Network and Security Operations Convergence: A Mini-Case Study
Bringing network and security ops under one roof is translating into more efficiency and increased security for IT management and consulting firm AMERICAN SYSTEMS
By Joan Goodchild , Senior Editor
November 15, 2009 — CSO —
Until very recently the network and security operations for AMERICAN SYSTEMS, a Virginia-based IT management and consulting firm, were two distinct and separate entities. But the company's CIO, Brian Neely, was looking for a way to centralize their IT tools and streamline event correlation, performance monitoring and security information management. Redundancies among engineers working in both centers also prompted AMERICAN SYSTEMS to look for more efficiency.
CSO spoke with Neely about the process of bringing their NOC and SOC together, and how other organizations considering convergence might learn from their experience. (For more on the topic, see Efficiency Through NOC/SOC Convergence.)
CSO: What was the status of your network operations and your security operations before you began your convergence efforts?
Brian Neely, CIO of AMERICAN SYSTEMS: We operated under a siloed approach and worked primarily with point solutions for security, performance and event monitoring. We have a relatively small staff and require all of our engineers to multi-task; meaning that the monitoring of network and security operations, and respective response, diagnosis, investigation and reporting functions, are typically performed by the same engineers.
Why did you want to make changes to a more converged approach?
In the end, it's about IT service reliability, integrity and protection—how do we remove barriers, extend controls and leverage processes to improve IT responsiveness and reduce costs and risks.
To obtain our IT objectives for improved security information management capabilities, event correlation, and performance monitoring, we needed to move forward with a single, integrated point-of-contact for all network and security events.
Also new challenges were emerging at an accelerating rate, from the sophisticated security threats, to increased demands from our business functions to deliver and manage better service levels. Therefore we needed to be more proactive at all fronts to ensure higher availability, improved security, and increased data confidence.
We wanted to centralize instrumentation and have the means to extend operational controls. This required a solution that would integrate IT governance, risk and compliance management functionality. With our audit requirements, we needed to advance to a solution where rules and reports could be mapped to our management frameworks (CobIT, ITIL) and compliance best practices (SOX).
Prior to convergence, had the company purposely separated security and network ops?
We had our security and network operations logically separated. I wanted our security people to have security as their primary focus, without distraction. Now they're co-located, and work hand-in-hand. Experience and knowledge is extended across three different tiers in the infrastructure services group. There have been no issues or negative feedback.