITRC) report shows that there have already been more than 600 data breaches in the U.S. as of Oct. 20, 2015. Even more cases go unreported. The potential resulting data loss has a negative impact on a company’s ability to trade and can lead to regulatory penalties, the loss of customers and contracts and even lawsuits.
Preventing intrusion and data theft often comes down to limiting access and in some cases altering functionality to keep a network safe. It is a duality that neither network nor security is likely to escape. Business leadership faces the prospect of reshaping the network security conversation. As the following strategies illustrate, the goal is a unified, new-age IT team — one committed to reinventing the relationship at work and one that can produce both high functionality and vigorous data defenses.
Get to Know Your Counterpart
Building all-important bridges between network and security means identifying ways to create and reinforce real relationships between teams. As Network Computing recently noted, IT experts say bridge building can be as simple as taking your network or security counterpart out to lunch. Establishing a collegial and proactive working environment motivates security and network leadership to collaborate earlier and more effectively — starting from the sandbox stage of a project, for example, rather than waiting until ideas and implementation are set in stone.
Communicate Frankly About Asset Ownership
One of the points of tension that network and security teams often experience centers around the perception of asset ownership. On the security side, it might seem like network runs rampant during deployment, absorbing assets in pursuit of speed and flexibility. For network design and development, it could look like security wants to hold too many assets hostage for the sake of perimeter defense.
What helps alter these perceptions is a chance to leverage newly open relationships and create an agreed-upon map of how the company’s digital infrastructure is best aligned. When the IT team concurs on which elements require respectful requests in terms of both granting access and imposing limitations, ownership then approaches a shared dynamic, and project leaders are less likely to be surprised by the other side’s decisions.
Engage Early and Often Across the Project Life Cycle
Relationships and agreements foster stronger approaches to the existing network, but this strategy needs to account for expansion, as well. Furthermore, as TechRepublic noted, security deployment within a single company often comes with all manner of overlaps, redundancies and potential excess. The chance for both departments to assess systems from the sandbox stage forward provides security an opportunity to streamline defenses to exclude those elements. For networks at the sandbox stage, the discussions about access and protections can be vigorous without the fear of having to unwind or undo deployments already in place.
Within a company’s network and security teams lies an opportunity for proactive and progressive work. The double-edged sword is easy to describe — the need for networks to interact with the outside digital world alongside the need to enhance security against threats — but finding the best practices that surround a balanced approach takes time and careful relationship building.
With the above steps in mind, network and security can develop strategies that acknowledge the needs and dangers that both sides ultimately want to address as part of a unified IT team.