Cybersecurity and Network Teams Clash: What Does That Cost Your Business?

shutterstock 739769911

Someone smart recently summed up the situation like this: “the network team’s job is to make sure every single packet is delivered. No exceptions. And my team’s job (cybersecurity) is to make sure some of those packets are never delivered. But we’re learning to live with each other.”

Many acknowledge that collaboration between network and cybersecurity teams is vital to an organization’s success, but tension between these teams isn’t new. And the dysfunction it causes has become alarmingly dangerous to businesses.

In a research report IDG published recently, 86% of survey respondents admitted to paying a high price for this dysfunction between network and cybersecurity teams. While the exact toll varied by respondent, the list of consequences for poor collaboration included:

  • Slow response to security events (34%)
  • Finger-pointing (33%)
  • Increase in security breaches/data loss (32%)
  • Loss of productivity (28%)
  • Service downtime (27%)
  • Inability to determine the root cause of security events (26%)
  • Increased costs (26%)

The current extent of this clash is worrying, given that downtime clocks in at a cost of millions of dollars per minute, and cybercrime can cost organizations 9-figure sums in damage. In today’s world, even one breach can take a massive toll on an organization.

“We've seen security escalate to a board-level focus,” CSO’s publisher, Bob Bragdon, confirmed. “These teams have to work together much more closely than they ever have before.”

However, as the research suggests, there’s a systemic problem. For example, the survey found 43% of network and 58% of cybersecurity professionals believe their counterparts lack a fundamental understanding of their role. Fewer than half of network and cybersecurity professionals believe there is a high level of trust among these two teams, and almost 62% of respondents to IDG’s recent survey feel their organization is less than fully equipped to handle future cybersecurity events.

Why is this happening?

One reason network & cybersecurity teams run into issues collaborating is the lines between their functions are confusingly blurry. For example, the survey found little consensus across the industry about which team should own network policy enforcement, proactive threat prevention and detection, and resolution of security events. What was clear was: the responsibilities are rarely shared. This lack of definition makes working environments ripe for duplicated–or, worse, fumbled–tasks.

Is there another way?

The payoff to collaboration is crystal clear. When network and cybersecurity teams are on the same page (i.e., more closely integrated), respondents point to benefits such as more efficient response to security events, improved security analytics capabilities, greater control of security technology, and more.

Among those who cited their network and cybersecurity teams do get along, there also is a common thread: equally complete network visibility, for both teams, breeds trust. This is because visibility enables teams to truly get on the same page about the network they’re both trying to protect, promotes transparency, and enables cross-team engagement.

‘Just let them have visibility, then?’

It’s not that simple. Only 37% of cybersecurity teams report actually having that complete network visibility, putting them both on an uneven playing field with their network colleagues and network threats.

One reason for this is the difficulty most teams have sharing that visibility, as they’re often occupied wrangling disparate solutions together to even manage them in the first place. For example, they spend valuable hours sending DNS logs back and forth.

It’s a common problem among organizations which don’t have an integrated, enterprise-worthy DNS, which is a missed opportunity given DNS data provides a critical signal into network activity.

In my experience, teams who overlook sharing DNS data are missing a piece to both the cybersecurity and network operations puzzles. This is confirmed by the survey, as respondents pointed specifically to the following benefits to streamlining their DNS: better network management and controls (37%), ability to mine DNS data for threats (35%), increased agility (29%), and increased automation (22%), among others.

Now what?

Operating and defending a network is about leveraging signals. However, and wherever, you can find them. If access to those signals is skewed between teams, your network is at risk.

A simple first step, while management irons out the problem of conflicting team objectives, is to grant teams equal access to the tools, resources, and signals they need to do their jobs. Otherwise, you’re crippling your network.

In the longer term, however, organizations need to more deeply integrate their network and cybersecurity operations. This may mean re-evaluating which department each operation is managed by, restructuring the way each team is evaluated, fundamentally reshaping how the two teams work together, or a combination of all these options.

About BlueCat

BlueCat is the Enterprise DNS Company™. The largest global enterprises trust BlueCat to provide the foundation for digital transformation strategies such as cloud migration, virtualization and cybersecurity. Our Enterprise DNS platform makes shared network visibility possible for cybersecurity and network teams, and improves control and compliance across entire networks. This allows organizations to centralize and automate DNS services for security and operational efficiency. For more information, please visit www.bluecatnetworks.com.


Copyright © 2018 IDG Communications, Inc.